Security Integration in DDoS Attack Mitigation Using Access Control Lists

In this article, the authors propose a DDoS mitigation system through access list-based configurations, which are deployed at the ISP (Internet Service Provider's) edge routers to prohibit DDoS attacks over ISPs' networks traffic. The effectiveness of the proposed system relies heavily on the willingness of ISPs in implementing the system. Once each ISP implements the system, most attacks can easily be stopped close to their point of origin. The main challenge is to implement such a system with the fixed amount of memory and available processing power with routers. A coordinated effort by participating ISPs filters out attacks close to their source, reducing the load on other routers. The suspicious traffic is first filtered out based on their source IP address. The authors also implemented the WRED algorithm for their case and conduct GNS3 experiments in a simulated environment.

Download Full-text

An Adaptive Protection of Flooding Attacks Model for Complex Network Environments

Security and Communication Networks ◽

10.1155/2021/5542919 ◽

2021 ◽

Vol 2021 ◽

pp. 1-17

Author(s):

Bashar Ahmad Khalaf ◽

Salama A. Mostafa ◽

Aida Mustapha ◽

Mazin Abed Mohammed ◽

Moamin A. Mahmoud ◽

...

Keyword(s):

Denial Of Service ◽

Attack Behavior ◽

Ddos Attacks ◽

Ip Address ◽

Agent Based ◽

Ddos Attack ◽

Adaptive Protection ◽

Adaptive Agent ◽

Processing Power ◽

Flooding Attacks

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios’ changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model.

Download Full-text

A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

Applied Sciences ◽

10.3390/app9214633 ◽

2019 ◽

Vol 9 (21) ◽

pp. 4633 ◽

Cited By ~ 3

Author(s):

Jian Zhang ◽

Qidi Liang ◽

Rui Jiang ◽

Xi Li

Keyword(s):

Success Rate ◽

Denial Of Service ◽

Detection Algorithm ◽

Feature Analysis ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Detection Capability ◽

Ddos Attack ◽

Attack Mitigation ◽

Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

Download Full-text

USING GRAPHIC NETWORK SIMULATOR 3 FOR DDOS ATTACKS SIMULATION

International Journal of Computing ◽

10.47839/ijc.16.4.910 ◽

2017 ◽

pp. 219-225

Author(s):

Anatoliy Balyk ◽

Mikolaj Karpinski ◽

Artur Naglik ◽

Gulmira Shangytbayeva ◽

Ihor Romanets

Keyword(s):

Denial Of Service ◽

Discrete Event ◽

Network Simulator ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Easy Task ◽

Detection Techniques ◽

Ddos Attack ◽

Network Simulators ◽

Attack Mitigation

Distributed Denial of Service (DDoS) attacks are still one of the major cybersecurity threats and the focus of much research on developing DDoS attack mitigation and detection techniques. Being able to model DDoS attacks can help researchers develop effective countermeasures. Modeling DDoS attacks, however, is not an easy task because modern DDoS attacks are huge and simulating them would be impossible in most cases. That’s why researchers use tools like network simulators for modeling DDoS attacks. Simulation is a widely used technique in networking research, but it has suffered a loss of credibility in recent years because of doubts about its reliability. In our previous works we used discrete event simulators to simulate DDoS attacks, but our results were often different from real results. In this paper, we apply our approach and use Graphical Network Simulator-3(GNS3) to simulate an HTTP server’s performance in a typical enterprise network under DDoS attack. Also, we provide references to related work.

Download Full-text

A DDoS attack detection system based on spark framework

Computer Science and Information Systems ◽

10.2298/csis161217028h ◽

2017 ◽

Vol 14 (3) ◽

pp. 769-788 ◽

Cited By ~ 2

Author(s):

Dezhi Han ◽

Kun Bi ◽

Han Liu ◽

Jianxin Jia

Keyword(s):

Big Data ◽

Detection System ◽

Attack Detection ◽

Ddos Attacks ◽

Ip Address ◽

Ddos Attack ◽

Data Environment ◽

Dynamic Sampling ◽

Ddos Attack Detection ◽

Spark Framework

There are many problems in traditional Distributed Denial of Service (DDoS) attack detection such as low accuracy, low detection speed and so on, which is not suitable for the real time detecting and processing of DDoS attacks in big data environment. This paper proposed a novel DDoS attack detection system based on Spark framework including 3 main algorithms. Based on information entropy, the first one can effectively warn all kinds of DDoS attacks in advance according to the information entropy change of data stream source IP address and destination IP address; With the help of designed dynamic sampling K-Means algorithm, this new detection system improves the attack detection accuracy effectively; Through running dynamic sampling K-Means parallelization algorithm, which can quickly and effectively detect a variety of DDoS attacks in big data environment. The experiment results show that this system can not only early warn DDoS attacks effectively, but also can detect all kinds of DDoS attacks in real time, with low false rate.

Download Full-text

Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

Journal of Control Science and Engineering ◽

10.1155/2013/821315 ◽

2013 ◽

Vol 2013 ◽

pp. 1-6 ◽

Cited By ~ 9

Author(s):

Tongguang Ni ◽

Xiaoqing Gu ◽

Hongyuan Wang ◽

Yu Li

Keyword(s):

Time Series ◽

Denial Of Service ◽

Support Vector ◽

Svm Classifier ◽

Ddos Attacks ◽

Application Layer ◽

Ip Address ◽

Detection Systems ◽

Ddos Attack ◽

Novel Approach

Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

Download Full-text

A review on mitigation of the DDoS Attack in cloud in regulated environment

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i2.8.10492 ◽

2018 ◽

Vol 7 (2.8) ◽

pp. 497

Author(s):

Syed Asia Ayaz Andrabi ◽

Sachi Pandey ◽

Akthar Nazir

Keyword(s):

Denial Of Service ◽

Cloud Services ◽

Distributed Denial Of Service ◽

Cloud Environment ◽

Ddos Attacks ◽

The Real ◽

Ddos Attack ◽

Attack Mitigation ◽

Mitigation Technique

Distributed Denial of Service (DDoS) attacks are aimed at exhausting various resources of victim hosts, thereby preventing legitimate usage of their computational capabilities. In this paper, a proper and systematic mitigation technique presented to mitigate the DDoS attack in cloud environment. A robust mechanism is presented which consists of software based puzzle generation method to validate the real customer of cloud services provider from non-reals’ ones to provide better DDoS attack mitigation solution.

Download Full-text

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Electronics ◽

10.3390/electronics9030413 ◽

2020 ◽

Vol 9 (3) ◽

pp. 413 ◽

Cited By ~ 5

Author(s):

Nguyen Ngoc Tuan ◽

Pham Huy Hung ◽

Nguyen Danh Nghia ◽

Nguyen Van Tho ◽

Trung Van Phan ◽

...

Keyword(s):

Machine Learning ◽

Nearest Neighbor ◽

Denial Of Service ◽

K Nearest Neighbor ◽

Internet Service ◽

Ddos Attack ◽

Internet Users ◽

Resource Exhaustion ◽

Attack Mitigation ◽

Networking Technology

Keeping Internet users protected from cyberattacks and other threats is one of the most prominent security challenges for network operators nowadays. Among other critical threats, distributed denial-of-service (DDoS) becomes one of the most widespread attacks in the Internet, which is very challenging to mitigate appropriately as DDoS attacks cause the system to stop working by resource exhaustion. Software-defined networking (SDN) has recently emerged as a new networking technology offering unprecedented programmability that allows network operators to configure and manage their infrastructures dynamically. The flexible processing and centralized management of the SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a novel DDoS attack mitigation in SDN-based Internet Service Provider (ISP) networks for TCP-SYN and ICMP flood attacks utilizing machine learning approach, i.e., K-Nearest-Neighbor (KNN) and XGBoost. By deploying a testbed, we implement the proposed algorithms, evaluate their accuracy, and address the trade-off between the accuracy and mitigation efficiency. Through extensive experiments, the results show that the algorithms can efficiently mitigate the attack by over 98.0% while benign traffic is not affected.

Download Full-text

Chi-Square and Entropy (CS-E):A Hybrid Method for DDoS Attack Detection and Trace Back

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.d1100.1284s219 ◽

2019 ◽

Vol 8 (4S2) ◽

pp. 234-541

Keyword(s):

Small Businesses ◽

Large Scale ◽

Attack Detection ◽

Ddos Attacks ◽

Chi Square ◽

Ip Address ◽

Ddos Attack ◽

Legitimate User ◽

Novel Approach ◽

Trace Back

Internet becomes unavoidable and it provides us with a wealth of information and allows us to keep in touch with the outside world. However, there can also be risks on the internet that is, for example, even a naive hacker can access information and easily learn to generate a large scale DDoS attack with the help of downloadable user-friendly attacking tools. Nowadays, this has made even small businesses in trouble. One of the extensive DDoS attacks was done on October 2016 which is called “Mirai botnet”. In that, the attackers send 30 million packets per second to attack the financial department, industries, home system, etc. were affected. In the future, the attackers may hit the hardest even as banks, government sectors, and corporate sectors, etc. On DDoS attack time, the attackers are sending a lot of malicious packets to the server/victims. So the attacker’s throughput is increased and legitimate user throughput is decreased on time of the attack. In this paper, a novel approach is proposed to detect the DDoS attacks using Chi-Square method which compares the normal packets and current packets statistics to discriminate whether the particular flow is DDoS or not. Further; it identifies the IP address of attacking source using entropy statistic. The proposed method can be used to control internet crimes. The experimental results show that the proposed method outperforms the existing approaches by detecting the DDoS attack and also by identifying the wrongdoer IP address. In addition, it takes minimum time to perform the above.

Download Full-text

Implementasi Iptables Firewall dan Intrusion Detection System Untuk Mencegah Serangan DDoS Pada Linux Server

MEANS (Media Informasi Analisa dan Sistem) ◽

10.54367/means.v6i1.1231 ◽

2021 ◽

pp. 19-23

Author(s):

Theodorus Kristian Widianto ◽

Wiwin Sulistyo

Keyword(s):

Intrusion Detection ◽

Computer Networks ◽

Intrusion Detection System ◽

Detection System ◽

Ddos Attacks ◽

Server Side ◽

Ddos Attack ◽

Internet Users ◽

Data Theft ◽

Server Computer

Security on computer networks is currently a matter that must be considered especially for internet users because many risks must be borne if this is negligent of attention. Data theft, system destruction, and so on are threats to users, especially on the server-side. DDoS is a method of attack that is quite popular and is often used to bring down servers. This method runs by consuming resources on the server computer so that it can no longer serve requests from the user side. With this problem, security is needed to prevent the DDoS attack, one of which is using iptables that has been provided by Linux. Implementing iptables can prevent or stop external DDoS attacks aimed at the server.

Download Full-text