HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm

Abstract The internet network is mostly victimized to the Distributed Denial of Service (DDOS) attack, which is one that intentionally occupies the computing resources and bandwidth in order to deny that services to potential users. The attack scenario is to flood the packets immensely. If the attack source is single, then the attack is referred as denial of service (DOS) and if attack is sourced from divergent servers, then it is referred as DDOS. Over a decade many of the researchers considered the detection and prevention of DDOS attack as research objective and succeeded to deliver few significant DDOS detection and prevention strategies. How fast and early detection of DDOS attack is done in streaming network transactions is still a significant research objective in present level of internet usage. Unfortunately the current benchmarking DDOS attack detection strategies are failing to justify the objective called “fast and early detection of DDOS attack”. In order to this, in this paper we devised a Bio-Inspired Anomaly based application layer DDoS attack (App-DDOS Attack) detection that is in the aim of achieving fast and early detection. The proposed model is a bio-inspired bat algorithm that used to achieve the fast and early detection of the App-DDOS by HTTP flood. The experiments were carried out on bench marking CAIDA dataset and the results delivered are boosting the significance of the proposed model to achieve the objective of the paper.

[1]  M. Vijayalakshmi,et al.  IP traceback system for network and application layer attacks , 2012, 2012 International Conference on Recent Trends in Information Technology.

[2]  Jie Yu,et al.  A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks , 2007, International Conference on Networking and Services (ICNS '07).

[3]  Shunzheng Yu,et al.  A Novel Model for Detecting Application Layer DDoS Attacks , 2006, First International Multi-Symposiums on Computer and Computational Sciences (IMSCCS'06).

[4]  Seung Yeob Nam,et al.  Memory-Efficient IP Filtering for Countering DDoS Attacks , 2009, APNOMS.

[5]  Hironao Takahashi,et al.  Foundation of Semantic Rule Engine to Protect Web Application Attacks , 2011, 2011 Tenth International Symposium on Autonomous Decentralized Systems.

[6]  Mayank Agarwal,et al.  Mitigating denial of service attack using CAPTCHA mechanism , 2011, ICWET.

[7]  Taieb Znati,et al.  Detecting Application Denial-of-Service Attacks: A Group-Testing-Based Approach , 2010, IEEE Transactions on Parallel and Distributed Systems.

[8]  Erol Gelenbe,et al.  Detection and mitigation of signaling storms in mobile networks , 2016, 2016 International Conference on Computing, Networking and Communications (ICNC).

[9]  Huey-Ing Liu,et al.  Defending systems Against Tilt DDoS attacks , 2011, 2011 6th International Conference on Telecommunication Systems, Services, and Applications (TSSA).

[10]  R. Anitha,et al.  Demystifying and Rate Limiting ICMP hosted DoS/DDoS Flooding Attacks with Attack Productivity Analysis , 2009, 2009 IEEE International Advance Computing Conference.

[11]  Mario Lemes Proença,et al.  Using Firefly and Genetic Metaheuristics for Anomaly Detection based on Network Flows , 2015, ICT 2015.

[12]  Wanlei Zhou,et al.  CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd , 2010, 2010 Fourth International Conference on Network and System Security.

[13]  V. Mani,et al.  Clustering using firefly algorithm: Performance study , 2011, Swarm Evol. Comput..

[14]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[15]  K. Venugopal Rao,et al.  Anomaly based Real Time Prevention of under Rated App-DDOS Attacks on Web: An Experiential Metrics based Machine Learning Approach , 2016 .

[16]  Bo Sun,et al.  A survey of defense mechanisms against application layer distributed denial of service attacks , 2015, 2015 6th IEEE International Conference on Software Engineering and Service Science (ICSESS).

[17]  Rajkumar,et al.  A Survey on Latest DoS Attacks:Classificationand Defense Mechanisms , 2013 .

[18]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[19]  Gabriel Maciá-Fernández,et al.  Evaluation of a low-rate DoS attack against iterative servers , 2007, Comput. Networks.

[20]  Mukesh Singhal,et al.  PGSW-OS: a novel approach for resource management in a semantic web operating system based on a P2P grid architecture , 2014, The Journal of Supercomputing.

[21]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[22]  Nor Badrul Anuar,et al.  An appraisal and design of a multi-agent system based cooperative wireless intrusion detection computational intelligence technique , 2013, Eng. Appl. Artif. Intell..

[23]  Shun-Zheng Yu,et al.  Monitoring the Application-Layer DDoS Attacks for Popular Websites , 2009, IEEE/ACM Transactions on Networking.

[24]  Timo Hämäläinen,et al.  Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic , 2016, 2016 23rd International Conference on Telecommunications (ICT).

[25]  George M. Mohay,et al.  Ensemble-based DDoS detection and mitigation model , 2012, SIN '12.

[26]  Erol Gelenbe,et al.  Modeling and Analysis of RRC-Based Signalling Storms in 3G Networks , 2016, IEEE Transactions on Emerging Topics in Computing.

[27]  Jyothsna Veeramreddy,et al.  FCAAIS: Anomaly based network intrusion detection through feature correlation analysis and association impact scale , 2016, ICT Express.

[28]  Xia Chun-Tao,et al.  An Algorithm of Detecting and Defending CC Attack in Real Time , 2012, 2012 International Conference on Industrial Control and Electronics Engineering.

[29]  Zolotukhin Mikhail,et al.  Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic , 2016 .

[30]  Z. Li,et al.  Mitigating application layer distributed denial of service attacks via effective trust management , 2010, IET Commun..

[31]  Chengxu Ye,et al.  Detection of application layer distributed denial of service , 2011, Proceedings of 2011 International Conference on Computer Science and Network Technology.

[32]  Erol Gelenbe,et al.  An autonomic approach to denial of service defence , 2005, Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks.

[33]  Gabriel Maciá-Fernández,et al.  Mathematical Model for Low-Rate DoS Attacks Against Application Servers , 2009, IEEE Transactions on Information Forensics and Security.

[34]  Gabriel Maciá-Fernández,et al.  Defense techniques for low-rate DoS attacks against application servers , 2010, Comput. Networks.

[35]  Erol Gelenbe,et al.  A self-aware approach to denial of service defence , 2007, Comput. Networks.

[36]  M. Uysal,et al.  DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks , 2009, IEEE/ACM Transactions on Networking.

[37]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.