An Adaptive Model for Detection and Prevention of DDoS and Flash Crowd Flooding Attacks

a serious nuisance for network security could be a Distributed Denial of Service (DDoS) attack. The advent of the technological era has also brought along the threat of DDoS attacks for a variety of services and applications that use the Internet. Firms can incur huge financial losses even if there is a disruption in services for a fraction of a period. Analogous to a DDoS attack is the Flash Crowd (FC), in which a particular service is assessed by many legitimate users concurrently, which results in the denial of service. Overloading of network resources is a common issue associated with both these events, which impact CPU, available bandwidth, and memory for legitimate users, thereby leading to limited accessibility. Many researchers have put effort to differentiate between these two kinds of traffic, but none could come up with an effective solution. In this study, we propose an adaptive agent-based model, known as an adaptive application layer flooding protection (AALFP) model, for DDoS and FC flooding attacks. The AALFP model is aimed to protect the network application layer (NAL) against such attacks. Importantly, the model distinguishes and separates normal from abnormal traffic, and then blocks illegitimate traffic. Note that, to operate two traffic filters, the agent relies on the following three parameters of normal traffic intensity, traffic attack behaviour, and IP address history log. An example scenario is provided to simulate the model's application.

[1]  Lu Zhou,et al.  Low-Rate DDoS Attack Detection Using Expectation of Packet Size , 2017, Secur. Commun. Networks.

[2]  Wanlei Zhou,et al.  Detection and defense of application-layer DDoS attacks in backbone web traffic , 2014, Future Gener. Comput. Syst..

[3]  Xiapu Luo,et al.  SkyShield: A Sketch-Based Defense System Against Application Layer DDoS Attacks , 2018, IEEE Transactions on Information Forensics and Security.

[4]  N. Srihari Rao,et al.  A Survey of Distributed Denial-of-Service (DDoS) Defense Techniques in ISP Domains , 2019 .

[5]  N. Ahmed EXTENDED KALMAN FILTERING-I,II,III , 1999 .

[6]  George M. Mohay,et al.  Parametric Differences between a Real-world Distributed Denial-of-Service Attack and a Flash Event , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[7]  Azhana Ahmad,et al.  An autonomy viability assessment matrix for agent-based autonomous systems , 2015, 2015 International Symposium on Agents, Multi-Agent Systems and Robotics (ISAMSR).

[8]  J. K. Kalita,et al.  Botnet in DDoS Attacks: Trends and Challenges , 2015, IEEE Communications Surveys & Tutorials.

[9]  Angelo Spognardi,et al.  DDoS-Capable IoT Malwares: Comparative Analysis and Mirai Investigation , 2018, Secur. Commun. Networks.

[10]  E OverillRichard,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016 .

[11]  U. Akyazi,et al.  Distributed intrusion detection using mobile agents against DDoS attacks , 2008, 2008 23rd International Symposium on Computer and Information Sciences.

[12]  Jie Gao,et al.  Weighted Bloom filter , 2006, 2006 IEEE International Symposium on Information Theory.

[13]  Jugal K. Kalita,et al.  An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection , 2015, Pattern Recognit. Lett..

[14]  Muhammad Aamir,et al.  A Survey on DDoS Attack and Defense Strategies: From Traditional Schemes to Current Techniques , 2013 .

[15]  Azhana Ahmad,et al.  Formulating Situation Awareness for Multi-agent Systems , 2013, 2013 International Conference on Advanced Computer Science Applications and Technologies.

[16]  Aida Mustapha,et al.  An Agent-Based Inference Engine for Efficient and Reliable Automated Car Failure Diagnosis Assistance , 2018, IEEE Access.

[17]  Aida Mustapha,et al.  A fuzzy logic control in adjustable autonomy of a multi-agent system for an automated elderly movement monitoring application , 2018, Int. J. Medical Informatics.

[18]  Mohd Sharifuddin Ahmad,et al.  A Collaborative Framework for Multiagent Systems , 2010, Int. J. Agent Technol. Syst..

[19]  L. Javier García-Villalba,et al.  Adaptive artificial immune networks for mitigating DoS flooding attacks , 2018, Swarm Evol. Comput..

[20]  Wanlei Zhou,et al.  CALD: Surviving Various Application-Layer DDoS Attacks That Mimic Flash Crowd , 2010, 2010 Fourth International Conference on Network and System Security.

[21]  Aida Mustapha,et al.  Norms Detection and Assimilation in Multi-agent Systems: A Conceptual Approach , 2012, KTW.

[22]  Igor Kotenko,et al.  AGENT-BASED SIMULATION OF DDOS ATTACKS AND DEFENSE MECHANISMS , 2005 .

[23]  Igor Kotenko,et al.  Agent-Based Simulation Of Distributed Defense Against Computer Network Attacks , 2006 .

[24]  Amrit Lal Sangal,et al.  Characterizing flash events and distributed denial-of-service attacks: an empirical investigation , 2016, Secur. Commun. Networks.

[25]  Mohd Sharifuddin Ahmad,et al.  A Multi-agent Framework for Research Supervision Management , 2015, DCAI.

[26]  Aida Mustapha,et al.  Defining Tasks and Actions Complexity-Levels via Their Deliberation Intensity Measures in the Layered Adjustable Autonomy Model , 2014, 2014 International Conference on Intelligent Environments.

[27]  Abhinav Bhandari,et al.  Simulation study of application layer DDoS attack , 2015, 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).

[28]  Jie Xu,et al.  On a Mathematical Model for Low-Rate Shrew DDoS , 2014, IEEE Transactions on Information Forensics and Security.

[29]  Richard E. Overill,et al.  Detection of known and unknown DDoS attacks using Artificial Neural Networks , 2016, Neurocomputing.

[30]  Sunny Behal,et al.  Characterizing DDoS attacks and flash events: Review, research gaps and future directions , 2017, Comput. Sci. Rev..