Detection of Low and High rate DDoS Attack using Metrics with SVM in FireCol Distributed Network

A federated network mainly operates with same Internet Service Provider (ISP) and virtual entities integrated with it. Foremost frustration in unified network is attack affair due to intruder intervention. Although attacks are classified according to the attack rate dynamics, they are different in many other aspects such as implementations, intention, and countermeasures. Distributed Denial of Service (DDoS) and Low-rate DDoS attacks are vigorous threats to almost every ISP. In a merged network environment, routers work intimately to elevate early warning of DDoS attacks to evade terrible defacement. In existing FireCol a concerted protection, is used to detect flooding attack with metric computations. It delivers better detection for flooding but in case of low-rate attack, with minimum parameters it fights to find. In order to rout that, we prompt additional potential metrics such as Information distance metric, the Generalized entropy metric, the Probability metric ,the Hybrid metric (the Total variation metric and the Bhattacharyya metric) with SVM Classifier for better outsourcing performance in exposure of both high & low transmission rate attacks with diminution in false alarms. The proportions of packets are being transmitted in distributed client server topology. Both similarity and dissimilarity in the distributions of packets are taken to outline the deviation in the behaviour of user profile. Along with that, SVM classifies the attack and normal flows by using train and test files, which attains the accuracy of 73.89%. Hence, the low rate attack detection with metrics computations and classifier achieves better results compared to Firecol with decision table mechanism. General Terms Attack detection, Security in Distributed network, FireCol, Metric Computations.

[1]  D. Muruganandam DETECTION AND PREVENTION OF LOW AND HIGH RATE FLOODING DDOS ATTACKS , 2013 .

[2]  Wanlei Zhou,et al.  Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics , 2009, 2009 Third International Conference on Network and System Security.

[3]  Farnam Jahanian,et al.  The Zombie Roundup: Understanding, Detecting, and Disrupting Botnets , 2005, SRUTI.

[4]  Mina Guirguis,et al.  On the Impact of Low-Rate Attacks , 2006, 2006 IEEE International Conference on Communications.

[5]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[6]  Anja Feldmann,et al.  Locating internet routing instabilities , 2004, SIGCOMM '04.

[7]  Dong Xiang,et al.  Information-theoretic measures for anomaly detection , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[8]  V. Paxson End-to-end routing behavior in the internet , 2006, CCRV.

[9]  Gong Cheng,et al.  A comparative study on flood DoS and low-rate DoS attacks , 2012 .

[10]  Kuai Xu,et al.  Internet Traffic Behavior Profiling for Network Security Monitoring , 2008, IEEE/ACM Transactions on Networking.

[11]  Wanlei Zhou,et al.  Low-Rate DDoS Attacks Detection and Traceback by Using New Information Metrics , 2011, IEEE Transactions on Information Forensics and Security.

[12]  László Györfi,et al.  Distribution estimation consistent in total variation and in two types of information divergence , 1992, IEEE Trans. Inf. Theory.

[13]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[14]  Xiangliang Zhang,et al.  Profiling program behavior for anomaly intrusion detection based on the transition and frequency property of computer audit data , 2006, Comput. Secur..

[15]  Raouf Boutaba,et al.  A Collaborative Approach for Proactive Detection of Distributed Denial of Service Attacks , 2007 .

[16]  Wanlei Zhou,et al.  Entropy-Based Collaborative Detection of DDOS Attacks on Community Networks , 2008, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom).