Mathematical modelling of DDoS attack and detection using correlation

Singh, Khundrakpam Johnson; De, Tanmay

doi:10.1080/23742917.2017.1384213

Cited by 17 publications

(12 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A complete description of the DDOS attack model is presented in [40], which shows that the DDOS attack profile model consists of the following steps ( Figure 3):…”

Section: Methods Of Early Detection Of Cyber-attacksmentioning

confidence: 99%

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

et al. 2019

View full text Add to dashboard Cite

The paper suggests a method of early detection of cyber-attacks by using DDoS attacks as an example) using the method of extreme filtering in a mode close real time. The process of decomposition of the total signal (additive superposition of attacking and legitimate effects) and its decomposition using the method of extreme filtering is simulated. A profile model of a stochastic network is proposed. This allows to specify the influence of the intruder on the network using probabilistic-time characteristics. Experimental evaluation of metrics characterizing the cyber-attack is given. It is demonstrated how obtained values of metrics confirm the process of attack preparation, for instance the large-scaled telecommunication network, which includes the proposed method for early detection of attacks, has a recovery time of no more than 9 s, and the parameters of quality of service remain in an acceptable range.Keywords: DDoS; detection of cyber-attacks; extreme filtering; signal decomposition; stochastic network conversion method IntroductionFor the period from 2019 to 2024, one of the national projects in Russia was the "Digital Economy" project, the main tasks of which were to ensure information security in the transmission, processing, and storage of data [1]. This task was fully valid for modern power supply systems and grids, especially in modern conditions, where smart electronic devices and software-defined networks are embedded in energy power infrastructures [2,3].This fact confirms the relevance of information security and the need for diverse solutions in this area. References [4][5][6][7][8][9][10][11][12][13][14][15] describe the most common types of attacks, especially DDOS attacks. According to the Kaspersky Lab, in 2019 the total number of attacks and the number of smart attacks (i.e., attacks which require more thorough preparation and are directed on the most vulnerable network element) were increased. Moreover, despite a decrease in the average duration of DDOS attacks, the duration of smart attacks increased. The longest attacks that were employed lasted 509 h. The dynamics of the distribution of the total duration of attacks during the year had not changed much: those attacks that lasted no more than 4 hours dominate. At the same time, the cost of DDOS attacks was reduced due to their simple implementation [16]. However, if we take into account the fact that each year the implementation time of the longest attacks significantly increases (329 h in 2018 and 509 in 2019), the ever-increasing influence of these attacks on various organizations becomes obvious. Thus, the negative effect of attacks increases. Therefore, the issue of timely detection of such actions

show abstract

“…A complete description of the DDOS attack model is presented in [40], which shows that the DDOS attack profile model consists of the following steps ( Figure 3):…”

Section: Methods Of Early Detection Of Cyber-attacksmentioning

confidence: 99%

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

et al. 2019

View full text Add to dashboard Cite

show abstract

“…Table.3 shows the Chi-Square (  2 ) values of T_1 is 10.52, T_2 is 10.54, T_3 is 103.09, T_4 is 9.17, T_5 is 9.88, T_6 is 114.55, T_7 is 12.05, T_8 is 112.26, T_9 is 9.22, and T_10 is 12.38. In that, the critical value of Chi-Square is 16.266 with 1% of significance 10 . This critical value is fixed as the threshold value for the detection of attacks.…”

Section: Fig 2 Configutaion Of Experimental Architecturementioning

confidence: 99%

“…Singh and De [16] have calculated the packets Inter-arrival time to detect the presence DDoS attack. Table.3 shows the packet rates and also inter-arrival time of the transferred packets at particular time intervals.…”

Section: Fig 2 Configutaion Of Experimental Architecturementioning

confidence: 99%

See 1 more Smart Citation

Chi-Square and Entropy (CS-E):A Hybrid Method for DDoS Attack Detection and Trace Back

2019

IJRTE

View full text Add to dashboard Cite

Internet becomes unavoidable and it provides us with a wealth of information and allows us to keep in touch with the outside world. However, there can also be risks on the internet that is, for example, even a naive hacker can access information and easily learn to generate a large scale DDoS attack with the help of downloadable user-friendly attacking tools. Nowadays, this has made even small businesses in trouble. One of the extensive DDoS attacks was done on October 2016 which is called “Mirai botnet”. In that, the attackers send 30 million packets per second to attack the financial department, industries, home system, etc. were affected. In the future, the attackers may hit the hardest even as banks, government sectors, and corporate sectors, etc. On DDoS attack time, the attackers are sending a lot of malicious packets to the server/victims. So the attacker’s throughput is increased and legitimate user throughput is decreased on time of the attack. In this paper, a novel approach is proposed to detect the DDoS attacks using Chi-Square method which compares the normal packets and current packets statistics to discriminate whether the particular flow is DDoS or not. Further; it identifies the IP address of attacking source using entropy statistic. The proposed method can be used to control internet crimes. The experimental results show that the proposed method outperforms the existing approaches by detecting the DDoS attack and also by identifying the wrongdoer IP address. In addition, it takes minimum time to perform the above.

show abstract

“…CAIDA 2007 dataset is analyzed in detail in [30]. It is widely used until recently as the reliable dataset for many research work on network security, especially on DDoS modeling, detection and mitigation [6,22,[31][32][33]. The total size of the original dataset is 21 GB.…”

Section: Traffic Datasetmentioning

confidence: 99%

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Tuấn

Hung²,

Nghia

et al. 2020

Electronics

View full text Add to dashboard Cite

Keeping Internet users protected from cyberattacks and other threats is one of the most prominent security challenges for network operators nowadays. Among other critical threats, distributed denial-of-service (DDoS) becomes one of the most widespread attacks in the Internet, which is very challenging to mitigate appropriately as DDoS attacks cause the system to stop working by resource exhaustion. Software-defined networking (SDN) has recently emerged as a new networking technology offering unprecedented programmability that allows network operators to configure and manage their infrastructures dynamically. The flexible processing and centralized management of the SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a novel DDoS attack mitigation in SDN-based Internet Service Provider (ISP) networks for TCP-SYN and ICMP flood attacks utilizing machine learning approach, i.e., K-Nearest-Neighbor (KNN) and XGBoost. By deploying a testbed, we implement the proposed algorithms, evaluate their accuracy, and address the trade-off between the accuracy and mitigation efficiency. Through extensive experiments, the results show that the algorithms can efficiently mitigate the attack by over 98.0% while benign traffic is not affected.

show abstract

Mathematical modelling of DDoS attack and detection using correlation

Cited by 17 publications

References 17 publications

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering

Chi-Square and Entropy (CS-E):A Hybrid Method for DDoS Attack Detection and Trace Back

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Contact Info

Product

Resources

About