BRAIN: BehavioR Based Adaptive Intrusion Detection in Networks: Using Hardware Performance Counters to Detect DDoS Attacks

Denial-of-Service (DoS) and Distributed Denial-of Service (DDoS) attacks account for one third of all service downtime incidents. Current DoS/DDoS attacks are not only limited to knocking down online services, but they also disguise other malicious attacks such as delivering malware, data-theft, wire fraud and even extortion. Detection of these attacks is predominantly based on the packet data and metrics derived only from packets. This work proposes a host based DDoS detection framework called BRAIN: BehavioR based Adaptive Intrusion detection in Networks. BRAIN leverages already available Hardware Performance Counters in modern processors to model the application behavior using low-level hardware events. BRAIN combines network statistics and modeled application behavior to detect DDoS attacks using machine learning. Our experiments show that BRAIN can detect multiple types of DDoS attacks, including those are undetectable by existing tools with an accuracy of 99.8% and a false alarm rate of 0%.

[1]  Vitaly Klyuev,et al.  An Intelligent DDoS Attack Detection System Using Packet Analysis and Support Vector Machine , 2014 .

[2]  Ramesh Karri,et al.  NumChecker: Detecting kernel control-flow modifying rootkits by using Hardware Performance Counters , 2013, 2013 50th ACM/EDAC/IEEE Design Automation Conference (DAC).

[3]  Ramesh Karri,et al.  Deep Packet Field Extraction Engine (DPFEE): A pre-processor for network intrusion detection and denial-of-service detection systems , 2015, 2015 33rd IEEE International Conference on Computer Design (ICCD).

[4]  S. Mercy Shalinie,et al.  Real time detection and classification of DDoS attacks using enhanced SVM with string kernels , 2011, 2011 International Conference on Recent Trends in Information Technology (ICRTIT).

[5]  S. Mercy Shalinie,et al.  An impact analysis: Real time DDoS attack detection and mitigation using machine learning , 2014, 2014 International Conference on Recent Trends in Information Technology.