Abstract
A Denial of Service (DoS) attack imposes a heavy load on a system rendering it unavailable to the benign traffic. One of the most popular approaches to carry out the attack is to send a multitude of requests to the targeted site or network, causing the host or network to become unable to reply to the benign traffic or to respond slowly. The complexity and frequency of these attacks have been increasing in recent years. Hence, there is a need to design an efficient system that would detect any suspicious activity in the network and dispatch a timely and appropriate response to counter the same. In this paper, different design models and implementations of contemporary intrusion detection systems have been reviewed and analyzed for shortcomings. A multi-level design for an Intrusion Detection and Prevention System (IDPS) that aims to efficiently detect the DoS attack with minimal response time and high accuracy has been proposed. A UDP flood is simulated inside a virtual network environment to emulate the attack and the results demonstrate the successful detection and mitigation of the DoS attack.
Keywords
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Damasevicius, R., Maskeliunas, R., Misra, S., Salaudeen, B., Azeez, N.: Identifying phishing attacks in communication networks using URL consistency features. Int. J. Electron. Secur. Digit. Forensics 12, 200 (2020). https://doi.org/10.1504/IJESDF.2020.10027595
Fidele, K., Syafei, W.S.: Denial of service (dos) attack identification and analyse using sniffing technique in the network environment. E3S Web Conf. 202, 15003 (2020). https://doi.org/10.1051/e3sconf/202020215003
Farooq, U.: Network security challenges (2018). https://doi.org/10.13140/RG.2.2.27478.34885
Madhuri, A., Ramana, A.L.: Attack patterns for detecting and preventing DDOS and replay attacks. Int. J. Eng. Sci. Technol. 2, 4850–4859 (2010)
Zlomislić, V., Fertalj, K., Sruk, V.: Denial of service attacks, defences and research challenges. Clust. Comput. 20(1), 661–671 (2017). https://doi.org/10.1007/s10586-017-0730-x
Odusami, M., Misra, S., Abayomi-Alli, O., Adebayo, A.A., Fernandez-Sanz, L.: A survey and meta-analysis of application-layer distributed denial-of-service attack. Int. J. Commun. Syst. 33 (2020). https://doi.org/10.1002/dac.4603
Khraisat, A., Gondal, I., Vamplew, P., Kamruzzaman, J.: Survey of intrusion detection systems: techniques, datasets and challenges. Cybersecurity 2(1), 1–22 (2019). https://doi.org/10.1186/s42400-019-0038-7
Titorenko, A.A., Frolov, A.A.: Analysis of modern intrusion detection system. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 142–143. IEEE (2018)
Anwar, S., Mohamad Zain, J., Zolkipli, M.F., Inayat, Z., Khan, S., Anthony, B., Chang, V.: From intrusion detection to an intrusion response system: fundamentals, requirements, and future directions. Algorithms 10(2), 39 (2017)
Yousufi, R.M., Lalwani, P., Potdar, M.: A network-based intrusion detection and prevention system with multi-mode counteractions. In: 2017 International Conference on Innovations in Information, Embedded and Communication Systems (ICIIECS), pp. 1–6. IEEE (2017)
Scarfone, K., Mell, P., et al.: Guide to intrusion detection and prevention systems (idps). NIST Spec. Publ. 800(2007), 94 (2007)
Acharya, A.A., Arpitha, K., Kumar, B.S.: An intrusion detection system against UDP flood attack and ping of death attack (DDOS) in manet. Int. J. Eng. Technol. (IJET), 8(2) (2016)
Barbhuiya, S., Kilpatrick, P., Nikolopoulos, D.S.: Droidlight: lightweight anomaly-based intrusion detection system for smartphone devices. In: Proceedings of the 21st International Conference on Distributed Computing and Networking, pp. 1–10 (2020)
Xiaoming, L., Sejdini, V., Chowdhury, H.: Denial of Service (DoS) Attack with UDP Flood. University of Windsor, Canada, School of Computer Science (2010)
Nenova, M., Atanasov, D., Kassev, K., Nenov, A.: Intrusion detection system model implementation against ddos attacks. In: 2019 IEEE International Conference on Microwaves, Antennas, Communications and Electronic Systems (COMCAS), pp. 1–4. IEEE (2019)
Shurman, M.M., Khrais, R.M., Yateem, A.A.: IoT denial-of-service attack detection and prevention using hybrid IDS. In: 2019 International Arab Conference on Information Technology (ACIT), pp. 252–254. IEEE (2019)
Titorenko, A.A., Goncharov, D.E.: Influence of dos attacks on intrusion detection systems. In: 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus), pp. 144–146. IEEE (2018)
Kurniawan, M.T., Yazid, S.: Mitigation and detection strategy of dos attack on wireless sensor network using blocking approach and intrusion detection system. In: 2020 International Conference on Electrical, Communication, and Computer Engineering (ICECCE), pp. 1–5. IEEE (2020)
Kumar, R., Lal, S.P., Sharma, A.: Detecting denial of service attacks in the cloud. In: 2016 IEEE 14th International Conference on Dependable, Autonomic and Secure Computing, 14th International Conference on Pervasive Intelligence and Computing, 2nd International Conference on Big Data Intelligence and Computing and Cyber Science and Technology Congress (DASC/PiCom/DataCom/CyberSciTech), pp. 309–316. IEEE (2016)
Dwivedi, S., Vardhan, M., Tripathi, S.: Defense against distributed dos attack detection by using intelligent evolutionary algorithm. Int. J. Comput. Appl. 1–11 (2020). https://doi.org/10.1080/1206212X.2020.1720951
Odusami, M., Misra, S., Adetiba, E., Abayomi-Alli, O., Damasevicius, R., Ahuja, R.: An improved model for alleviating layer seven distributed denial of service intrusion on webserver. J. Phys: Conf. Ser. 1235, 012020 (2019). https://doi.org/10.1088/1742-6596/1235/1/012020
Smys, S., Basar, D., Wang, D.: Hybrid intrusion detection system for internet of things (IoT). J. ISMAC 2, 190–199 (2020). https://doi.org/10.36548/jismac.2020.4.002
Abushwereb, M., Mustafa, M., Alkasassbeh, M., Qasaimeh, M.: Attack based dos attack detection using multiple classifier (2020)
Kim, J., Kim, J., Kim, H., Shim, M., Choi, E.: CNN-based network intrusion detection against denial-of-service attack. Electronics 9, 916 (2020). https://doi.org/10.3390/electronics9060916
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Ramesh, S., Selvarayan, S., Sunil, K., Arumugam, C. (2021). An Adaptive Multi-layered Approach for DoS Detection and Mitigation. In: Gervasi, O., et al. Computational Science and Its Applications – ICCSA 2021. ICCSA 2021. Lecture Notes in Computer Science(), vol 12957. Springer, Cham. https://doi.org/10.1007/978-3-030-87013-3_40
Download citation
DOI: https://doi.org/10.1007/978-3-030-87013-3_40
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-87012-6
Online ISBN: 978-3-030-87013-3
eBook Packages: Computer ScienceComputer Science (R0)