论文信息 - A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Distributed denial-of-service (DDoS) has developed multiple variants, one of which is distributed reflective denial-of-service (DRDoS). Within the increasing number of Internet-of-Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. Many existing methods for DRDoS cannot generalize early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flow. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on deep forest, which consists of 5 estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the identified attack flow in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flow, and dramatically reduce the damage of DRDoS attack.

[1] Qiang Liu,et al. Hyperparameter selection of one-class support vector machine by self-adaptive data shifting , 2018, Pattern Recognit..

[2] Hyun-Jin Choi,et al. Security issues in online games , 2002, Electron. Libr..

[3] Lee Garber,et al. Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[4] Jianping Yin,et al. DDoS Attack Detection Using IP Address Feature Interaction , 2009, 2009 International Conference on Intelligent Networking and Collaborative Systems.

[5] Georgios Kambourakis,et al. DDoS in the IoT: Mirai and Other Botnets , 2017, Computer.

[6] Qiang Liu,et al. DDoS Attack Security Situation Assessment Model Using Fusion Feature Based on Fuzzy C-Means Clustering Algorithm , 2018, ICCCS.

[7] György Dán,et al. Security of Fully Distributed Power System State Estimation: Detection and Mitigation of Data Integrity Attacks , 2014, IEEE Journal on Selected Areas in Communications.

[8] Jin Li,et al. Differentially private Naive Bayes learning over multiple data sources , 2018, Inf. Sci..

[9] Qing Wang,et al. Distance metric optimization driven convolutional neural network for age invariant face recognition , 2018, Pattern Recognit..

[10] David Black,et al. Differentiated Services (Diffserv) and Real-Time Communication , 2015, RFC.

[11] Victor I. Chang,et al. Internet of Things: Security and privacy in a connected world , 2018, Future Gener. Comput. Syst..

[12] Nathalie Weiler,et al. Honeypots for distributed denial-of-service attacks , 2002, Proceedings. Eleventh IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises.

[13] George Karabatis,et al. Contextual information fusion for intrusion detection: a survey and taxonomy , 2017, Knowledge and Information Systems.

[14] Witawas Srisa-an,et al. Significant Permission Identification for Machine-Learning-Based Android Malware Detection , 2018, IEEE Transactions on Industrial Informatics.

[15] Vrushali U. Uttarwar,et al. Alleviation of DDoS attack using advance technique , 2017, 2017 International Conference on Innovative Mechanisms for Industry Applications (ICIMIA).

[16] Jianping Yin,et al. Detecting Distributed Denial of Service Attack Based on Multi-feature Fusion , 2009, FGIT-SecTech.

[17] S. Gritzalis,et al. A Fair Solution to DNS Amplification Attacks , 2007, Second International Workshop on Digital Forensics and Incident Analysis (WDFIA 2007).

[18] Jieren Cheng,et al. Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning , 2018, Secur. Commun. Networks.

[19] Damon McCoy,et al. Understanding the Emerging Threat of DDoS-as-a-Service , 2013, LEET.

[20] Jianping Yin,et al. Distributed denial of service attack detection based on IP Flow Interaction , 2011, 2011 International Conference on E-Business and E-Government (ICEE).

[21] Jian Shen,et al. Cloud-aided lightweight certificateless authentication protocol with anonymity for wireless body area networks , 2018, J. Netw. Comput. Appl..

[22] Chun-Hung Richard Lin,et al. Intrusion detection system: A comprehensive review , 2013, J. Netw. Comput. Appl..

[23] Wen Gao,et al. Localized Incomplete Multiple Kernel k-means , 2018, IJCAI.

[24] Jacek Czerniak,et al. Quality of Services Method as a DDoS Protection Tool , 2014, IEEE Conf. on Intelligent Systems.

[25] Christian Rossow,et al. Amplification Hell: Revisiting Network Protocols for DDoS Abuse , 2014, NDSS.

[26] Tao Wei,et al. SF-DRDoS: The store-and-flood distributed reflective denial of service attack , 2015, Comput. Commun..

[27] Thomas C. Schmidt,et al. Amplification and DRDoS Attack Defense - A Survey and New Perspectives , 2015, ArXiv.

[28] Fang Liu,et al. Security and Privacy in the Medical Internet of Things: A Review , 2018, Secur. Commun. Networks.

[29] Jin Li,et al. Verifiable Chebyshev maps‐based chaotic encryption schemes with outsourcing computations in the cloud/fog scenarios , 2018, Concurr. Comput. Pract. Exp..

[30] S. Rajeev,et al. Architecture for Authentication in Wireless Differentiated Services using Distributed Substring Authentication Protocol (DSAP) , 2005 .

[31] V. Sheng,et al. An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment , 2018 .

[32] Fatos Xhafa,et al. L-EncDB: A lightweight framework for privacy-preserving data queries in cloud computing , 2015, Knowl. Based Syst..

[33] Jin Li,et al. Multi-authority fine-grained access control with accountability and its application in cloud , 2018, J. Netw. Comput. Appl..

[34] George Karabatis,et al. Beyond data: contextual information fusion for cyber security analytics , 2016, SAC.

[35] Wei Guo,et al. Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing , 2018, Secur. Commun. Networks.

[36] Georgios Kambourakis,et al. DNS amplification attack revisited , 2013, Comput. Secur..

[37] Symeon Papavassiliou,et al. Network intrusion and fault detection: a statistical anomaly approach , 2002, IEEE Commun. Mag..

[38] Izzat Alsmadi,et al. Information Fusion for Cyber-Security Analytics , 2016 .

[39] Tong Li,et al. GMM and CNN Hybrid Method for Short Utterance Speaker Recognition , 2018, IEEE Transactions on Industrial Informatics.

[40] Lukas Krämer,et al. AmpPot: Monitoring and Defending Against Amplification DDoS Attacks , 2015, RAID.

[41] J. Alex Halderman,et al. An Internet-Wide View of Internet-Wide Scanning , 2014, USENIX Security Symposium.

[42] Jianping Yin,et al. DDoS Attack Detection Using Three-State Partition Based on Flow Interaction , 2009, FGIT-SecTech.

[43] Jin Li,et al. Privacy-preserving Naive Bayes classifiers secure against the substitution-then-comparison attack , 2018, Inf. Sci..

[44] Michael Bailey,et al. Taming the 800 Pound Gorilla: The Rise and Decline of NTP DDoS Attacks , 2014, Internet Measurement Conference.

[45] Qiang Liu,et al. A DDoS Detection Method for Socially Aware Networking Based on Forecasting Fusion Feature Sequence , 2018, Comput. J..

[46] Michael Weber,et al. Protecting web servers from distributed denial of service attacks , 2001, WWW '01.

[47] Gabriel Maciá-Fernández,et al. Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..