When defending DDoS and other types of network attack, most products or service providers perform the protection by dropping the attack traffics. It cures the symptoms but not the disease. To help eliminate network attack, a more proactive approach is to trace back the attack source and stop the attack before it starts. Collecting the attack data is essential in attack trace-back. In this paper, we propose a live capture device to record the attack efficiently without disturbing the original network performance. The device is also integrated with anti-DDoS technique so that forensic data collection when be performed even under DDoS attacks. We made use of a network bridge and utilized packet capturing functionality provided by Linux, plus our packet storing mechanisms to build the forensic aware data collection device. The anti-DDoS protection uses machine learning to extract features of attacks, and then use a customized Bloom filter to defend attacks based on selected features. We implemented and tested the performance of the proposed technique in a lab environment.
[1]
A. Nur Zincir-Heywood,et al.
Supervised learning to detect DDoS attacks
,
2014,
2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).
[2]
Richard E. Overill,et al.
Detection of known and unknown DDoS attacks using Artificial Neural Networks
,
2016,
Neurocomputing.
[3]
Darragh O'Brien,et al.
Machine Learning for Automatic Defence Against Distributed Denial of Service Attacks
,
2007,
2007 IEEE International Conference on Communications.
[4]
Antonio Nucci,et al.
Robust and efficient detection of DDoS attacks for large-scale internet
,
2007,
Comput. Networks.
[5]
Jin Li,et al.
DDoS attack detection based on neural network
,
2010,
2010 2nd International Symposium on Aware Computing.
[6]
Ki Hoon Kwon,et al.
DDoS attack detection method using cluster analysis
,
2008,
Expert Syst. Appl..