An Adaptive Filtration Based Defense Framework against Ddos

While increasing cloud services are exposed to DDoS, DDoS defense has becoming more and more challenging. A single server with limited computing and memory resource can hardly handle large packet traces which are captured on fast links. In this paper, we propose a spark-streaming based online DDoS defense framework. First, we present a analysis model to identify abnormal packets. Second, we develop a defense model based on the statistics of abnormal packets. Our framework has two main advantages: (1) Our framework is configurable and with expert system functionality; the information maintained to detect threats is also leveraged during mitigation to effectively distinguishing legitimate from suspicious traffic; (2) Based on spark-streaming, our framework allows for parallel and distributed traffic analysis that can be deployed at high-speed network links. At the same time, by employing improved bloom-filter for approximated checks with low false positive/negative errors, it also reduces the space required to maintain the information leveraged for the threat detection and mitigation. The evaluation with data sets derived from real network traffic validates the performance of our framework in terms of detection accuracy, filtering efficiency, and monitoring overhead. The experiments show that our framework is able to detect DDoS attacks in the early stage of attack, to mitigate them by filtering out the majority of the abnormal packets while keeping a high percentage of the legitimate traffic unaffected.

[1]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[2]  Junho Choi,et al.  Intelligent Reconfigurable Method of Cloud Computing Resources for Multimedia Data Delivery , 2013, Informatica.

[3]  Youngseok Lee,et al.  Toward scalable internet traffic measurement and analysis with Hadoop , 2013, CCRV.

[4]  Jinjun Chen,et al.  A confidence-based filtering method for DDoS attack defense in cloud environment , 2013, Future Gener. Comput. Syst..

[5]  Balachander Krishnamurthy,et al.  Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites , 2002, WWW.

[6]  Fei Wang,et al.  A new multistage approach to detect subtle DDoS attacks , 2012, Math. Comput. Model..

[7]  Jian Zhang,et al.  A Spark-Based DDoS Attack Detection Model in Cloud Services , 2016, ISPEC.

[8]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[9]  Sateesh K. Peddoju,et al.  Packet Monitoring Approach to Prevent DDoS Attack in Cloud Computing , 2012 .

[10]  Yao Zheng,et al.  DDoS Attack Protection in the Era of Cloud Computing and Software-Defined Networking , 2014, 2014 IEEE 22nd International Conference on Network Protocols.

[11]  Scott Shenker,et al.  Discretized streams: fault-tolerant streaming computation at scale , 2013, SOSP.

[12]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..

[13]  Jugal K. Kalita,et al.  Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions , 2014, Comput. J..

[14]  Mourad Khayati,et al.  Online Anomaly Detection over Big Data Streams , 2019, Applied Data Science.

[15]  Ajith Abraham,et al.  A Profile Based Network Intrusion Detection and Prevention System for Securing Cloud Environment , 2013, Int. J. Distributed Sens. Networks.

[16]  Shui Yu,et al.  DDoS Attack Detection at Local Area Networks Using Information Theoretical Metrics , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[17]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.