LDDoS Attack Detection by Using Ant Colony Optimization Algorithms

Internet service providers and equipment vendors are subject to cyber threats. One of the most prevalent security threats is a distributed denial of service (DDoS) attack. In a DDoS attack, the attack traffic and attacker’s IP address are respectively difficult to detect and trace. This is because attack traffic is similar to regular traffic and the attack is executed by multiple attackers. This study focused on solving the low-rate distributed denial of service (LDDoS) problem; this problem is more difficult to detect and trace compared with a DDoS attack. Therefore, this study proposes a novel distributed detection and identification ant colony system (DDIACS) framework, which is an ant-colony-optimization-based metaheuristic technique, for solving the LDDoS problem. The DDIACS framework comprises three stages, which entail an information heuristic rule, a multiagent algorithm, and a backward and forward search method. Moreover, the DDIACS framework is compliant with the emerging software defined network (SDN) because in this framework, a controller plane and data plane are used to monitor and manage the network topology. The proposed framework demonstrates SDN advantages such as enabling networks to exhibit flexibility, fast convergence, and robustness in overcoming complicated multi-attacker problems. In addition, this study investigated the time and space complexity of the DDIACS framework and compared this framework with the swarm optimization algorithm and probabilistic packet marking. This study designed the network topology by using the data set from the DARPA and KDD repository. The simulation results show that the proposed framework resolves the problems in using other algorithms and that the DDIACS framework demonstrates higher performance than existing methods do; furthermore, the adaptive metaheuristic algorithm outperforms other methods in thwarting an LDDoS attack. The detection rate is more than 89% and the accuracy is greater than 83%.

[1]  C. Venkatesh,et al.  Ant System Algorithm Based Ip Traceback Method to Detect Denial of Service Attack on Data Network , 2013 .

[2]  Cynthia A. Phillips,et al.  Computer-attack graph generation tool , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[3]  Ping Wang,et al.  An analysis model of botnet tracking based on ant colony optimization algorithm , 2010, The 6th International Conference on Networked Computing and Advanced Information Management.

[4]  Wu Zhijun,et al.  Research on Time Synchronization and Flow Aggregation in LDDoS Attack Based on Cross-correlation , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[5]  Mohammad Bagher Ghaznavi-Ghoushchi,et al.  Ant Colony Traceback for Low Rate DOS Attack , 2012 .

[6]  László Gulyás,et al.  SDN based testbeds for evaluating and promoting multipath TCP , 2014, 2014 IEEE International Conference on Communications (ICC).

[7]  Marco Dorigo,et al.  Ant system: optimization by a colony of cooperating agents , 1996, IEEE Trans. Syst. Man Cybern. Part B.

[8]  Pravin Shinde,et al.  Early DoS Attack Detection using Smoothened Time-Series andWavelet Analysis , 2007, Third International Symposium on Information Assurance and Security.

[9]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[10]  M. Effros PPM performance with BWT complexity: a fast and effective data compression algorithm , 2000, Proceedings of the IEEE.

[11]  M. Dorigo,et al.  Ant System: An Autocatalytic Optimizing Process , 1991 .

[12]  Chia-Mei Chen,et al.  Ant-based IP traceback , 2008, Expert Syst. Appl..

[13]  Luca Maria Gambardella,et al.  Ant colony system: a cooperative learning approach to the traveling salesman problem , 1997, IEEE Trans. Evol. Comput..

[14]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[15]  Hassan Aljifri,et al.  IP Traceback: A New Denial-of-Service Deterrent? , 2003, IEEE Secur. Priv..

[16]  P. A. P. Moran,et al.  An introduction to probability theory , 1968 .

[17]  Dimple Juneja,et al.  An Ant Based Framework for Preventing DDoS Attack in Wireless Sensor Networks , 2010, ArXiv.

[18]  M.T. Goodrich,et al.  Probabilistic Packet Marking for Large-Scale IP Traceback , 2008, IEEE/ACM Transactions on Networking.

[19]  Feller William,et al.  An Introduction To Probability Theory And Its Applications , 1950 .

[20]  M. Hofri,et al.  The coupon-collector problem revisited — a survey of engineering problems and computational methods , 1997 .

[21]  Minas Gjoka,et al.  A Network Coding Approach to IP Traceback , 2010, 2010 IEEE International Symposium on Network Coding (NetCod).

[22]  Nick McKeown,et al.  Where is the debugger for my software-defined network? , 2012, HotSDN '12.

[23]  M. Dorigo,et al.  1 Positive Feedback as a Search Strategy , 1991 .

[24]  Ming-Chien Yang,et al.  RIHT: A Novel Hybrid IP Traceback Scheme , 2012, IEEE Transactions on Information Forensics and Security.

[25]  Vinod Yegneswaran,et al.  A framework for malicious workload generation , 2004, IMC '04.

[26]  Nirwan Ansari,et al.  Is it congestion or a DDoS attack? , 2009, IEEE Communications Letters.