Abstract
Due to the proliferation of smartphones and wireless internet, the number of DoS/DDoS attacks has increased significantly, and it creates a lot of network traffic. The DoS/DDoS attacks consume the resources of the service server so that the network and the continuity of service cannot be guaranteed [1,2,3]. Current studies on DoS/DDoS focus on a radical change of total traffic or traffic pattern. Results of these type of studies cannot react to ever changing attack patterns and service types [4,5]. This paper proposes a new algorithm to detect DoS/DDoS attacks based on the session information of the service. In this paper, we propose BSDDA(bidirectional session aware DDoS detection algorithm) that detects DoS/DDoS attacks by analyzing the session information that contains service requests as well as service replies. Since the algorithm consideres session information of service requests and responses, its effectiveness is experimentally shown the algorithm effectively responds to the ever changing attack patterns.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Mirkovic, J., Reiher, P.: A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. Computer Communication Review 34, 39–53 (2004)
Khan, S., Loo, K.-K., Naeem, T., Khan, M.A.: Denial of Service Attacks and Challenges in Broadband Wireless Networks. IJCSNS International Journal of Computer Science and Network Security 8(7) (July 2008)
Arbor Networks, Worldwide Infrastructure Report, vol. V
Xie, Y., Yu, S.-Z.: A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors. IEEE/ACM Transactions on Networking 17(1) (February 2009)
Kuzmanovic, A., Knightly, E.W.: Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies. IEEE/ACM Transactions on Networking 14(4) (August 2006)
Dittrich, D., Dietrich, S.: P2P as botnet command and control: a deeper insight. In: 3rd International Conference on Malicious and Unwanted Software, MALWARE 2008 (2008)
Yatagai, T., Isohara, T., Sasase, I.: Detection of HTTP-GET ?ood Attack Based on Analysis of Page Access Behavior. In: IEEE Pacific Rim Conference on Communications, Computers and Signal Processing, PacRim 2007 (2007)
Lesk, M., Stytz, R., Trope, L.: The New Front Line: Estonia under Cyberassault. Security & Privacy IEEE 5(4), 76–79 (2007)
Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing. RFC 2827 (May 2000)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN Flooding Attacks. In: Proceedings of the IEEE Infocom, pp. 1530–1539 (2002)
Garg, A., Narasimha Reddy, A.L.: Mitigation of DoS attacks through QoS regulation. In: Proceedings of ACM SIGCOMM 2001 (August 2001)
Park, K., Lee, H.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: Proc. IEEE INFOCOM 2001, pp. 338–347 (2001)
Song, D.X., Perrig, A.: Advanced and Authenticated Marking Scheme for IP Traceback. In: Proc. Infocom, vol. 2, pp. 878–886 (2001)
Jin, C., Wang, H., Shin, K.G.: Hop-Count Filtering: An Effecitve Defense Against Spoofed DDoS Traffic. In: Proceeding of the 10th ACM Conference on Computer and Communications Security, Washington, DC (October 2003)
Paxson, V.: End-to-End Routing Behavior in the Internet. IEEE/ACM Transaction on Networking, 601–615
Specification of Guaranteed Quality of Service. RFC 2212 (September 1997)
Roesch, M.: Snort-Lightweight Intrusion Detection for Networks. In: Proc. of the USENIX LISA 1999 Conf. (November 1999)
Kumar, S., Spafford, E.: A Pattern Matching Model for Misuse Intrusion Detection. In: Proc. of the 17th National Computer Security Conf., pp. 11–21 (October 1994)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical Approaches to DDoS Attack Detection and Response. In: DARPA Information Survivability Conference and Exposition (DISCEX 2003), (April 22-24, 2003)
BBC News: New “cyber attacks” hit S Korea (2009-07-09)
Internet Protocol. RFC 1349 (1992)
Bellovin, S.M.: ICMP Traceback Messages. Internet Draft draftbellovin-itrace-00.txt (March 2000) (work in progress)
Park, K., Lee, H.: On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets. In: Proceedings of ACM SIGCOMM 2001 (August 2001)
IP Router Alert Option. RFC 2113 (1997)
SIP: Session Initiation Protocol. RFC 3261 (2002)
El-Moussa, F.A., Linge, N., Hope, M.: Active router approach to defeating denial-of-service attacks in networks. IEEE, Los Alamitos (2007)
Mirkovic, J., Arikan, E., Wei, S., Thomas, R., Fahmy, S., Reiher, P.: Benchmarks for DDoS defense evaluation. In: Military Communications Conference (2006)
Li, M., Li, J., Zhao, W.: Experimental study of DDOS attacking of flood type based on NS2. International Journal of Electronics and Computers 1, 143–152 (2009)
Xie, Y., Yu, S.-Z.: Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on networking 17(1) (February 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yi, H., Park, P., Min, S., Ryou, J. (2011). DDoS Detection Algorithm Using the Bidirectional Session. In: Kwiecień, A., Gaj, P., Stera, P. (eds) Computer Networks. CN 2011. Communications in Computer and Information Science, vol 160. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21771-5_21
Download citation
DOI: https://doi.org/10.1007/978-3-642-21771-5_21
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21770-8
Online ISBN: 978-3-642-21771-5
eBook Packages: Computer ScienceComputer Science (R0)