Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods

Until now, an effective defense method against Distributed Denial of Service (DDoS) attacks is yet to be offered by security systems. Incidents of serious damage due to DDoS attacks have been increasing, thereby leading to an urgent need for new attack identification, mitigation, and prevention mechanisms. To prevent DDoS attacks, the basic features of the attacks need to be dynamically analyzed because their patterns, ports, and protocols or operation mechanisms are rapidly changed and manipulated. Most of the proposed DDoS defense methods have different types of drawbacks and limitations. Some of these methods have signature-based defense mechanisms that fail to identify new attacks and others have anomaly-based defense mechanisms that are limited to specific types of DDoS attacks and yet to be applied in open environments. Subsequently, extensive research on applying artificial intelligence and statistical techniques in the defense methods has been conducted in order to identify, mitigate, and prevent these attacks. However, the most appropriate and effective defense features, mechanisms, techniques, and methods for handling such attacks remain to be an open question. This review paper focuses on the most common defense methods against DDoS attacks that adopt artificial intelligence and statistical approaches. Additionally, the review classifies and illustrates the attack types, the testing properties, the evaluation methods and the testing datasets that are utilized in the methodology of the proposed defense methods. Finally, this review provides a guideline and possible points of encampments for developing improved solution models of defense methods against DDoS attacks.

[1]  Jelena Mirkovic,et al.  Modeling Human Behavior for Defense Against Flash-Crowd Attacks , 2009, 2009 IEEE International Conference on Communications.

[2]  Ali A. Ghorbani,et al.  Network Anomaly Detection Based on Wavelet Analysis , 2009, EURASIP J. Adv. Signal Process..

[3]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[4]  Abhinav Bhandari,et al.  Destination Address Entropy based Detection and Traceback Approach against Distributed Denial of Service Attacks , 2015 .

[5]  Rocky K. C. Chang,et al.  Defending against flooding-based distributed denial-of-service attacks: a tutorial , 2002, IEEE Commun. Mag..

[6]  Geert Deconinck,et al.  Denial of Service Attacks: a Tutorial , 2011 .

[7]  Gurpreet Singh,et al.  A Review of Machine Learning based Anomaly Detection Techniques , 2013, ArXiv.

[8]  Wesley M. Eddy,et al.  SYN Flood Attack , 2011, Encyclopedia of Cryptography and Security.

[9]  S. S. Chapade,et al.  Securing Cloud Servers Against Flooding Based DDOS Attacks , 2013, 2013 International Conference on Communication Systems and Network Technologies.

[10]  N. Srihari Rao,et al.  A Survey of Distributed Denial-of-Service (DDoS) Defense Techniques in ISP Domains , 2019 .

[11]  Jemal H. Abawajy,et al.  Detecting and Mitigating HX-DoS Attacks against Cloud Web Services , 2012, 2012 15th International Conference on Network-Based Information Systems.

[12]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[13]  Pourya Shamsolmoali,et al.  Statistical-based filtering system against DDOS attacks in cloud computing , 2014, 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI).

[14]  C. N. Modi,et al.  Bayesian Classifier and Snort based network intrusion detection system in cloud computing , 2012, 2012 Third International Conference on Computing, Communication and Networking Technologies (ICCCNT'12).

[15]  Xizhao Wang,et al.  Covariance-Matrix Modeling and Detecting Various Flooding Attacks , 2007, IEEE Transactions on Systems, Man, and Cybernetics - Part A: Systems and Humans.

[16]  Vasilios Katos,et al.  Real time DDoS detection using fuzzy estimators , 2012, Comput. Secur..

[17]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[18]  R. Saranya,et al.  Integrated quantum flow and hidden Markov chain approach for resisting DDoS attack and C-Worm , 2018, Cluster Computing.

[19]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[20]  Daihee Park,et al.  Traffic flooding attack detection with SNMP MIB using SVM , 2008, Comput. Commun..

[21]  M. A. Vinoth Kumar,et al.  Identifying and Blocking High and Low Rate DDOS ICMP Flooding , 2015 .

[22]  Shun-Zheng Yu,et al.  A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors , 2009, TNET.

[23]  Ping Wang,et al.  A Software-Defined Networking (SDN) Approach to Mitigating DDoS Attacks , 2018 .

[24]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[25]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[26]  Weifeng Chen,et al.  Flow level detection and filtering of low-rate DDoS , 2012, Comput. Networks.

[27]  Kai Hwang,et al.  Distributed Change-Point Detection of DDoS Attacks over Multiple Network Domains ∗ , 2006 .

[28]  Song Guo,et al.  Can We Beat DDoS Attacks in Clouds? , 2014, IEEE Transactions on Parallel and Distributed Systems.

[29]  Manoj Singh Gaur,et al.  DDoS attacks in cloud computing: Issues, taxonomy, and future directions , 2015, Comput. Commun..

[30]  Paramvir Singh,et al.  Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges , 2017, Comput. Secur..

[31]  Rida Khatoun,et al.  Toward a Source Detection of Botclouds: A PCA-Based Approach , 2014, AIMS.

[32]  Aarti Singh,et al.  An Agent-Based Framework to Counterattack DDoS Attacks 195 Related Work , 2009 .

[33]  Laura Galluccio,et al.  OPERETTA: An OPEnflow-based REmedy to mitigate TCP SYNFLOOD Attacks against web servers , 2015, Comput. Networks.

[34]  Thiagarajan Hamsapriya,et al.  Statistical Segregation Method to Minimize the False Detections During DDoS Attacks , 2011, Int. J. Netw. Secur..

[35]  Seyed Mohammad Mousavi,et al.  Early Detection of DDoS Attacks in Software Defined Networks Controller , 2014 .

[36]  Manoj Misra,et al.  Estimating Strength of a DDoS Attack Using Multiple Regression Analysis , 2011 .

[37]  Shahram Jamali,et al.  Defense against SYN flooding attacks: A particle swarm optimization approach , 2014, Comput. Electr. Eng..

[38]  Chundong Wang,et al.  Virtual Machine-based Intrusion Detection System Framework in Cloud Computing Environment , 2012, J. Comput..

[39]  Jung-Min Park,et al.  An overview of anomaly detection techniques: Existing solutions and latest technological trends , 2007, Comput. Networks.

[40]  Sunny Behal,et al.  Trends in Validation of DDoS Research , 2016 .

[41]  H. Kim,et al.  A SDN-oriented DDoS blocking scheme for botnet-based attacks , 2014, 2014 Sixth International Conference on Ubiquitous and Future Networks (ICUFN).

[42]  Budi Rahardjo,et al.  Traffic anomaly detection in DDos flooding attack , 2014, 2014 8th International Conference on Telecommunication Systems Services and Applications (TSSA).

[43]  Ahmad Y. Javaid,et al.  A Deep Learning Based DDoS Detection System in Software-Defined Networking (SDN) , 2016, EAI Endorsed Trans. Security Safety.

[44]  Yang Li,et al.  A lightweight web server anomaly detection method based on transductive scheme and genetic algorithms , 2008, Comput. Commun..

[45]  David C. Yen,et al.  A Network Behavior-Based Botnet Detection Mechanism Using PSO and K-means , 2015, TMIS.

[46]  Ruby B. Lee,et al.  Taxonomies of Distributed Denial of Service Networks, Attacks, Tools, and Countermeasures , 2003 .

[47]  Zhen Ye,et al.  DDoS Defense Using TCP_IP Header Analysis and Proactive Tests , 2009, 2009 International Conference on Information Technology and Computer Science.

[48]  Avelino Francisco Zorzo,et al.  Mitigating DoS to authenticated cloud REST APIs , 2014, The 9th International Conference for Internet Technology and Secured Transactions (ICITST-2014).

[49]  Samia Bouzefrane,et al.  Analysis and Detection of DoS Attacks in Cloud Computing by Using QSE Algorithm , 2014, 2014 IEEE Intl Conf on High Performance Computing and Communications, 2014 IEEE 6th Intl Symp on Cyberspace Safety and Security, 2014 IEEE 11th Intl Conf on Embedded Software and Syst (HPCC,CSS,ICESS).

[50]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[51]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[52]  B. B. Gupta,et al.  Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices , 2018, Int. J. E Serv. Mob. Appl..

[53]  H. T. Kung,et al.  Use of spectral analysis in defense against DoS attacks , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[54]  Mohiuddin Ahmed,et al.  A survey of network anomaly detection techniques , 2016, J. Netw. Comput. Appl..

[55]  Rodrigo Braga,et al.  Lightweight DDoS flooding attack detection using NOX/OpenFlow , 2010, IEEE Local Computer Network Conference.

[56]  Muhammad Aamir,et al.  A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques , 2013 .

[57]  M. Hemalatha,et al.  Effective approach toward Intrusion Detection System using data mining techniques , 2014 .

[58]  Huaglory Tianfield,et al.  Evaluation of Experiments on Detecting Distributed Denial of Service (DDoS) Attacks in Eucalyptus Private Cloud , 2012, SOFA.

[59]  J. L. Rana,et al.  Taxonomy of Anomaly Based Intrusion Detection System: A Review , 2012 .

[60]  Ester Yen,et al.  Data mining-based intrusion detectors , 2009, Expert Syst. Appl..

[61]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..

[62]  Elisa Bertino,et al.  Detection and Protection against Distributed Denial of Service Attacks in Accountable Grid Computing Systems , 2011, 2011 11th IEEE/ACM International Symposium on Cluster, Cloud and Grid Computing.

[63]  Nathanael Chambers,et al.  Detecting Denial-of-Service Attacks from Social Media Text: Applying NLP to Computer Security , 2018, NAACL.

[64]  Chi Cheng,et al.  Extreme learning machines for intrusion detection , 2012, The 2012 International Joint Conference on Neural Networks (IJCNN).

[65]  Rajagopalan Vijayasarathy,et al.  A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[66]  Xiangjian He,et al.  A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis , 2014, IEEE Transactions on Parallel and Distributed Systems.

[67]  Chi-Chun Lo,et al.  A Cooperative Intrusion Detection System Framework for Cloud Computing Networks , 2010, 2010 39th International Conference on Parallel Processing Workshops.

[68]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[69]  Tao Zhang,et al.  Defense of DDoS attack for cloud computing , 2012, 2012 IEEE International Conference on Computer Science and Automation Engineering (CSAE).

[70]  Santosh Kumar Singh,et al.  Anomaly based DDoS Attack Detection , 2015 .

[71]  Dongming Lu,et al.  Combining Cross-Correlation and Fuzzy Classification to Detect Distributed Denial-of-Service Attacks , 2006, International Conference on Computational Science.

[72]  Dong Seong Kim,et al.  Detection of DDoS attacks using optimized traffic matrix , 2012, Comput. Math. Appl..

[73]  Rolf T. Moulton Computer Security Handbook: Strategies and Techniques for Preventing Data Loss or Theft , 1986 .

[74]  N. Jeyanthi,et al.  Detection of distributed denial of service attacks in cloud computing by identifying spoofed IP , 2013, Int. J. Commun. Networks Distributed Syst..

[75]  S. Mercy Shalinie,et al.  Autonomous Agent for DDoS Attack Detection and Defense in an Experimental Testbed , 2014 .

[76]  Junho Choi,et al.  A method of DDoS attack detection using HTTP packet pattern and rule engine in cloud computing environment , 2014, Soft Comput..

[77]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[78]  Aida Mustapha,et al.  An Adaptive Model for Detection and Prevention of DDoS and Flash Crowd Flooding Attacks , 2018, 2018 International Symposium on Agent, Multi-Agent Systems and Robotics (ISAMSR).

[79]  Srikanth Kandula,et al.  Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds , 2005, NSDI.

[80]  Julie A. Dickerson,et al.  Fuzzy network profiling for intrusion detection , 2000, PeachFuzz 2000. 19th International Conference of the North American Fuzzy Information Processing Society - NAFIPS (Cat. No.00TH8500).

[81]  Geng Yang,et al.  An intelligent method for real-time detection of DDoS attack based on fuzzy logic , 2008 .

[82]  Kanwalvir Singh Dhindsa,et al.  PERFORMANCE ANALYSIS OF AGENT BASED DISTRIBUTED DEFENSE MECHANISMS AGAINST DDOS ATTACKS , 2018 .

[83]  Supranamaya Ranjan,et al.  DDoS-Resilient Scheduling to Counter Application Layer Attacks Under Imperfect Detection , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[84]  Kamalrulnizam Abu Bakar,et al.  Distributed Intrusion Detection in Clouds Using Mobile Agents , 2009, 2009 Third International Conference on Advanced Engineering Computing and Applications in Sciences.

[85]  Gyungho Lee,et al.  DDoS Attack Detection and Wavelets , 2005, Telecommun. Syst..

[86]  K. Venugopal Rao,et al.  DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey , 2014 .

[87]  Jugal K. Kalita,et al.  Network Anomaly Detection: Methods, Systems and Tools , 2014, IEEE Communications Surveys & Tutorials.

[88]  Wanlei Zhou,et al.  Cloud security defence to protect cloud computing against HTTP-DoS and XML-DoS attacks , 2011, J. Netw. Comput. Appl..

[89]  Allen Y. Chang,et al.  Early Warning System for DDoS Attacking Based on Multilayer Deployment of Time Delay Neural Network , 2010, 2010 Sixth International Conference on Intelligent Information Hiding and Multimedia Signal Processing.

[90]  Gulshan Kumar,et al.  Survey on Data Mining Techniques in Intrusion Detection , 2012 .

[91]  Kiattikul Treseangrat,et al.  Analysis of UDP DDoS flood cyber attack and defense mechanisms on Web Server with Linux Ubuntu 13 , 2015, 2015 International Conference on Communications, Signal Processing, and their Applications (ICCSPA'15).

[92]  Vijay Katkar,et al.  Detection of DoS/DDoS Attack against HTTP Servers Using Naive Bayesian , 2015, 2015 International Conference on Computing Communication Control and Automation.

[93]  Igor Kotenko,et al.  AGENT-BASED SIMULATION OF DDOS ATTACKS AND DEFENSE MECHANISMS , 2005 .

[94]  Jung-Taek Seo,et al.  A New DDoS Detection Model Using Multiple SVMs and TRA , 2005, EUC Workshops.

[95]  A. Rahul Detection of Intruders and Flooding In Voip Using IDS, Jacobson Fast And Hellinger Distance Algorithms , 2012 .

[96]  R. Kesavamoorthy,et al.  Swarm intelligence based autonomous DDoS attack detection and defense using multi agent system , 2018, Cluster Computing.

[97]  Jinjun Chen,et al.  A confidence-based filtering method for DDoS attack defense in cloud environment , 2013, Future Gener. Comput. Syst..

[98]  Reem Bahgat,et al.  Improving Detection Accuracy in Group Testing-Based Identification of Misbehaving Data Sources , 2014, 2014 International Conference on Future Internet of Things and Cloud.

[99]  Hatem Hamad,et al.  Managing Intrusion Detection as a Service in Cloud Networks , 2012 .

[100]  Mercedes Barrionuevo,et al.  An Anomaly Detection Model in a LAN Using K-NN and High Performance Computing Techniques , 2017, CACIC.

[101]  Antonio Pescapè,et al.  A cascade architecture for DoS attacks detection based on the wavelet transform , 2009, J. Comput. Secur..

[102]  S. Malliga,et al.  Intrusion detection system- An efficient way to thwart against Dos/DDos attack in the cloud environment , 2014, 2014 International Conference on Recent Trends in Information Technology.

[103]  Miguel Correia,et al.  Anomaly-based intrusion detection in software as a service , 2011, 2011 IEEE/IFIP 41st International Conference on Dependable Systems and Networks Workshops (DSN-W).

[104]  Mohd Anwar,et al.  A trust-based approach against IP-spoofing attacks , 2011, 2011 Ninth Annual International Conference on Privacy, Security and Trust.

[105]  Gopinath Ganapathy,et al.  A multilevel thrust filtration defending mechanism against DDoS attacks in cloud computing environment , 2014, Int. J. Grid Util. Comput..

[106]  Christian Rossow,et al.  Exit from Hell? Reducing the Impact of Amplification DDoS Attacks , 2014, USENIX Security Symposium.

[107]  Emin Anarim,et al.  Statistical measures: Promising features for time series based DDoS attack detection , 2018, 2018 26th Signal Processing and Communications Applications Conference (SIU).

[108]  Richard E. Overill,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016, Neurocomputing.

[109]  K. V. D. L. Sulochana,et al.  Preventing DDoS attack using Data mining Algorithms , 2016 .

[110]  R. Lua,et al.  Mitigating DDoS attacks with transparent and intelligent fast-flux swarm network , 2011, IEEE Network.

[111]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[112]  Kannan Govindarajan,et al.  DDoS defense system for web services in a cloud environment , 2014, Future generations computer systems.

[113]  Mrs Sowmya,et al.  An Empirical Framework To Detect Security Attacks On the Cloud Data Storage System , 2012 .

[114]  Hai Jin,et al.  A VMM-based intrusion prevention system in cloud computing environment , 2013, The Journal of Supercomputing.

[115]  Ming Li,et al.  A New Approach for Detecting DDoS Attacks Based on Wavelet Analysis , 2009, 2009 2nd International Congress on Image and Signal Processing.

[116]  Vahid Ghafori,et al.  New Approach to Mitigate XML-DOS and HTTP-DOS Attacks for Cloud Computing , 2013 .

[117]  Irfan Gul,et al.  Distributed Cloud Intrusion Detection Model , 2011 .

[118]  H. Jonathan Chao,et al.  PacketScore: a statistics-based packet filtering scheme against distributed denial-of-service attacks , 2006, IEEE Transactions on Dependable and Secure Computing.

[119]  Geert Deconinck,et al.  Analyzing well-known countermeasures against distributed denial of service attacks , 2012, Comput. Commun..

[120]  Olivier Cappé,et al.  Distributed detection/localization of change-points in high-dimensional network traffic data , 2009, Statistics and Computing.

[121]  Paul Barford,et al.  A signal analysis of network traffic anomalies , 2002, IMW '02.

[122]  Dijiang Huang,et al.  NICE: Network Intrusion Detection and Countermeasure Selection in Virtual Network Systems , 2013, IEEE Transactions on Dependable and Secure Computing.

[123]  Jianping Yin,et al.  DDoS Attack Detection Method Based on Linear Prediction Model , 2009, ICIC.

[124]  Song Fu,et al.  An Anomaly Detection Framework for Autonomic Management of Compute Cloud Systems , 2010, 2010 IEEE 34th Annual Computer Software and Applications Conference Workshops.

[125]  Neeli R. Prasad,et al.  Mitigate DoS and DDoS Attack in Mobile Ad Hoc Networks , 2011, Int. J. Digit. Crime Forensics.

[126]  Sunny Behal,et al.  Characterizing DDoS attacks and flash events: Review, research gaps and future directions , 2017, Comput. Sci. Rev..

[127]  Philippe Owezarski On the impact of DoS attacks on Internet traffic characteristics and QoS , 2005, Proceedings. 14th International Conference on Computer Communications and Networks, 2005. ICCCN 2005..

[128]  A B M Shawkat Ali,et al.  Classifying different denial-of-service attacks in cloud computing using rule-based learning , 2012, Secur. Commun. Networks.

[129]  Yongsun Choi,et al.  Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework , 2010 .

[130]  F. Richard Yu,et al.  A Multi-Level DDoS Mitigation Framework for the Industrial Internet of Things , 2018, IEEE Communications Magazine.

[131]  Dong Seong Kim,et al.  Network-Based Intrusion Detection with Support Vector Machines , 2003, ICOIN.

[132]  VARUN CHANDOLA,et al.  Anomaly detection: A survey , 2009, CSUR.