An impact analysis: Real time DDoS attack detection and mitigation using machine learning

Distributed Denial of service (DDoS) attacks is the most devastating attack which tampers the normal functionality of critical services in internet community. DDoS cyber weapon is highly motivated by several aspects including hactivitism, personal revenge, anti-government force, disgruntled employers/customers, ideological and political cause, cyber espionage and so on. IP spoofing is the powerful technique used by attackers to disrupt the availability of services in the internet network by impersonating as a trusted source. Since the spoofed traffic shares the same resources as that of the legitimate one's detection and filtering becomes very essential. The proposed model consists of online monitoring system (OMS), spoofed traffic detection module and interface based rate limiting (IBRL) algorithm. OMS provides DDoS impact measurements in real time by monitoring the degradation in host and network performance metrics. The spoofed traffic detection module incorporates hop count inspection algorithm (HCF) to check the authenticity of incoming packet by means of source IP address and its corresponding hops to destined victim. HCF coupled with support vector machine (SVM) provides 98.99% accuracy with reduced false positive. Followed with, IBRL algorithm restricts the traffic aggregates at victim router when exceeding system limits in order to provide sufficient bandwidth for remaining flows.

[1]  Robert Beverly,et al.  An Internet Protocol Address Clustering Algorithm , 2008, SysML.

[2]  Anjali Sardana,et al.  An Integrated Honeypot Framework for Proactive Detection, Characterization and Redirection of DDoS Attacks at ISP level , 2008 .

[3]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM 2001.

[4]  Paul J Criscuolo,et al.  Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319 , 2000 .

[5]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[6]  S. M. Shalinie,et al.  DDoS Detection using host-network based metrics and mitigation in experimental testbed , 2012, 2012 International Conference on Recent Trends in Information Technology.

[7]  Bill Hancock,et al.  Trinity v3, a DDoS Tool, Hits the Streets , 2000, Computers & security.

[8]  Gurvinder Singh,et al.  Measuring Impact of DDOS Attacks on , 2009 .

[9]  S. Chandran,et al.  Constructing Inter-Domain Packet Filters to Control IP Spoofing Based on BGP Updates , 2015 .

[10]  Sven Dietrich,et al.  Analyzing Distributed Denial of Service Tools: The Shaft Case , 2000, LISA.

[11]  Sonia Fahmy,et al.  Towards user-centric metrics for denial-of-service measurement , 2007, ExpCS '07.

[12]  Shiuh-Pyng Shieh,et al.  Defending against spoofed DDoS attacks with path fingerprint , 2005, Comput. Secur..

[13]  Monika Sachdeva,et al.  Impact Analysis of Recent DDoS Attacks , 2011 .

[14]  Ed Dawson,et al.  An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks , 2011 .

[15]  S. Selvakumar,et al.  Distributed Denial-of-Service (DDoS) Threat in Collaborative Environment - A Survey on DDoS Attack Tools and Traceback Mechanisms , 2009, 2009 IEEE International Advance Computing Conference.

[16]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[17]  Kang G. Shin,et al.  Hop-Count Filtering : An Effective Defense Against Spoofed Traffic , 2003 .

[18]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[19]  Xin Liu,et al.  To filter or to authorize: network-layer DoS defense against multimillion-node botnets , 2008, SIGCOMM '08.

[20]  Dawn Xiaodong Song,et al.  StackPi: New Packet Marking and Filtering Mechanisms for DDoS and IP Spoofing Defense , 2006, IEEE Journal on Selected Areas in Communications.

[21]  Ratul Mahajan,et al.  Controlling high bandwidth aggregates in the network , 2002, CCRV.

[22]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[23]  Kotagiri Ramamohanarao,et al.  Protection from distributed denial of service attacks using history-based IP filtering , 2003, IEEE International Conference on Communications, 2003. ICC '03..

[24]  Srinivasan Seshan,et al.  Detecting DDoS Attacks on ISP Networks , 2003 .

[25]  Katerina J. Argyraki,et al.  Scalable network-layer defense against internet bandwidth-flooding attacks , 2003, TNET.

[26]  B. B. Gupta,et al.  An ISP Level Solution to Combat DDoS Attacks using Combined Statistical Based Approach , 2012, ArXiv.

[27]  Kang G. Shin,et al.  Hop-count filtering: an effective defense against spoofed DDoS traffic , 2003, CCS '03.

[28]  Mandeep Singh,et al.  Flooding Based DDoS Attacks and Their Influence on Web Services , 2011 .