Skip to main content
SpringerLink
Log in

Statistical Approach to Trace the Source of Attack Based on the Variability in Data Flows

  • Conference paper
  • First Online:
Theoretical Computer Science and Discrete Mathematics (ICTCSDM 2016)

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 10398))

Abstract

Cyber attack is the most threatening factor of today’s digital world and this is virtually doubled year by year. During February 2016, Bangladesh central bank was attacked by hackers through 35 illegal transactions in which five transactions resulted in loss of $81 Millions. However, the bank saved $850 Millions by reviewing the remaining thirty transactions. Later, Amazon.com was attacked by hackers which resulted in leakage of 80,000 login credentials. Distributed Denial of Service (DDoS) attack is one of the common forms of cyber attacks which have grown in size, become sophisticated, dangerous and also hard to detect. Tracing the source IP address of such an attack enables us to control the Internet crimes. In this work, a statistical approach based on metrics is presented to find the source of the attack. Six sigma approaches are used to set the threshold value based on which attack sources are predicted.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Peng, T., Leckie, C., Ramamohanarao, K.: Survey of network based defense mechanism countering the DoS and DDoS problems. Comput. J. ACM Comput. Surv. 39, 123–128 (2007)

    Google Scholar 

  2. Nguyen, H.V., Choi, Y.: Proactive detection of DDoS attacks utilizing k-NN classifier in an anti DDoS framework. Int. J. Electr. Comput. Syst. Eng. 4, 537–542 (2010)

    Google Scholar 

  3. Shanon, C.E.: A mathematical theory of communication. Bell Syst. Techn. J. 27, 623–656 (1948)

    Article  MathSciNet  Google Scholar 

  4. Gavrilis, D., Dermatas, E.: Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features. Comput. Netw. 48, 235–245 (2005)

    Article  Google Scholar 

  5. Wu, Y.C., Tseng, H.R., Yang, W., Jan, R.H.: DDoS detection and trace back with decision tree and grey relational analysis. Int. J. Ad-Hoc Ubiquit. Computing. 7, 121–136 (2011)

    Article  Google Scholar 

  6. Karimazad, R., Faraahi, A.: An anomaly based method for DDoS attacks detection using RBF neural networks. In: Proceedings of the International Conference on Network and Electronics Engineering, vol. 11, pp. 44–48 (2011)

    Google Scholar 

  7. Jeyanthi, N., Iyengar, N.C.S.N.: An entropy based approach to detect and disinuish DDoS aatacks from ash crowds in VoIP networks. Int. J. Netw. Secur. 14, 257–269 (2012)

    Google Scholar 

  8. Thomas, R., Mark, B., Johnson, T., Croall, J.: NetBouncer: Client-legitimacy-based high performance filtering. In: Proceedings of the 3rd DARPA Information Survivability Conference and Exposition, p. 111. IEEE Explore (2003)

    Google Scholar 

  9. Limwiwatkul, L., Rungsawang, A.: Distributed denial of service detection using TCP/IP header and traffic measurement analysis. In: Proceedings of the IEEE International Symposium Communications and Information Technology, pp. 605–610. IEEE Explore (2004)

    Google Scholar 

  10. Zhang, G., Parashar, M.: Cooperative defense against DDoS attacks. J. Res. Pract. Inf. Technol. 38, 69–84 (2006)

    Google Scholar 

  11. Wang, J., Phan, R.C.W., Whitely, J.N., Parish, D.J.: Augmented attack tree modeling of distributed denial of services and tree based attack detection method. In: Proceedings of the 10th IEEE International Conference on Computer and Information Technology, 1009–1014. IEEE Explore (2010)

    Google Scholar 

  12. Hwang, K., Dave, P., Tanachaiwiwat, S.: NetShield: Protocol anomaly detection with data-mining against DDoS attacks. In: Proceedings of the 6th International Symposium on Recent Advances in Intrusion Detection, pp. 1–20 (2003)

    Google Scholar 

  13. Li, L., Lee, G.: DDoS attack detection and wavelets. Telecommun. Syst. 28, 435–451 (2005)

    Article  Google Scholar 

  14. Sekar, V., Duffield, N., Spatscheck, O., van der Merwe, J., Zhang, H.: LADS: large-scale automated DDoS detection system. In: Proceedings of the Annual Conference on USENIX Annual Technical Conference, p. 16 (2006)

    Google Scholar 

  15. Gelenbe, E., Loukas, G.A.: Self-aware approach to denial of service defense. Comput. Netw. 51, 1299–1314 (2007)

    Article  MATH  Google Scholar 

  16. Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34, 1659–1665 (2008)

    Article  Google Scholar 

  17. Li, M., Li, M.: A new approach for detecting DDoS attacks based on wavelet analysis. In: Proceedings of the 2nd International Congress on Image and Signal Processing, pp. 1–5. IEE Explore (2009)

    Google Scholar 

  18. Dainotti, A., Pescapé, A., Ventre, G.: A cascade architecture for DoS attacks detection based on the wavelet transform. J. Comput. Secur. 17, 945–968 (2009)

    Article  Google Scholar 

  19. Xia, Z., Lu, S., Li, J.: Enhancing DDoS flood attack detection via intelligent fuzzy logic. Informatica. 34, 497–507 (2010)

    Google Scholar 

  20. Savage, S., Wetherall, D., Karlin, A.R., Anderson, T.E.: Network support for IP traceback. IEEE/ACM Trans. Netw. 9, 226–237 (2001)

    Article  Google Scholar 

  21. Lu, N., Wang, Y., Su, S., Yang, F.: A novel path-based approach for single-packet IP traceback. Secur. Commun. Netw. 7, 309–321 (2014)

    Article  Google Scholar 

  22. Song, D.X., Perrig, A.: Advanced and authenticated marking schemes for IP trace-back. In: Proceedings of the IEEE INFOCOM 2001, pp. 878–886. IEE Explore (2001)

    Google Scholar 

  23. Seongjun, S., Lee, S., Kim, H., Kim, S.: Advanced probabilistic approach for network intrusion forecasting and detection. Expert Syst. Appl. 40, 315–322 (2013)

    Article  Google Scholar 

  24. Yu, S., Zhou, W., Doss, R., Jia, W.: Trace back of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22, 412–425 (2011)

    Article  Google Scholar 

  25. Oshima, S., Takuo, N., Toshinori, S.: DDoS detection technique using statistical analysis to generate quick response time. In: Proceedings of 2010 International Conference on Broadband, Wireless Computing, Communication and Applications, pp. 672–677. IEEE explore (2010)

    Google Scholar 

  26. Bhandari, A., Sangal, A.L., Kumar, K.: Performance metrics for defense framework against distributed denial of service attacks. Int. J. Netw. Secur. 6, 38–47 (2014)

    Google Scholar 

  27. Gupta, B.B., Misra, M., Joshi, R.C.: An ISP level solution to combat DDoS attacks using combined statistical based approach (2012). arXiv preprint arXiv: 1203.2400

Download references

Acknowledgment

The first author is thankful to the management of Kalasalingam University for providing fellowship.

Author information

Authors and Affiliations

  1. Kalasalingam University, Anand Nagar, Krishnankoil, 626126, Tamilnadu, India

    T. Subburaj, K. Suthendran & S. Arumugam

Authors
  1. T. Subburaj
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. K. Suthendran
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. S. Arumugam
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to K. Suthendran .

Editor information

Editors and Affiliations

  1. Kalasalingam University, Krishnankoil, India

    S. Arumugam

  2. Ball State University, Muncie, Indiana, USA

    Jay Bagga

  3. Indiana University – Purdue University, Fort Wayne, Indiana, USA

    Lowell W. Beineke

  4. Indian Institute of Technology, New Delhi, India

    B.S. Panda

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Subburaj, T., Suthendran, K., Arumugam, S. (2017). Statistical Approach to Trace the Source of Attack Based on the Variability in Data Flows. In: Arumugam, S., Bagga, J., Beineke, L., Panda, B. (eds) Theoretical Computer Science and Discrete Mathematics. ICTCSDM 2016. Lecture Notes in Computer Science(), vol 10398. Springer, Cham. https://doi.org/10.1007/978-3-319-64419-6_50

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64419-6_50

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64418-9

  • Online ISBN: 978-3-319-64419-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation