Skip to main content
SpringerLink
Log in

Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic

  • Conference paper
  • First Online:
Internet of Things, Smart Spaces, and Next Generation Networks and Systems (ruSMART 2016, NEW2AN 2016)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 9870))

Abstract

Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available for the analysis. The proposed technique is tested with realistic end user network traffic generated in the RGCE Cyber Range.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Durcekova, V., Schwartz, L., Shahmehri, N.: Sophisticated denial of service attacks aimed at application layer. In: ELEKTRO, pp. 55–60 (2012)

    Google Scholar 

  2. Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Trans. Dependable Secure Comput. 2(4), 324–335 (2005)

    Article  Google Scholar 

  3. Chen, R., Wei, J.-Y., Yu, H.: An improved grey self-organizing map based DOS detection. In: Proceedings of IEEE Conference on Cybernetics and Intelligent Systems, pp. 497–502 (2008)

    Google Scholar 

  4. Ke-xin, Y., Jian-qi, Z.: A novel DoS detection mechanism. In: Proceedings of International Conference on Mechatronic Science, Electric Engineering and Computer (MEC), pp. 296–298 (2011)

    Google Scholar 

  5. Ye, C., Zheng, K., She, C.: Application layer ddos detection using clustering analysis. In: Proceedings of the 2nd International Conference on Computer Science and Network Technology (ICCSNT), pp. 1038–1041 (2012)

    Google Scholar 

  6. Chwalinski, P., Belavkin, R.R., Cheng, X.: Detection of application layer DDoS attacks with clustering and bayes factors. In: Proceedings of IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 156–161 (2013)

    Google Scholar 

  7. Stevanovic, D., Vlajic, N.: Next generation application-layer DDoS defences: applying the concepts of outlier detection in data streams with concept drift. In: Proceedings of the 13th International Conference on Machine Learning and Applications, pp. 456–462 (2014)

    Google Scholar 

  8. Xu, C., Zhao, G., Xie, G., Yu, S.: Detection on application layer DDoS using random walk model. In: Proceedings of IEEE International Conference on Communications (ICC), pp. 707–712 (2014)

    Google Scholar 

  9. Ndibwile, J., Govardhan, A., Okada, K., Kadobayashi, Y.: Web Server protection against application layer DDoS attacks using machine learning and traffic authentication. In: Proceedings of IEEE 39th Annual Computer Software and Applications Conference (COMPSAC), vol. 3, pp. 261–267 (2015)

    Google Scholar 

  10. Dunn, J.: A fuzzy relative of the ISODATA process, and its use in detecting compact well-separated clusters. J. Cybern. 3(3), 32–57 (1973)

    Article  MathSciNet  MATH  Google Scholar 

  11. Hore, P., Hall, L., Goldgof, D.: A fuzzy c means variant for clustering evolving data streams. In: Proceedings of IEEE International Conference on Systems, Man and Cybernetics, pp. 360–365 (2007)

    Google Scholar 

  12. Wan, R., Yan, X., Su, X.: A weighted fuzzy clustering algorithm for data stream. In: Proceedings of ISECS International Colloquium on Computing, Communication, Control, and Management, vol. 1, pp. 360–364 (2008)

    Google Scholar 

  13. Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Siltanen, J.: Increasing web service availability by detecting application-layer DDoS attacks in encrypted traffic. In: Proceedings of the 23rd International Conference on Telecommunications (ICT) (2016)

    Google Scholar 

  14. Izakian, H., Pedrycz, W.: Anomaly detection in time series data using a fuzzy c-means clustering. In: Proceedings of Joint IFSA World Congress and NAFIPS (IFSA/NAFIPS) Annual Meeting, pp. 1513–1518 (2013)

    Google Scholar 

  15. Kokkonen, T., Hämäläinen, T., Silokunnas, M., Siltanen, J., Neijonen, M.: Analysis of approaches to internet traffic generation for cyber security research and exercise. In: Proceedings of the 15th International Conference on Next Generation Wired/Wireless Networking (NEW2AN), pp. 254–267 (2015)

    Google Scholar 

Download references

Acknowledgments

This work is partially funded by the Regional Council of Central Finland/Council of Tampere Region and European Regional Development Fund/Leverage from the EU 2014–2020 as part of the JYVSECTEC Center project of JAMK University of Applied Sciences Institute of Information Technology.

Author information

Authors and Affiliations

  1. Department of Mathematical Information Technology, University of Jyväskylä, Jyväskylä, Finland

    Mikhail Zolotukhin & Timo Hämäläinen

  2. Institute of Information Technology, JAMK University of Applied Sciences, Jyväskylä, Finland

    Tero Kokkonen & Jarmo Siltanen

Authors
  1. Mikhail Zolotukhin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tero Kokkonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Timo Hämäläinen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jarmo Siltanen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mikhail Zolotukhin .

Editor information

Editors and Affiliations

  1. Tampere University of Technology , Tampere, Finland

    Olga Galinina

  2. FRUCT Oy , Helsinki, Finland

    Sergey Balandin

  3. Tampere University of Technology , Tampere, Finland

    Yevgeni Koucheryavy

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing AG

About this paper

Cite this paper

Zolotukhin, M., Kokkonen, T., Hämäläinen, T., Siltanen, J. (2016). Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic. In: Galinina, O., Balandin, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART NEW2AN 2016 2016. Lecture Notes in Computer Science(), vol 9870. Springer, Cham. https://doi.org/10.1007/978-3-319-46301-8_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-46301-8_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-46300-1

  • Online ISBN: 978-3-319-46301-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation