Large-scale network packet analysis for intelligent DDoS attack detection development

Distributed Denial of Service (DDoS) attacks are a serious threat to network security. Servers of many companies and/or governments have been victims of such attacks. DDoS attacks jam the network service of the target using multiple bots hijacked by crackers and send numerous packets to the target server. In such an attack, detecting the crackers is extremely difficult, because they only send a command by multiple bots from another network and then leave the bots quickly after command execute. Therefore, we need an intelligent detection system for DDoS attacks to defend network services. To develop the system, we utilized machine learning techniques to study the patterns of DDoS attacks and detect them. We analyzed large numbers of network packets provided by the Center for Applied Internet Data Analysis, and detected some important patterns that affect the accuracy of the detection system. We implemented the detection system using the patterns of DDoS attacks. A support vector machine with the radial basis function (Gaussian) kernel is its core part. The detection system is accurate in detecting DDoS attacks.

[1]  Farouk Kamoun,et al.  Joint Entropy Analysis Model for DDoS Attack Detection , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[2]  Guangxue Yue,et al.  DDoS Detection System Based on Data Mining , 2010 .

[3]  Vyas Sekar,et al.  LADS: Large-scale Automated DDoS Detection System , 2006, USENIX Annual Technical Conference, General Track.

[4]  Kevin K Dobbin,et al.  Optimally splitting cases for training and testing high dimensional classifiers , 2011, BMC Medical Genomics.

[5]  Corinna Cortes,et al.  Support-Vector Networks , 1995, Machine Learning.

[6]  Jugal K. Kalita,et al.  Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions , 2014, Comput. J..

[7]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[8]  Mehmet Fatih Akay,et al.  Support vector machines combined with feature selection for breast cancer diagnosis , 2009, Expert Syst. Appl..

[9]  Gang Wei,et al.  A prediction-based detection algorithm against distributed denial-of-service attacks , 2009, IWCMC.

[10]  Rasool Jalili,et al.  Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks , 2005, ISPEC.

[11]  B. B. Gupta,et al.  SVM Based Scheme for Predicting Number of Zombies in a DDoS Attack , 2011, 2011 European Intelligence and Security Informatics Conference.

[12]  V. Sangeetha,et al.  Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud , 2013, ArXiv.

[13]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[14]  Yasir Saleem,et al.  Network Simulator NS-2 , 2015 .

[15]  Bernhard E. Boser,et al.  A training algorithm for optimal margin classifiers , 1992, COLT '92.

[16]  John Riedl,et al.  Item-based collaborative filtering recommendation algorithms , 2001, WWW '01.

[17]  A. Rungsawang,et al.  Distributed denial of service detection using TCP/IP header and traffic measurement analysis , 2004, IEEE International Symposium on Communications and Information Technology, 2004. ISCIT 2004..

[18]  Ahmad Faraahi,et al.  An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks , 2011 .