research-article

A prediction-based detection algorithm against distributed denial-of-service attacks

Authors:

Guoxing Zhang,

Shengming Jiang,

Gang Wei,

Quansheng GuanAuthors Info & Claims

IWCMC '09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly

Pages 106 - 110

https://doi.org/10.1145/1582379.1582403

Published: 21 June 2009 Publication History

Get Access

Abstract

Denial-of-Service (DoS) attacks especially distributed DoS (DDoS) attacks have become significant and increasing threats to the Internet. Huge efforts from both academia and industry have been made on detection and defense of DDoS attacks. However, most detection and defense schemes do not directly aim at protecting the victim of attacks itself (e.g., servers) but attack sources or intermediate network units. Although locating and identifying attacking sources are critical to stop attacks and for legal procedure, rapid and efficient predicting DDoS attacks to happen in the server is more important to reduce damage caused by attacks and even prevent attacks from happening. However, this part has not been addressed sufficiently in the literature. In this paper, we first briefly review research efforts on DDoS attacks, and then discuss a method to define and quantify attacks to severs based on available service rates. This is because the server is often the direct victim of DDoS attacks and the one-point failure of the entire service system. No matter whether there are attacks undergoing, if a sever is overloaded even by normal service requests, the effect imposed to a service system is equivalent to that of attacks. A prediction method for the available service rate of the protected server is then proposed, which applies the Auto Regressive Integrated Auto Regressive (ARIMA) model. Finally, we investigate the proposed prediction method to predict DDoS attacks through simulation studies with NS2. The simulation results show that the prediction algorithm is effective to predict most attacks.

References

[1]

S. Cheung, "Denial of Service against the Domain Name System," IEEE Security and Privacy, 2006.

Digital Library

Google Scholar

[2]

H. R. Nageth, K. C. Sekaran and A. R. Kordcal, "Proactive model for Mitigating Internet Denial-of-Service Attacks," IEEE Computer Society, May 2007.

Digital Library

Google Scholar

[3]

P. Ferguson and D. Senie, "Network Ingress Filtering: Defeating Denial of Service Attacks Which Employ IP Source Address Spoofing," IRFC 2267, January 1998.

Digital Library

Google Scholar

[4]

Y. N. Jing, P. Tu, X. P. Wang and G. D. Zhang, "Distributed-Log-Based Scheme for IP Traceback," IEEE Computer Society, CIT05, 2005.

Digital Library

Google Scholar

[5]

R. Mahajan, S. M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson and S. Shenker, "Controlling High Bandwidth Aggregates in the Network," In ACM Computer Communication Review, July 2001.

Digital Library

Google Scholar

[6]

J. Mirkovic and P. Reiher "A taxonomy of DDoS Attack and DDoS Defense Mechanisms," ACM SIGCOMM, April 2004.

Digital Library

Google Scholar

[7]

J. Mirkovic and P. Reiher, "D-WARD: A Source-End Defence against Flooding Denial-of-Service Attacks," IEEE Computer Society, Jury 2005.

Google Scholar

[8]

H. Wang, D. Zhang and K. G. Shin, "Change-Point Monitoring for the Detection of DoS Attacks," IEEE Trans. Dependable and Secure Computing, vol. 1, no. 4, Oct.-Dec. 2004.

Digital Library

Google Scholar

[9]

Y. Kim, W. C. Lau and M. C. Chauah, "Packet Score: A Statistics-Based Packet Filtering Scheme against Distributed Denial-of-Service Attacks," IEEE Computer Society, May 2006.

Google Scholar

[10]

A. C. Snoeren, C. Partridge, L. A. Sanchez, C. E. Jones, F. Tchakountio, S. T. Kent and W. T. Strayer, "Hashbased IP Traceback," In Proceedings of the ACM SIGCOMM, August 2001.

Digital Library

Google Scholar

[11]

G. Carl, G. Kesidis, R. R. Brooks and S. Rai, "Denial-of-Service Attack-Detection Techniques," In IEEE Internet Computing, June 2006.

Digital Library

Google Scholar

[12]

A. Kuzmanovic and E. Knightly, "Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies," IEEE/ACM Transactions on Networking, August 2006.

Digital Library

Google Scholar

[13]

G. E. P. Box, G. M. Jenkins and G. C. Reinsel, "Time Series Analysis: Forecasting and Control(edition 3)," POSTS and TELECOM PRESSS, 2005.

Digital Library

Google Scholar

[14]

"The Network Simulator NS-2," "http://www.isi.edu/nsnam/ns/."

Google Scholar

Cited By

View all

Feng YLi JSisodia DReiher P(2024)On Explainable and Adaptable Detection of Distributed Denial-of-Service TrafficIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330129321:4(2211-2226)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3301293
Ali DBelaoued MDawaliby S(2024)Anticipating Cyber Threats: Deep Learning Approaches for DDoS Attacks Forecasting2024 8th Cyber Security in Networking Conference (CSNet)10.1109/CSNet64211.2024.10851731(128-132)Online publication date: 4-Dec-2024
https://doi.org/10.1109/CSNet64211.2024.10851731
Adedeji KAbu-Mahfouz AKurien A(2023)DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and ChallengesJournal of Sensor and Actuator Networks10.3390/jsan1204005112:4(51)Online publication date: 6-Jul-2023
https://doi.org/10.3390/jsan12040051
Show More Cited By

Index Terms

A prediction-based detection algorithm against distributed denial-of-service attacks
1. Security and privacy
  1. Network security

Recommendations

Surviving Distributed Denial-of-Service Attacks

A series of distributed denial-of-service (DDoS) attacks were launched against computer systems and services in the US and South Korea beginning July 4th. A DDoS attack is an attempt to make a computer service unavailable to its intended users. The ...
Defending against flooding-based distributed denial-of-service attacks: a tutorial

Flooding-based distributed denial-of-service (DDoS) attack presents a very serious threat to the stability of the Internet. In a typical DDoS attack, a large number of compromised hosts are amassed to send useless packets to jam a victim, or its ...
Mitigating denial of service attacks: a tutorial

This tutorial describes what Denial of Service (DOS) attacks are. how they can be carried out in IP networks, and how one can defend against them. Distributed DoS (DDoS) attacks are included here as a subset of DoS attacks. A DoS attack has two phases: ...

Comments

Information & Contributors

Information

Published In

IWCMC '09: Proceedings of the 2009 International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly

June 2009

1561 pages

ISBN:9781605585697

DOI:10.1145/1582379

General Chairs:
Mohsen Guizani
Kuwait Univ. and Western Michigan University
,
Peter Mueller
IBM, Switzerland
,
Klaus-Peter Fähnrich
University of Leipzig, Germany
,
Program Chairs:
Athanasios (Thanos) Vasilakos
University of Western Macedonia, Greece
,
Yan Zhang
Simula Research Laboratory, Norway
,
Jun Zhang
University of Ottawa, Canada

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 June 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

Ministry of Science and Technology of the People's Republic of China

Conference

IWCMC '09

Sponsor:

IWCMC '09: 2009 International Wireless Communications and Mobile Computing Conference

June 21 - 24, 2009

Leipzig, Germany

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

19
Total Citations
View Citations
816
Total Downloads

Downloads (Last 12 months)3
Downloads (Last 6 weeks)1

Reflects downloads up to 03 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Feng YLi JSisodia DReiher P(2024)On Explainable and Adaptable Detection of Distributed Denial-of-Service TrafficIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.330129321:4(2211-2226)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3301293
Ali DBelaoued MDawaliby S(2024)Anticipating Cyber Threats: Deep Learning Approaches for DDoS Attacks Forecasting2024 8th Cyber Security in Networking Conference (CSNet)10.1109/CSNet64211.2024.10851731(128-132)Online publication date: 4-Dec-2024
https://doi.org/10.1109/CSNet64211.2024.10851731
Adedeji KAbu-Mahfouz AKurien A(2023)DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and ChallengesJournal of Sensor and Actuator Networks10.3390/jsan1204005112:4(51)Online publication date: 6-Jul-2023
https://doi.org/10.3390/jsan12040051
Bitit RDerhab AGuerroumi MKhan F(2023)DDoS attack forecasting based on online multiple change points detection and time series analysisMultimedia Tools and Applications10.1007/s11042-023-17637-383:18(53655-53685)Online publication date: 23-Nov-2023
https://doi.org/10.1007/s11042-023-17637-3
Yeom SChoi CKim KHung CHong JBechini ASong E(2021)Source-side DoS attack detection with LSTM and seasonality embeddingProceedings of the 36th Annual ACM Symposium on Applied Computing10.1145/3412841.3441987(1130-1137)Online publication date: 22-Mar-2021
https://dl.acm.org/doi/10.1145/3412841.3441987
Ghaben AAnbar MHasbullah IKaruppayah S(2021)Mathematical Approach as Qualitative Metrics of Distributed Denial of Service Attack Detection MechanismsIEEE Access10.1109/ACCESS.2021.31105869(123012-123028)Online publication date: 2021
https://doi.org/10.1109/ACCESS.2021.3110586
Can DLe HHa Q(2021)Detection of Distributed Denial of Service Attacks Using Automatic Feature Selection with Enhancement for Imbalance DatasetIntelligent Information and Database Systems10.1007/978-3-030-73280-6_31(386-398)Online publication date: 5-Apr-2021
https://doi.org/10.1007/978-3-030-73280-6_31
Patil NRama Krishna CKumar K(2021)Distributed frameworks for detecting distributed denial of service attacks: A comprehensive review, challenges and future directionsConcurrency and Computation: Practice and Experience10.1002/cpe.619733:10Online publication date: 23-Jan-2021
https://doi.org/10.1002/cpe.6197
Feng YLi J(2020)Toward Explainable and Adaptable Detection and Classification of Distributed Denial-of-Service AttacksDeployable Machine Learning for Security Defense10.1007/978-3-030-59621-7_6(105-121)Online publication date: 18-Oct-2020
https://doi.org/10.1007/978-3-030-59621-7_6
Saridou BShiaeles SPapadopoulos B(2019)DDoS Attack Mitigation through Root-DNS Server: A Case Study2019 IEEE World Congress on Services (SERVICES)10.1109/SERVICES.2019.00025(60-65)Online publication date: Jul-2019
https://doi.org/10.1109/SERVICES.2019.00025
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Surviving Distributed Denial-of-Service Attacks

Defending against flooding-based distributed denial-of-service attacks: a tutorial

Mitigating denial of service attacks: a tutorial

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Permissions

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations