Detection of known and unknown DDoS attacks using Artificial Neural Networks

The key objective of a Distributed Denial of Service (DDoS) attack is to compile multiple systems across the Internet with infected zombies/agents and form botnets of networks. Such zombies are designed to attack a particular target or network with different types of packets. The infected systems are remotely controlled either by an attacker or by self-installed Trojans (e.g. roj/Flood-IM) that are programmed to launch packet floods. Within this context, the purpose of this paper is to detect and mitigate known and unknown DDoS attacks in real time environments. We have chosen an Artificial Neural Network (ANN) algorithm to detect DDoS attacks based on specific characteristic features (patterns) that separate DDoS attack traffic from genuine traffic.

[1]  Shiliang Sun,et al.  Weighted Data Normalization Based on Eigenvalues for Artificial Neural Network Classification , 2009, ICONIP.

[2]  S. Mohamed,et al.  Statistical Normalization and Back Propagation for Classification , 2022 .

[3]  G. Manimaran,et al.  A novel packet marking scheme for IP traceback , 2004, Proceedings. Tenth International Conference on Parallel and Distributed Systems, 2004. ICPADS 2004..

[4]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[5]  Kai Hwang,et al.  Collaborative Detection of DDoS Attacks over Multiple Network Domains , 2007, IEEE Transactions on Parallel and Distributed Systems.

[6]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[7]  V. Akilandeswari,et al.  Probabilistic Neural Network based attack traffic classification , 2012, 2012 Fourth International Conference on Advanced Computing (ICoAC).

[8]  Elaine Shi,et al.  OverDoSe: A Generic DDoS Protection Service Using an Overlay Network , 2006 .

[9]  B. B. Gupta,et al.  ANN Based Scheme to Predict Number of Zombies in a DDoS Attack , 2012, Int. J. Netw. Secur..

[10]  Stephen Northcutt,et al.  Network intrusion detection , 2003 .

[11]  Fang-Yie Leu,et al.  Detecting DoS and DDoS Attacks Using Chi-Square , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[12]  A. Santhakumaran,et al.  Statistical Normalization and Back Propagationfor Classification , 2011 .

[13]  Kamil Saraç,et al.  A More Practical Approach for Single-Packet IP Traceback using Packet Logging and Marking , 2008, IEEE Transactions on Parallel and Distributed Systems.

[14]  Wanlei Zhou,et al.  Traceback of DDoS Attacks Using Entropy Variations , 2011, IEEE Transactions on Parallel and Distributed Systems.

[15]  Ding Wei,et al.  Improved Detection Approach for Distributed Denial of Service Attack Based on SVM , 2011, 2011 Third Pacific-Asia Conference on Circuits, Communications and System (PACCS).

[16]  Basil S. Maglaris,et al.  Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics , 2005, 10th IEEE Symposium on Computers and Communications (ISCC'05).

[17]  Ming Zhong,et al.  DDoS defense system with turing test and neural network , 2012, GrC.

[18]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[19]  Jin Li,et al.  DDoS attack detection based on neural network , 2010, 2010 2nd International Symposium on Aware Computing.