DDoS Detection and Alerting

نویسندگان

  • Daniel Romão
  • Niels van Dijkhuizen
چکیده

Distributed Denial of Service attacks are becoming very popular nowadays. The easy access to services and resources that can be used for this purpose, and the high resulting amount of damage, are the main reasons for this. Current detection and mitigation systems are not accurate enough and can be very expensive. Previous research has led to detection methods that even though can be accurate for certain kinds of anomalies, no effective real solution or system has been proposed or made. By analyzing NetFlow data from the core routers of the ISP where this research was done, we defined categories for different kinds of traffic, which are treated in a different way. We created a model for volumetric Distributed Denial of Service attacks detection and we created a statistical method to find optimal thresholds for detection of such anomalies. We individually analyze protocol-port combinations that are either popular or have potential to be used for this kind of attacks, which are handled individually for a more accurate detection. By subtracting the individually analyzed traffic, we also analyze the remaining traffic for new attacks detection. For traffic where a repetitive behavior over time is observed, we created baselines from past traffic data, which will adapt over time to mimic the traffic trends. Our method revealed to be particularly effective for repetitive traffic with noise, where the statistically calculated values where a good match, avoiding normal traffic noise while detecting traffic peaks related to anomalies. We developed a prototype in a form of a NfSen plugin, where the results of our analysis were applied.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management

Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the pro...

متن کامل

An Inline Detection and Prevention Framework for Distributed Denial of Service Attacks

By penetrating into a large number of machines and stealthily installing malicious pieces of code, a distributed denial of service (DDoS) attack constructs a hierarchical network and uses it to launch coordinated assaults. DDoS attacks often exhaust the network bandwidth, processing capacity and information resources of victims, thus, leading to unavailability of computing systems services. Var...

متن کامل

Neural Network Based Protection of Software Defined Network Controller against Distributed Denial of Service Attacks

Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main contro...

متن کامل

Review on Ddos Attacks and Various Detection Mechanisms

DDoS attack is a coordinated attack on massive scale and it is a major threat in current computer networks. It is not easy to detect the attack , The seriousness of the DDoS problem and the increased frequency of DDoS attacks have led to the advent of numerous DDoS defense mechanisms. Detection mechanism is the first step to avoid the DDoS attack. Some of these mechanisms address a specific kin...

متن کامل

HF-Blocker: Detection of Distributed Denial of Service Attacks Based On Botnets

Abstract—Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several attacks, distributed denial of service attacks (DDoS) on networks is a sample of such attacks. Such attacks with the occupation of system resources, have proven to be an effective method of denying network services. Botnets that launch HTTP packet flood attacks agains...

متن کامل

Detecting DDoS Attacks Using Dispersible Traffic Matrix and Weighted Moving Average

Distributed Denial of Service (DDoS) attacks have become significant threats on Internet according to the development of network infrastructure and recent communication technology. There are various types of DDoS attacks with different characteristics. These differences have made very difficult to detect such attacks. Furthermore, the sophisticated the evolution of DDoS attacks techniques and t...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2014