F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management

Authors

  • Mahsa Nooribakhsh Department of Computer, Buinzahra branch, Islamic Azad University, Buinzahra, Iran
Abstract:

Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the proposed method attempts to detect it, is the most common type of DDoS attacks. The aim of this paper is to reduce the delay of real-time detection of DDoS attacks utilizing hybrid structures based on data stream algorithms. The proposed data structure (BHM ) improves the data storing mechanism presented in STONE method and consequently reduces the detection time. STONE characterizes regular network traffic of a service by aggregating it into common prefixes of IP addresses, and detecting attacks when the aggregated traffic deviates from the regular one. In BHM, history refers to the output traffic information obtained from each monitoring period to form a reference profile. The reference profile is created by employing historical information and only includes normal traffic information. The delay of DDoS attack detection increases in STONE due to long-time intervals between each monitoring period. The proposed method (F-STONE) has been compared to STONE based on attack detection time, Expected Profile Update Time (EPUT), and rate of attack detection. The evaluation results indicated significant improvements in terms of the EPUT, acceleration of attack detection and reduction of false positive rate.

Upgrade to premium to download articles

Sign up to access the full text

Already have an account?login

similar resources

Real time DDoS detection using fuzzy estimators

We propose a method for DDoS detection by constructing a fuzzy estimator on the mean packet inter arrival times. We divided the problem into two challenges, the first being the actual detection of the DDoS event taking place and the second being the identification of the offending IP addresses. We have imposed strict real time constraints for the first challenge and more relaxed constraints for...

full text

Low-rate DDOS Attack Detection using Optimal Objective Entropy Method

A Distributed Denial of Service (DDOS) attack is a type of Internet attack that disrupts the normal function of the targeted computer network (server). This kind of attacks attempts to make target host resource unavailable to its legal users. Several efforts had made in detection and computation of the DDOS attacks over network, where IDS (Intrusion detection systems) are unable to isolate the ...

full text

An Inner DoS/DDoS Attack Detection System

In this article, we proposed an inner intrusion detection system, named Cumulative-Sum-based Inner Intrusion Detection System (CSIIDS), which detects inner malicious behaviors, launched toward local servers/hosts by other local hosts. Detection is performed based on Cumulative Sum (CUSUM) algorithm. Experimental results show that CSIIDSs can carry out a higher security level for the protected n...

full text

DDoS attack detection and wavelets

This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good guidance of attack detection. Aggregated traffic has been found to be s...

full text

DDoS Attack’s Simulation Using Legitimate and Attack Real Data Sets

In this day and age, the internet is the new resource tool for the masses. It has changed the way we live in society and the way people interact with each other. There are about nine hundred million people, who are using internet now a day. They can use the internet to communicate with each other from all over the world, business can do their work over the internet, and students can take online...

full text

Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach

Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...

full text

My Resources

Save resource for easier access later

Save to my library Already added to my library

{@ msg_add @}


Journal title

volume 12  issue 2

pages  101- 115

publication date 2020-07-01

By following a journal you will be notified via email when a new issue of this journal is published.

Hosted on Doprax cloud platform doprax.com

copyright © 2015-2023