DDoS attack detection algorithm based on the correlation of IP address analysis

Wang, Zhongmin; Wang, Xinsheng

doi:10.1109/iceceng.2011.6057035

Cited by 9 publications

(5 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The correlation value of cluster B remains stable, whereas the values of the correlation of cluster A decline. Since attacking clients have a declining value of correlation [18] and normal clients have an almost stable value of correlation [18], we conclude that cluster A consists of attacking clients and cluster B consists of legitimate clients. We further analysed the inter-arrival time of cluster A by using the normal probability plot as shown in Figure 4.…”

Section: Attack Detection Methodsmentioning

confidence: 80%

Mathematical modelling of DDoS attack and detection using correlation

Singh

2017

Journal of Cyber Security Technology

View full text Add to dashboard Cite

Distributed denial of service attack (DDoS) is one of the top-rated cyber threats currently. It runs down the victim server resources such as bandwidth and buffer size by obstructing the server to provide resources to legitimate clients. In this article, we propose a mathematical model of DDoS attack; we discuss its relation to the features such as inter-arrival time or rate of arrival of the attacking clients accessing the server. We further analyse the attack model in context to exhausting bandwidth and buffer size of the victim server. The proposed method uses an unsupervised learning method, self-organising map, to form the clusters of identical features. Lastly, the article applies mathematical correlation and the normal probability distribution on the clusters and analyses their behaviours to detect a DDoS attack. The article uses the CAIDA 2007 data set for analysing and confirmation of the proposed model.

show abstract

Section: Attack Detection Methodsmentioning

confidence: 80%

Mathematical modelling of DDoS attack and detection using correlation

Singh

2017

Journal of Cyber Security Technology

View full text Add to dashboard Cite

show abstract

“…The approach based on the correlation of the attacker's and the target server's IP addresses is very simple, as it only compares non-uniformity in the IP addresses. This makes the approach record excellent accuracy for attack detection, as noted in the research studies in [55][56][57][58]. This is not the case with modern attack strategies, where the same IP address can be used to launch attacks.…”

Section: Key Findings and Discussionmentioning

confidence: 99%

“…However, because it must constantly communicate with the source side, there is a significant increase in traffic. In Wang and Wang [56], network traffic distribution was analysed, and IP address correlation-based non-uniformity was found. The amount of IP data packets throughout a period was determined in this study, and the amount of data packets in a sliding window was approximated.…”

Section: Correlation Of Ip Addressmentioning

confidence: 99%

DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and Challenges

Adedeji

Abu‐Mahfouz

Kurien

2023

JSAN

View full text Add to dashboard Cite

In recent times, distributed denial of service (DDoS) has been one of the most prevalent security threats in internet-enabled networks, with many internet of things (IoT) devices having been exploited to carry out attacks. Due to their inherent security flaws, the attacks seek to deplete the resources of the target network by flooding it with numerous spoofed requests from a distributed system. Research studies have demonstrated that a DDoS attack has a considerable impact on the target network resources and can result in an extended operational outage if not detected. The detection of DDoS attacks has been approached using a variety of methods. In this paper, a comprehensive survey of the methods used for DDoS attack detection on selected internet-enabled networks is presented. This survey aimed to provide a concise introductory reference for early researchers in the development and application of attack detection methodologies in IoT-based applications. Unlike other studies, a wide variety of methods, ranging from the traditional methods to machine and deep learning methods, were covered. These methods were classified based on their nature of operation, investigated as to their strengths and weaknesses, and then examined via several research studies which made use of each approach. In addition, attack scenarios and detection studies in emerging networks such as the internet of drones, routing protocol based IoT, and named data networking were also covered. Furthermore, technical challenges in each research study were identified. Finally, some remarks for enhancing the research studies were provided, and potential directions for future research were highlighted.

show abstract

“…LR-DDoS attack is widely used in a large size DDoS attack, which joins several low rate attacks, such as a Botnet to initiate a low rate DDoS attack. LR-DDoS attack produces network traffic similar to the normal network traffic, and, therefore, it is difficult to be detected and mitigated [2, 10, 15]. …”

Section: Introductionmentioning

confidence: 99%

“…A high rate distributed denial of service (HR-DDoS) attack is a synonym for the traditional DDoS attacks when attackers exceed and violate the adopted threshold value [15, 16]. …”

Section: Introductionmentioning

confidence: 99%

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

Manaf

2015

The Scientific World Journal

View full text Add to dashboard Cite

The growth of web technology has brought convenience to our life, since it has become the most important communication channel. However, now this merit is threatened by complicated network-based attacks, such as denial of service (DoS) and distributed denial of service (DDoS) attacks. Despite many researchers' efforts, no optimal solution that addresses all sorts of HTTP DoS/DDoS attacks is on offer. Therefore, this research aims to fix this gap by designing an alternative solution called a flexible, collaborative, multilayer, DDoS prevention framework (FCMDPF). The innovative design of the FCMDPF framework handles all aspects of HTTP-based DoS/DDoS attacks through the following three subsequent framework's schemes (layers). Firstly, an outer blocking (OB) scheme blocks attacking IP source if it is listed on the black list table. Secondly, the service traceback oriented architecture (STBOA) scheme is to validate whether the incoming request is launched by a human or by an automated tool. Then, it traces back the true attacking IP source. Thirdly, the flexible advanced entropy based (FAEB) scheme is to eliminate high rate DDoS (HR-DDoS) and flash crowd (FC) attacks. Compared to the previous researches, our framework's design provides an efficient protection for web applications against all sorts of DoS/DDoS attacks.

show abstract

DDoS attack detection algorithm based on the correlation of IP address analysis

Cited by 9 publications

References 1 publication

Mathematical modelling of DDoS attack and detection using correlation

Mathematical modelling of DDoS attack and detection using correlation

DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and Challenges

A Novel Protective Framework for Defeating HTTP‐Based Denial of Service and Distributed Denial of Service Attacks

Contact Info

Product

Resources

About