A Proposal of Highly Responsive Distributed Denial-of-Service Attacks Detection Using Real-Time Burst Detection Method

Distributed Denial-of-Service (DDoS) attack detection systems are classified into a signature based approach and an anomaly based approach. However, such methods tend to suffer from low responsiveness. On the other hand, real-time burst detection which is used in data mining offers two advantages over traditional statistical methods. First, it can be used for real-time detection when an event is occurring, and second, it can work with less processing as information about events are compressed, even if a large number of events occur. Here, the authors add the function for attack detection in real-time burst detection technique, and propose a highly responsive DDoS attack detection technique. This paper performs experiments to evaluate its effectiveness, and discusses its detection accuracy and processing performance.

[1]  Basil S. Maglaris,et al.  Combining OpenFlow and sFlow for an effective and scalable anomaly detection and mitigation mechanism on SDN environments , 2014, Comput. Networks.

[2]  Donald F. Towsley,et al.  Detecting anomalies in network traffic using maximum entropy estimation , 2005, IMC '05.

[3]  Sunny Behal,et al.  Detection of DDoS attacks and flash events using novel information theory metrics , 2017, Comput. Networks.

[4]  Kouichi Sakurai,et al.  A Learning Algorithm for Behavior-based PortScan Automatic Detection and Its Evaluation , 2015 .

[5]  Kenji Nakamura,et al.  A Real-Time Burst Detection Method , 2011, 2011 IEEE 23rd International Conference on Tools with Artificial Intelligence.

[6]  Mori Tatsuya,et al.  A method of detecting network anomalies and determining their termination. , 2006 .

[7]  Xin Zhang,et al.  Better Burst Detection , 2006, 22nd International Conference on Data Engineering (ICDE'06).

[8]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[9]  Lee Garber,et al.  Denial-of-Service Attacks Rip the Internet , 2000, Computer.

[10]  Srinivas Arukonda,et al.  The Innocent Perpetrators: Reflectors and Reflection Attacks , 2015 .

[11]  Dan Schnackenberg,et al.  Statistical approaches to DDoS attack detection and response , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[12]  Muttukrishnan Rajarajan,et al.  A survey of intrusion detection techniques in Cloud , 2013, J. Netw. Comput. Appl..

[13]  Masayuki Murata,et al.  Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..