A SeqGAN-Based Method for Mimicking Attack

Distributed denial of service (DDoS) attacks continue to be an ever-increasing threat in cyberspace. Nowadays, attackers tend to launch advanced DDoS attacks with botnets to bypass the detection system. In this paper, we present a method for launching an advanced application-layer DDoS which masquerades as a flash crowd (FC). The attack strategy falls in two aspects: (1) extracting legitimate users’ behaviors; (2) instructing bots to behave as legitimate users. To achieve this, we propose a multi-step algorithm to extract user browsing behaviors and establish a Sequence Generative Adversarial Nets (SeqGAN) model to generate mimicking behaviors of bots. In addition, we experimentally study the effectiveness of this mimicking attack. The study shows that the mimicking attack can fool a detection system that is based on machine learning algorithms. The experimental results also demonstrate that the mimicking attack is indistinguishable from FC in term of statistics.

[1]  Ali Borji,et al.  Pros and Cons of GAN Evaluation Measures , 2018, Comput. Vis. Image Underst..

[2]  Paramvir Singh,et al.  Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges , 2017, Comput. Secur..

[3]  Chenxu Wang,et al.  Modeling User Browsing Activity for Application Layer DDoS Attack Detection , 2016, SecureComm.

[4]  Pedro José Marrón,et al.  User centric walk: an integrated approach for modeling the browsing behavior of users on the Web , 2005, 38th Annual Simulation Symposium.

[5]  Z. K. Silagadze,et al.  Citations and the Zipf-Mandelbrot Law , 1999, Complex Syst..

[6]  Song Guo,et al.  Fool Me If You Can: Mimicking Attacks and Anti-Attacks in Cyberspace , 2015, IEEE Transactions on Computers.

[7]  Lantao Yu,et al.  SeqGAN: Sequence Generative Adversarial Nets with Policy Gradient , 2016, AAAI.

[8]  Soumith Chintala,et al.  Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks , 2015, ICLR.

[9]  Degang Sun,et al.  Could we beat a new mimicking attack? , 2017, 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS).

[10]  Hong Li,et al.  Feature extraction and construction of application layer DDoS attack based on user behavior , 2014, CCC 2014.

[11]  Maria Rigaki,et al.  Bringing a GAN to a Knife-Fight: Adapting Malware Communication to Avoid Detection , 2018, 2018 IEEE Security and Privacy Workshops (SPW).

[12]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[13]  Saiful Adli Ismail,et al.  Review of Recent Detection Methods for HTTP DDoS Attack , 2019, J. Comput. Networks Commun..

[14]  Gaogang Xie,et al.  Detection on application layer DDoS using random walk model , 2014, 2014 IEEE International Conference on Communications (ICC).

[15]  Léon Bottou,et al.  Wasserstein Generative Adversarial Networks , 2017, ICML.

[16]  John Langford,et al.  Telling humans and computers apart automatically , 2004, CACM.

[17]  J. K. Kalita,et al.  Botnet in DDoS Attacks: Trends and Challenges , 2015, IEEE Communications Surveys & Tutorials.

[18]  Cristina Conde,et al.  Detecting denial of service by modelling web-server behaviour , 2013, Comput. Electr. Eng..

[19]  Simon M. Lucas,et al.  A Survey of Monte Carlo Tree Search Methods , 2012, IEEE Transactions on Computational Intelligence and AI in Games.

[20]  Yoshua Bengio,et al.  Generative Adversarial Nets , 2014, NIPS.

[21]  Taghi M. Khoshgoftaar,et al.  User Behavior Anomaly Detection for Application Layer DDoS Attacks , 2017, 2017 IEEE International Conference on Information Reuse and Integration (IRI).

[22]  Sándor Molnár,et al.  How to validate traffic generators? , 2013, 2013 IEEE International Conference on Communications Workshops (ICC).

[23]  Paramvir Singh,et al.  User behavior analytics-based classification of application layer HTTP-GET flood attacks , 2018, J. Netw. Comput. Appl..

[24]  Michael Mitzenmacher,et al.  A Brief History of Generative Models for Power Law and Lognormal Distributions , 2004, Internet Math..

[25]  Huberman,et al.  Strong regularities in world wide web surfing , 1998, Science.

[26]  Shun-Zheng Yu,et al.  A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors , 2009, TNET.

[27]  Chengxu Ye,et al.  Application layer ddos detection using clustering analysis , 2012, Proceedings of 2012 2nd International Conference on Computer Science and Network Technology.

[28]  Xu Liu,et al.  Anomaly Detection for Application Layer User Browsing Behavior Based on Attributes and Features , 2018 .