DDoS Attack Detection and Elimination

Ragu Raman R, Loyola-ICAM Chennai, India; Vinoth Ram S S ,Loyola-ICAM Chennai, India; Ms. Anitha E ,Loyola-ICAM Chennai, India

Distributed Denial-of-Service, DDoS, Inference Algorithm, Botnet, Botmaster

Distributed Denial-of-Service (DDoS) attacks are usually launched through the botnet, an “army” of compromised nodes hidden in the network. Inferential tools for DDoS mitigation should accordingly enable an early and reliable discrimination of the normal users from the compromised ones. Unfortunately, the recent emergence of attacks performed at the application layer has multiplied the number of possibilities that a botnet can exploit to conceal its malicious activities. New challenges arise, which cannot be addressed by simply borrowing the tools that have been successfully applied so far to earlier DDoS paradigms. In this work, we offer basically three contributions: i) we introduce an abstract model for the aforementioned class of attacks, where the botnet emulates normal traffic by continually learning admissible patterns from the environment; ii) we devise an inference algorithm that is shown to provide a consistent (i.e., converging to the true solution as time elapses) estimate of the botnet possibly hidden in the network; and iii) we verify the validity of the proposed inferential strategy on a testbed environment. Our tests show that, for several scenarios of implementation, the proposed botnet identification algorithm needs an observation time in the order of (or even less than) one minute to i dentify correctly almost all bots, without affecting the normal users’ activity.
    [1] W. Stallings, Cryptography and Network Security: Principles and Prac-tice, 6th ed., Pearson, 2013. [2] N. Hoque, D. Bhattacharyya, and J. Kalita, “Botnet in DDoS attacks:trends and challenges,” IEEE Commun. Surveys Tuts., vol. 17, no. 4, pp. 2242–2270, fourth quarter 2015. [3] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to DDoS attack detection and response,” in Proc. DARPA Information Survivability Conference and Exposition, Washington, DC, USA, Apr. 2003, pp. 303–314. [4] J. Yuan and K. Mills, “Monitoring the macroscopic effect of DDoS flooding attacks,” IEEE Trans. Depend. Secure Comput., vol. 2, no. 4, pp. 324–335, Oct. 2005. [5] L. Li, J. Zhou, and N. Xiao, “DDoS attack detection algorithms based on entropy computing,” in Proc. ICICS 2007, Zhengzhou, China, Dec. 2007, pp. 452–466. [6] Y. Xiang, K. Li, and W. Zhou, “Low-rate DDoS attacks detection and traceback by using new information metrics,” IEEE Trans. Inf. Forensics and Security, vol. 6, no. 2, pp. 426–437, Jun. 2011. [7] J. Luo, X. Yang, J. Wang, J. Xu, J. Sun, and K. Long, “On a mathematical model for low-rate shrew DDoS,” IEEE Trans. Inf. Forensics and Security, vol. 9, no. 7, pp. 1069–1083, Jul. 2014. [8] “Layer 7 DDoS.” http://blog.sucuri.net/2014/02/layer-7-ddos-blockinghttp- flood-attacks.html. [9] “Taxonomy of DDoS attacks.” http://www.riorey.com/types-of-ddosattacks/# attack-15. [10] “Global DDoS threat landscape.” https://www.incapsula.com/blog/ddosglobal-threat-landscape-report-q2-2015.html. [11] S. Ferretti and V. Ghini, “Mitigation of random query string DoS via gossip,” Commun. in Comput. and Inf. Sci., vol. 285, pp. 124–134, 2012. [12] S. Marano, V. Matta, and L. Tong, “Distributed detection in the presence of Byzantine attacks,” IEEE Trans. Signal Process., vol. 57, no. 1, pp. 16–29, Jan. 2009. [13] S. Marano, V. Matta, and P. Willett, “Distributed detection with censoring sensors under physical layer secrecy,” IEEE Trans. Signal Process., vol. 57, no. 5, pp. 1976–1986, May 2009. [14] M. Barni and B. Tondi, “The source identification game: an information theoretic perspective,” IEEE Trans. Inf. Forensics and Security, vol. 8, no. 3, pp. 450–463, Mar. 2013. [15] B. Kailkhura, S. Brahma, B. Dulek, Y. S Han, and P. Varshney, “Distributed detection in tree networks: Byzantines and mitigation techniques,” IEEE Trans. Inf. Forensics and Security, vol. 10, no. 7, pp. 1499–1512, Jul. 2015 [16] Yan Ou,and.Chanan Singh, (2002), “Assessment of Available Transfer Capability and Margins”, IEEE transaction on Power systems, Vol.,17, No., 2. pp.463-68 [17] Zimmerman R, MATPOWER, A MATLAB Power system simulation package (version 3.0) Cornell University, New York. [18] University of Washington Electrical Engineering, Power Systems Test Case Archive, 1993, Available from: http://www.ee.washington.edu/research/pstca
Paper ID: GRDCF006008
Published in: Conference : National Conference on Advancement in Emerging Technologies (NCAET - 2018)
Page(s): 35 - 41