skip to main content
10.1145/1456377.1456389acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Adaptive distributed mechanism against flooding network attacks based on machine learning

Published: 27 October 2008 Publication History

Abstract

Adaptive techniques based on machine learning and data mining are gaining relevance in self-management and self-defense for networks and distributed systems. In this paper, we focus on early detection and stopping of distributed flooding attacks and network abuses. We extend the framework proposed by Zhang and Parashar (2006) to cooperatively detect and react to abnormal behaviors before the target machine collapses and network performance degrades. In this framework, nodes in an intermediate network share information about their local traffic observations, improving their global traffic perspective. In our proposal, we add to each node the ability of learning independently, therefore reacting differently according to its situation in the network and local traffic conditions. In particular, this frees the administrator from having to guess and manually set the parameters distinguishing attacks from non-attacks: now such thresholds are learned and set from experience or past data. We expect that our framework provides a faster detection and more accuracy in front of distributed flooding attacks than if static filters or single-machine adaptive mechanisms are used. We show simulations where indeed we observe a high rate of stopped attacks with minimum disturbance to the legitimate users.

References

[1]
N. S. A. Quiroz, M. Parashar. Decentralized clustering analysis and online anomaly detection for peer grid systems. Technical Report, CAIP Rutgers, 2006, 2006.
[2]
D. Dittrich. The dos project's trinoo distributed denial of service attack tool, October 1999.
[3]
T. M. Gil and M. Poletto. MULTOPS: A Data-Structure for bandwidth attack detection. In Proceedings of the 10th USENIX Security Symposium, pages 23--38, 2001.
[4]
P. Jelena and M. Greg. Attacking ddos at the source. In Proceedings of the IEEE International Conference on Network Protocols10 2002, 2002.
[5]
F. Kargl, J. Maier, and M. Weber. Protecting web servers from distributed denial of service attacks. In World Wide Web, pages 514--524, 2001.
[6]
A. Keromytis, V. Misra, and D. Rubenstein. Using overlays to improve network security. In Proceedings of SPIE ITCom Conference on Scalability and Traffic Control in IP Networks II 2002, 2002.
[7]
Y. W. M.S. Srivastava. Comparison of ewma, cusum and shiryayev-roberts procedures for detecting a shift in the mean. Annals of Statistics, 21:645--670, 1993.
[8]
S. Noh, C. Lee, K. Choi, and G. Jung. Detecting distributed denial of service (ddos) attacks through inductive learning. In IDEAL, pages 286--295, 2003.
[9]
R. Nou, J. Guitart, V. Beltran, D. Carrera, L. Montero, J. Torres, and E. Ayguade. Simulating complex systems with a low-detail model. In Proceedings of the 16th Paralelism Meeting 2005, Spain, 2005.
[10]
N. Poggi, T. Moreno, J. Berral, R. Gavalda, and J. Torres. Web customer modeling for automated session prioritization on high traffc sites. In Proc. 11th Conf. on User Modelling (UM2007). Springer Lecture Notes in Computer Science 4511, pages 450--454. User Modelling Inc., March 2007.
[11]
K. Rieck and P. Laskov. Language models for detection of unknown attacks in network traffic. Journal in Computer Virology, 2(4):243--256, 2007.
[12]
W. W. Streilein, D. J. Fried, and R. K. Cunningham. Detecting flood-based denial-of-service attacks with snmp/rmon. In Workshop on Statistical and Machine Learning Techniques in Computer Intrusion Detection, Fairfax, Virginia, USA, 2003.
[13]
A. Varga. The omnet++ discrete event simulation system. In Proceedings of the European Simulation Multiconference, pages 319--324, Prague, Czech Republic, June 2001. SCS -European Publishing House.
[14]
H. Wang, D. Zhang, and K. Shin. Detecting SYN flooding attacks. In Proceedings of IEEE INFOCOM 2002, 2002.
[15]
S. Williams, B. Parry, and M. Schlup. Quality control: an application of the CUSUM. British Medical Journal, 1992.
[16]
G. Zhang and M. Parashar. Cooperative defense against ddos attacks. Journal of Research and Practice in Information Technology (JRPIT), Australian Computer Society Inc., February 2006

Cited By

View all
  • (2023)A Deep Reinforcement Learning-based DDoS Attack Mitigation Scheme for Securing Big Data in Fog-Assisted Cloud EnvironmentWireless Personal Communications10.1007/s11277-023-10407-2130:4(2869-2886)Online publication date: 26-Apr-2023
  • (2023)Anomaly detection analysis based on correlation of features in graph neural networkMultimedia Tools and Applications10.1007/s11042-023-15635-z83:9(25487-25501)Online publication date: 21-Aug-2023
  • (2023)Machine Learning Based Two-Tier Security Mechanism for IoT Devices Against DDoS AttacksInternational Conference on Cyber Security, Privacy and Networking (ICSPN 2022)10.1007/978-3-031-22018-0_7(69-82)Online publication date: 21-Feb-2023
  • Show More Cited By

Index Terms

  1. Adaptive distributed mechanism against flooding network attacks based on machine learning

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Conferences
    AISec '08: Proceedings of the 1st ACM workshop on Workshop on AISec
    October 2008
    84 pages
    ISBN:9781605582917
    DOI:10.1145/1456377
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

    Sponsors

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 27 October 2008

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. DDOS
    2. autonomic computing
    3. cooperative
    4. flooding attacks
    5. intrusion detection
    6. machine learning

    Qualifiers

    • Research-article

    Conference

    CCS08
    Sponsor:

    Acceptance Rates

    AISec '08 Paper Acceptance Rate 9 of 20 submissions, 45%;
    Overall Acceptance Rate 94 of 231 submissions, 41%

    Upcoming Conference

    CCS '25

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)5
    • Downloads (Last 6 weeks)1
    Reflects downloads up to 23 Feb 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2023)A Deep Reinforcement Learning-based DDoS Attack Mitigation Scheme for Securing Big Data in Fog-Assisted Cloud EnvironmentWireless Personal Communications10.1007/s11277-023-10407-2130:4(2869-2886)Online publication date: 26-Apr-2023
    • (2023)Anomaly detection analysis based on correlation of features in graph neural networkMultimedia Tools and Applications10.1007/s11042-023-15635-z83:9(25487-25501)Online publication date: 21-Aug-2023
    • (2023)Machine Learning Based Two-Tier Security Mechanism for IoT Devices Against DDoS AttacksInternational Conference on Cyber Security, Privacy and Networking (ICSPN 2022)10.1007/978-3-031-22018-0_7(69-82)Online publication date: 21-Feb-2023
    • (2022)SUKRY: Suricata IDS with Enhanced kNN Algorithm on Raspberry Pi for Classifying IoT Botnet AttacksElectronics10.3390/electronics1105073711:5(737)Online publication date: 27-Feb-2022
    • (2022)Real-Time Distributed Service De-Identification And Internet Problem Mitigation2022 International Conference on Artificial Intelligence of Things (ICAIoT)10.1109/ICAIoT57170.2022.10121835(1-6)Online publication date: 29-Dec-2022
    • (2022)SequenceShield: A Robust and Accurate DDoS Detection Method via Serializing the Traffic with Direction Information2022 IEEE 24th Int Conf on High Performance Computing & Communications; 8th Int Conf on Data Science & Systems; 20th Int Conf on Smart City; 8th Int Conf on Dependability in Sensor, Cloud & Big Data Systems & Application (HPCC/DSS/SmartCity/DependSys)10.1109/HPCC-DSS-SmartCity-DependSys57074.2022.00094(499-507)Online publication date: Dec-2022
    • (2022)Intrusion Detection Based on LSTM and Random ForestsAdvances in Natural Computation, Fuzzy Systems and Knowledge Discovery10.1007/978-3-030-89698-0_3(23-30)Online publication date: 4-Jan-2022
    • (2021)Evaluating the Performance of Various SVM Kernel Functions Based on Basic Features Extracted from KDDCUP'99 Dataset by Random Forest Method for Detecting DDoS AttacksWireless Personal Communications10.1007/s11277-021-09280-8123:4(3127-3145)Online publication date: 27-Oct-2021
    • (2020)Traffic prediction based on machine learning for elastic optical networksOptical Switching and Networking10.1016/j.osn.2018.06.00130:C(33-39)Online publication date: 1-Jul-2020
    • (2020)Anomaly-based network intrusion detection with ensemble classifiers and meta-heuristic scale (ECMHS) in traffic flow streamsJournal of Ambient Intelligence and Humanized Computing10.1007/s12652-020-02628-1Online publication date: 18-Nov-2020
    • Show More Cited By

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media