论文信息 - Detecting TCP-Based DDoS Attacks in Baidu Cloud Computing Data Centers

Detecting TCP-Based DDoS Attacks in Baidu Cloud Computing Data Centers

Cloud computing data centers have become one of the most important infrastructures in the big-data era. When considering the security of data centers, distributed denial of service (DDoS) attacks are one of the most serious problems. Here we consider DDoS attacks leveraging TCP traffic, which are increasingly rampant but are difficult to detect. To detect DDoS attacks, we identify two attack modes: fixed source IP attacks (FSIA) and random source IP attacks (RSIA), based on the source IP address used by attackers. We also propose a real-time TCP-based DDoS detection approach, which extracts effective features of TCP traffic and distinguishes malicious traffic from normal traffic by two decision tree classifiers. We evaluate the proposed approach using a simulated dataset and real datasets, including the ISCX IDS dataset, the CAIDA DDoS Attack 2007 dataset, and a Baidu Cloud Computing Platform dataset. Experimental results show that the proposed approach can achieve attack detection rate higher than 99% with a false alarm rate less than 1%. This approach will be deployed to the victim-end DDoS defense system in Baidu cloud computing data center.

[1] Kevin J. Houle,et al. Trends in Denial of Service Attack Technology , 2001 .

[2] Kotagiri Ramamohanarao,et al. Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[3] Ali A. Ghorbani,et al. Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[4] Dong Seong Kim,et al. Detection of DDoS attacks using optimized traffic matrix , 2012, Comput. Math. Appl..

[5] Dhruba Kumar Bhattacharyya,et al. A DDoS attack detection mechanism based on protocol specific traffic features , 2012, CCSEIT '12.

[6] Wanlei Zhou,et al. Distributed Denial of Service (DDoS) detection by traffic pattern analysis , 2014, Peer-to-Peer Netw. Appl..

[7] Zhiyang Li,et al. Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[8] A. Kalwar,et al. Low-Rate and High-Rate Distributed DoS Attack Detection Using Partial Rank Correlation , 2015, 2015 Fifth International Conference on Communication Systems and Network Technologies.

[9] Sunny Behal,et al. Detection of DDoS attacks and flash events using novel information theory metrics , 2017, Comput. Networks.