F-STONE: A Fast Real-Time DDOS Attack Detection Method Using an Improved Historical Memory Management

نویسندگان

  • Mahsa Nooribakhsh Department of Computer, Buinzahra branch, Islamic Azad University, Buinzahra, Iran
چکیده مقاله:

Distributed Denial of Service (DDoS) is a common attack in recent years that can deplete the bandwidth of victim nodes by flooding packets. Based on the type and quantity of traffic used for the attack and the exploited vulnerability of the target, DDoS attacks are grouped into three categories as Volumetric attacks, Protocol attacks and Application attacks. The volumetric attack, which the proposed method attempts to detect it, is the most common type of DDoS attacks. The aim of this paper is to reduce the delay of real-time detection of DDoS attacks utilizing hybrid structures based on data stream algorithms. The proposed data structure (BHM ) improves the data storing mechanism presented in STONE method and consequently reduces the detection time. STONE characterizes regular network traffic of a service by aggregating it into common prefixes of IP addresses, and detecting attacks when the aggregated traffic deviates from the regular one. In BHM, history refers to the output traffic information obtained from each monitoring period to form a reference profile. The reference profile is created by employing historical information and only includes normal traffic information. The delay of DDoS attack detection increases in STONE due to long-time intervals between each monitoring period. The proposed method (F-STONE) has been compared to STONE based on attack detection time, Expected Profile Update Time (EPUT), and rate of attack detection. The evaluation results indicated significant improvements in terms of the EPUT, acceleration of attack detection and reduction of false positive rate.

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Real time DDoS detection using fuzzy estimators

We propose a method for DDoS detection by constructing a fuzzy estimator on the mean packet inter arrival times. We divided the problem into two challenges, the first being the actual detection of the DDoS event taking place and the second being the identification of the offending IP addresses. We have imposed strict real time constraints for the first challenge and more relaxed constraints for...

متن کامل

Low-rate DDOS Attack Detection using Optimal Objective Entropy Method

A Distributed Denial of Service (DDOS) attack is a type of Internet attack that disrupts the normal function of the targeted computer network (server). This kind of attacks attempts to make target host resource unavailable to its legal users. Several efforts had made in detection and computation of the DDOS attacks over network, where IDS (Intrusion detection systems) are unable to isolate the ...

متن کامل

An Inner DoS/DDoS Attack Detection System

In this article, we proposed an inner intrusion detection system, named Cumulative-Sum-based Inner Intrusion Detection System (CSIIDS), which detects inner malicious behaviors, launched toward local servers/hosts by other local hosts. Detection is performed based on Cumulative Sum (CUSUM) algorithm. Experimental results show that CSIIDSs can carry out a higher security level for the protected n...

متن کامل

DDoS attack detection and wavelets

This paper presents a systematic method for DDoS attack detection. DDoS attack can be considered system anomaly or misuse from which abnormal behavior is imposed on network traffic. Attack detection can be performed via abnormal behavior identification. Network traffic characterization with behavior modeling could be a good guidance of attack detection. Aggregated traffic has been found to be s...

متن کامل

DDoS Attack’s Simulation Using Legitimate and Attack Real Data Sets

In this day and age, the internet is the new resource tool for the masses. It has changed the way we live in society and the way people interact with each other. There are about nine hundred million people, who are using internet now a day. They can use the internet to communicate with each other from all over the world, business can do their work over the internet, and students can take online...

متن کامل

Real-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach

Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


عنوان ژورنال

دوره 12  شماره 2

صفحات  101- 115

تاریخ انتشار 2020-07-01

با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023