Distributed real-time SlowDoS attacks detection over encrypted traffic using Artificial Intelligence

Abstract SlowDoS attacks exploit slow transmissions on application-level protocols like HTTP to carry out denial of service against web-servers. These attacks are difficult to be detected with traditional signature-based intrusion detection approaches, even more when the HTTP traffic is encrypted. To cope with this challenge, this paper describes and AI-based anomaly detection system for real-time detection of SlowDoS attacks over application-level encrypted traffic. Our system monitors in real-time the network traffic, analyzing, processing and aggregating packets into conversation flows, getting valuable features and statistics that are dynamically analyzed in streaming for AI-based anomaly detection. The distributed AI model running in Apache Spark-streaming, combines clustering analysis for anomaly detection, along with deep learning techniques to increase detection accuracy in those cases where clustering obtains ambiguous probabilities. The proposal has been implemented and validated in a real testbed, showing its feasibility, performance and accuracy for detecting in real-time different kinds of SlowDoS attacks over encrypted traffic. The achieved results are close to the optimal precision value with a success rate 98%, while the false negative rate takes a value below 0.5%.

[1]  Timo Hämäläinen,et al.  Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic , 2016, 2016 23rd International Conference on Telecommunications (ICT).

[2]  Maurizio Aiello,et al.  Taxonomy of Slow DoS Attacks to Web Applications , 2012, SNDS.

[3]  M. Mongelli,et al.  Detection of DoS attacks through Fourier transform and mutual information , 2015, 2015 IEEE International Conference on Communications (ICC).

[4]  Gabriel Maciá-Fernández,et al.  LoRDAS: A Low-Rate DoS Attack against Application Servers , 2007, CRITIS.

[5]  Andrea Bondavalli,et al.  On the educated selection of unsupervised algorithms via attacks and anomaly classes , 2020, J. Inf. Secur. Appl..

[6]  Bernardi Pranggono,et al.  Machine learning based intrusion detection system for software defined networks , 2017, 2017 Seventh International Conference on Emerging Security Technologies (EST).

[7]  Heaton T. Jeff,et al.  Introduction to Neural Networks with Java , 2005 .

[8]  Wei Yu,et al.  A Survey of Deep Learning: Platforms, Applications and Emerging Research Trends , 2018, IEEE Access.

[9]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[10]  Daniel Gibert,et al.  The rise of machine learning for detection and classification of malware: Research developments, trends and challenges , 2020, J. Netw. Comput. Appl..

[11]  Howon Kim,et al.  Long Short Term Memory Recurrent Neural Network Classifier for Intrusion Detection , 2016, 2016 International Conference on Platform Technology and Service (PlatCon).

[12]  Michel Bourdellès,et al.  Events-Based Security Monitoring Using MMT Tool , 2012, 2012 IEEE Fifth International Conference on Software Testing, Verification and Validation.

[13]  Subhi R. M. Zeebaree,et al.  Application Layer Distributed Denial of Service Attacks Defense Techniques : A review , 2018 .

[14]  Joseph Gardiner,et al.  On the Security of Machine Learning in Malware C&C Detection , 2016, ACM Comput. Surv..

[15]  Zhifeng Zhao,et al.  AI-Based Two-Stage Intrusion Detection for Software Defined IoT Networks , 2018, IEEE Internet of Things Journal.

[16]  Nauman Aslam,et al.  An efficient reinforcement learning-based Botnet detection approach , 2020, J. Netw. Comput. Appl..

[17]  Zhetao Li,et al.  Machine-Learning-Based Online Distributed Denial-of-Service Attack Detection Using Spark Streaming , 2018, 2018 IEEE International Conference on Communications (ICC).

[18]  Yogendra Singh,et al.  How Secure are Web Servers? An Empirical Study of Slow HTTP DoS Attacks and Detection , 2016, 2016 11th International Conference on Availability, Reliability and Security (ARES).

[19]  Andrea Bondavalli,et al.  Quantitative comparison of unsupervised anomaly detection algorithms for intrusion detection , 2019, SAC.

[20]  Adnan Shahid Khan,et al.  Defending Malicious Script Attacks Using Machine Learning Classifiers , 2017, Wirel. Commun. Mob. Comput..

[21]  Wei Wei,et al.  Research and Simulation of Queue Management Algorithms in Ad Hoc Networks Under DDoS Attack , 2017, IEEE Access.

[22]  Antonio F. Gómez-Skarmeta,et al.  IoT for Water Management: Towards Intelligent Anomaly Detection , 2019, 2019 IEEE 5th World Forum on Internet of Things (WF-IoT).

[23]  Sanjay Chawla,et al.  Deep Learning for Anomaly Detection: A Survey , 2019, ArXiv.

[24]  Bohdan Macukow,et al.  Neural Networks - State of Art, Brief History, Basic Models and Architecture , 2016, CISIM.

[25]  Giovanni Chiola,et al.  Slow DoS attacks: definition and categorisation , 2013, Int. J. Trust. Manag. Comput. Commun..

[26]  Michal Szczepanik,et al.  Malware Detection Using Machine Learning Algorithms and Reverse Engineering of Android Java Code , 2019, International Journal of Network Security & Its Applications.

[27]  Brian Cusack,et al.  Detecting Slow DDos Attacks on Mobile Devices , 2016 .

[28]  Shilpa Lakhina,et al.  Feature Reduction using Principal Component Analysis for Effective Anomaly – Based Intrusion Detection on NSL-KDD , 2010 .

[29]  Seiichi Uchida,et al.  A Comparative Evaluation of Unsupervised Anomaly Detection Algorithms for Multivariate Data , 2016, PloS one.

[30]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[31]  Aida Mustapha,et al.  Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods , 2019, IEEE Access.

[32]  Pere Barlet-Ros,et al.  Independent comparison of popular DPI tools for traffic classification , 2015, Comput. Networks.

[33]  Syed Hassan Ahmed,et al.  NBC-MAIDS: Naïve Bayesian classification technique in multi-agent system-enriched IDS for securing IoT against DDoS attacks , 2018, The Journal of Supercomputing.

[34]  Philippe Owezarski,et al.  Online and Scalable Unsupervised Network Anomaly Detection Method , 2017, IEEE Trans. Netw. Serv. Manag..

[35]  Maurizio Mongelli,et al.  An on-line intrusion detection approach to identify low-rate DoS attacks , 2014, 2014 International Carnahan Conference on Security Technology (ICCST).

[36]  Liang Hong,et al.  Detection of Distributed Denial of Service (DDoS) Attacks Using Artificial Intelligence on Cloud , 2018, 2018 IEEE World Congress on Services (SERVICES).

[37]  Parminder Kaur,et al.  Denial-of-service attack detection system , 2017, 2017 1st International Conference on Intelligent Systems and Information Management (ICISIM).

[38]  Jian Yuan,et al.  Monitoring the macroscopic effect of DDoS flooding attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[39]  Naveen K. Chilamkurti,et al.  Distributed attack detection scheme using deep learning approach for Internet of Things , 2017, Future Gener. Comput. Syst..

[40]  Antonio F. Gómez-Skarmeta,et al.  Enhancing IoT security through network softwarization and virtual security appliances , 2018, Int. J. Netw. Manag..

[41]  Zubair A. Baig,et al.  SeArch: A Collaborative and Intelligent NIDS Architecture for SDN-Based Cloud IoT Networks , 2019, IEEE Access.