Statistical Segregation Method to Minimize the False Detections During DDoS Attacks

DDoS attack aims at occupying the victim resources so as to defy the legitimate requests from reaching it. Even though the attack traffic is generated in intimidating measures, the attack traffic mostly is disguised as the genuine traffic. Hence most of the mitigation methods cannot segregate the legitimate flows from the attack flows accurately. As the result, legitimate flows have also been filtered while appeasing the DDoS flood. In this paper a statistical segregation method (SSM) has been introduced, which samples the flow in consecutive intervals and then the samples are compared against the attack state condition and sorted with the mean as the parameter, then the correlation analysis is performed to segregate attack flows from the legitimate flows. SSM is compared against various other methods and the blend of segregation methods are identified for alleviating the false detections effectively.

[1]  Ruby B. Lee,et al.  Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures , 2004, PDCS.

[2]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[3]  Jelena Mirkovic,et al.  A Framework for a Collaborative DDoS Defense , 2006, 2006 22nd Annual Computer Security Applications Conference (ACSAC'06).

[4]  Songjie Wei,et al.  Benchmarks for DDOS Defense Evaluation , 2006, MILCOM 2006 - 2006 IEEE Military Communications conference.

[5]  Andrew B. Whinston,et al.  Defeating DDoS attacks by fixing the incentive chain , 2007, TOIT.

[6]  R. C. Joshi,et al.  An Integrated Approach for Defending Against Distributed Denial-of-Service ( DDoS ) Attacks , 2022 .

[7]  Kotagiri Ramamohanarao,et al.  Detecting reflector attacks by sharing beliefs , 2003, GLOBECOM '03. IEEE Global Telecommunications Conference (IEEE Cat. No.03CH37489).

[8]  Srinivasan Seshan,et al.  Detecting DDoS Attacks on ISP Networks , 2003 .

[9]  Mehdi Salour,et al.  Dynamic Two-Layer Signature-Based IDS with Unequal Databases , 2007, Fourth International Conference on Information Technology (ITNG'07).

[10]  Richard H. Baker,et al.  The computer security handbook , 1985 .

[11]  R. Anitha,et al.  Demystifying and Rate Limiting ICMP hosted DoS/DDoS Flooding Attacks with Attack Productivity Analysis , 2009, 2009 IEEE International Advance Computing Conference.

[12]  Cheng Jin,et al.  Defense Against Spoofed IP Traffic Using Hop-Count Filtering , 2007, IEEE/ACM Transactions on Networking.

[13]  Jelena Mirkovic,et al.  D-WARD: a source-end defense against flooding denial-of-service attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[14]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[15]  Ying Chen,et al.  Cooperative Anomaly and Intrusion Detection for Alert Correlation in Networked Computing Systems , 2004 .

[16]  George Varghese,et al.  On Scalable Attack Detection in the Network , 2004, IEEE/ACM Transactions on Networking.

[17]  Tarun Bhaskar,et al.  A Hybrid Model for Network Security Systems: Integrating Intrusion Detection System with Survivability , 2008, Int. J. Netw. Secur..

[18]  Bharat K. Bhargava,et al.  Detecting Service Violations and DoS Attacks , 2003, NDSS.