A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation
作者: Yuxuan Gao , Yaokai Feng , Junpei Kawamoto , Kouichi Sakurai
关键词:
摘要: DRDoS (Distributed Reflection Denial of Service) attack is a kind DoS (Denial attack, in which third-party servers are tricked into sending large amounts data to the victims. That is, attackers use source address IP spoofing hide their identity and cause third-parties send victims as identified by field packet. This called reflection because benign services "reflecting" traffic The most typical existing detection methods such attacks designed based on known protocol difficult detect unknown ones. According our investigations, one protocol-independent method has been existing, assumption that strong linear relationship exists among abnormal flows from reflector victim. Moreover, assumed all packets reflectors when attacked, clearly not reasonable. In this study, we found five features effective for detecting attacks, proposed using these machine learning algorithms. Its performance experimentally examined experimental result indicates proposal better performance.
elsevier.com
ieeecomputersociety.org参考文章(14)
Timm Böttger, Lothar Braun, Oliver Gasser, Felix von Eye, Helmut Reiser, Georg Carle, DoS Amplification Attacks – Protocol-Agnostic Detection of Service Abuse in Amplifier Networks traffic monitoring and analysis. pp. 205- 218 ,(2015) , 10.1007/978-3-319-17172-2_14
Matthew Orlinski, Matthias Wählisch, Christian Rossow, Thomas C. Schmidt, Fabrice J. Ryba, Amplification and DRDoS Attack Defense - A Survey and New Perspectives. arXiv: Networking and Internet Architecture. ,(2015)
Christian Rossow, Amplification Hell: Revisiting Network Protocols for DDoS Abuse network and distributed system security symposium. ,(2014) , 10.14722/NDSS.2014.23233
Hiroshi Tsunoda, Kohei Ohta, Atsunori Yamamoto, Nirwan Ansari, Yuji Waizumi, Yoshiaki Nemoto, Detecting DRDoS attacks by a simple response packet confirmation mechanism Computer Communications. ,vol. 31, pp. 3299- 3306 ,(2008) , 10.1016/J.COMCOM.2008.05.033
Yossi Gilad, Amir Herzberg, LOT: A Defense Against IP Spoofing and Flooding Attacks ACM Transactions on Information and System Security. ,vol. 15, pp. 6- ,(2012) , 10.1145/2240276.2240277
Wei Wei, Feng Chen, Yingjie Xia, Guang Jin, A Rank Correlation Based Detection against Distributed Reflection DoS Attacks IEEE Communications Letters. ,vol. 17, pp. 173- 175 ,(2013) , 10.1109/LCOMM.2012.121912.122257
R.K.C. Chang, Defending against flooding-based distributed denial-of-service attacks: a tutorial IEEE Communications Magazine. ,vol. 40, pp. 42- 51 ,(2002) , 10.1109/MCOM.2002.1039856
Noureldien A. Noureldien, Mashair O. Hussein, Block Spoofed Packets at Source (BSPS): A method for detecting and preventing all types of spoofed source IP packets and SYN flooding packets at source: A theoretical framework international conference on applications of digital information and web technologies. pp. 579- 583 ,(2009) , 10.1109/ICADIWT.2009.5273927
Changhua Sun, Bin Liu, Lei Shi, Efficient and Low-Cost Hardware Defense Against DNS Amplification Attacks global communications conference. pp. 1- 5 ,(2008) , 10.1109/GLOCOM.2008.ECP.397
L. Kavisankar, C. Chellappan, A mitigation model for TCP SYN flooding with IP spoofing international conference on recent trends in information technology. pp. 251- 256 ,(2011) , 10.1109/ICRTIT.2011.5972435