Abstract
Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available for the analysis. The proposed technique is tested with realistic end user network traffic generated in the RGCE Cyber Range.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Durcekova, V., Schwartz, L., Shahmehri, N.: Sophisticated denial of service attacks aimed at application layer. In: ELEKTRO, pp. 55–60 (2012)
Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Trans. Dependable Secure Comput. 2(4), 324–335 (2005)
Chen, R., Wei, J.-Y., Yu, H.: An improved grey self-organizing map based DOS detection. In: Proceedings of IEEE Conference on Cybernetics and Intelligent Systems, pp. 497–502 (2008)
Ke-xin, Y., Jian-qi, Z.: A novel DoS detection mechanism. In: Proceedings of International Conference on Mechatronic Science, Electric Engineering and Computer (MEC), pp. 296–298 (2011)
Ye, C., Zheng, K., She, C.: Application layer ddos detection using clustering analysis. In: Proceedings of the 2nd International Conference on Computer Science and Network Technology (ICCSNT), pp. 1038–1041 (2012)
Chwalinski, P., Belavkin, R.R., Cheng, X.: Detection of application layer DDoS attacks with clustering and bayes factors. In: Proceedings of IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 156–161 (2013)
Stevanovic, D., Vlajic, N.: Next generation application-layer DDoS defences: applying the concepts of outlier detection in data streams with concept drift. In: Proceedings of the 13th International Conference on Machine Learning and Applications, pp. 456–462 (2014)
Xu, C., Zhao, G., Xie, G., Yu, S.: Detection on application layer DDoS using random walk model. In: Proceedings of IEEE International Conference on Communications (ICC), pp. 707–712 (2014)
Ndibwile, J., Govardhan, A., Okada, K., Kadobayashi, Y.: Web Server protection against application layer DDoS attacks using machine learning and traffic authentication. In: Proceedings of IEEE 39th Annual Computer Software and Applications Conference (COMPSAC), vol. 3, pp. 261–267 (2015)
Dunn, J.: A fuzzy relative of the ISODATA process, and its use in detecting compact well-separated clusters. J. Cybern. 3(3), 32–57 (1973)
Hore, P., Hall, L., Goldgof, D.: A fuzzy c means variant for clustering evolving data streams. In: Proceedings of IEEE International Conference on Systems, Man and Cybernetics, pp. 360–365 (2007)
Wan, R., Yan, X., Su, X.: A weighted fuzzy clustering algorithm for data stream. In: Proceedings of ISECS International Colloquium on Computing, Communication, Control, and Management, vol. 1, pp. 360–364 (2008)
Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Siltanen, J.: Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic. In: Proceedings of the 23rd International Conference on Telecommunications (ICT) (2016)
Izakian, H., Pedrycz, W.: Anomaly detection in time series data using a fuzzy c-means clustering. In: Proceedings of Joint IFSA World Congress and NAFIPS (IFSA/NAFIPS) Annual Meeting, pp. 1513–1518 (2013)
Kokkonen, T., Hämäläinen, T., Silokunnas, M., Siltanen, J., Neijonen, M.: Analysis of approaches to internet traffic generation for cyber security research and exercise. In: Proceedings of the 15th International Conference on Next Generation Wired/Wireless Networking (NEW2AN), pp. 254–267 (2015)
Acknowledgments
This work is partially funded by the Regional Council of Central Finland/Council of Tampere Region and European Regional Development Fund/Leverage from the EU 2014–2020 as part of the JYVSECTEC Center project of JAMK University of Applied Sciences Institute of Information Technology.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Zolotukhin, M., Kokkonen, T., Hämäläinen, T., Siltanen, J. (2016). Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic. In: Galinina, O., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART NEW2AN 2016 2016. Lecture Notes in Computer Science(), vol 9870. Springer, Cham. https://doi.org/10.1007/978-3-319-46301-8_27
Download citation
DOI: https://doi.org/10.1007/978-3-319-46301-8_27
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-46300-1
Online ISBN: 978-3-319-46301-8
eBook Packages: Computer ScienceComputer Science (R0)