D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events

Published on Jun 1, 2018in Journal of Network and Computer Applications6.281
路 DOI :10.1016/J.JNCA.2018.03.024
Sunny Behal13
Estimated H-index: 13
(PTU: Punjab Technical University),
Krishan Kumar21
Estimated H-index: 21
(Panjab University, Chandigarh),
Monika Sachdeva13
Estimated H-index: 13
(PTU: Punjab Technical University)
Abstract In the present computer era, though the Internet-based applications are the driving force of social evolution, yet its architectural vulnerabilities proffer plethoric leisure to the attackers for conquering diversity of attacks on its services. Distributed Denial of Service (DDoS) is one of such prominent attack that constitutes a lethal threat to Internet domain that harnesses its computing and communication resources. Despite the presence of enormous defense solutions, ensuring the security and availability of data, resources, and services to end users remains an ongoing research challenge. In addition, the increase in network traffic rates of legitimate traffic and flow similarity of attack traffic with legitimate traffic has further made DDoS problem more crucial. The current research has deployed DDoS defense solutions primarily at the victim-end because of the inherent advantages of easy deployment and availability of complete attack information. However, the huge network traffic volume generated by DDoS attacks and lack of sufficient computational resources at the victim-end makes defense solution itself vulnerable to these attacks. This paper proposes an ISP level distributed, flexible, automated, and collaborative (D-FACE) defense system which not only distributes the computational and storage complexity to the nearest point of presence (PoPs) routers but also leads to an early detection of DDoS attacks and flash events (FEs). The results show that D-FACE defense system outperformed the existing Entropy-based systems on various defense system evaluation metrics.
馃摉 Papers frequently viewed together
1 Author (Yonghua You)
3 Authors (Jelena Mirkovic, ..., Peter Reiher)
#1Chenxu Wang (Xi'an Jiaotong University)H-Index: 9
#2Tony T. N. MiuH-Index: 3
Last. Jinhe Wang (Xi'an Jiaotong University)H-Index: 2
view all 4 authors...
Application layer distributed denial of service (DDoS) attacks have become a severe threat to the security of web servers. These attacks evade most intrusion prevention systems by sending numerous benign HTTP requests. Since most of these attacks are launched abruptly and severely, a fast intrusion prevention system is desirable to detect and mitigate these attacks as soon as possible. In this paper, we propose an effective defense system, named SkyShield, which leverages the sketch data structu...
#1Sunny Behal (PTU: Punjab Technical University)H-Index: 13
#2Krishan Kumar (Shaheed Bhagat Singh State Technical Campus)H-Index: 21
Investigates the preeminence of GE and GID metrics in detecting DDoS attacks.Proposes the use of GE and GID metrics to discriminate HR-DDoS attacks from FEs.The GID metric is shown to compare favorably with popular information distance measures.Proposed methodology is generalized, and hence can detect future attacks and FE events. Preeminence of Generalized Entropy (GE) and Generalized Information Distance (GID) detection metrics as compared to extensively used Shannon Entropy, KL Divergence, an...
#1Sunny BehalH-Index: 13
#2Krishan KumarH-Index: 21
Last. Monika SachdevaH-Index: 13
view all 3 authors...
#1Sajal Bhatia (Fordham University)H-Index: 9
Distributed Denial-of-Service (DDoS) attacks continue to constitute a pernicious threat to the delivery of services within the Internet domain. These attacks harness the power of thousands, and sometimes tens or hundreds of thousands of compromised computers to attack web-services and online trading sites, resulting in significant down-time and financial loss. The problem of detecting DDoS attacks is complicated by Flash Events (FEs), which share some characteristics with DDoS attacks, and which...
#1Monowar H. Bhuyan (Kaziranga University)H-Index: 15
#2Dhruba K. Bhattacharyya (Tezpur University)H-Index: 29
Last. Jugal Kalita (UCCS: University of Colorado Colorado Springs)H-Index: 31
view all 3 authors...
Distributed denial-of-service DDoS attacks cause havoc by exploiting threats to Internet services. In this paper, we propose E-LDAT, a lightweight extended-entropy metric-based system for both DDoS flooding attack detection and IP Internet Protocol traceback. It aims to identify DDoS attacks effectively by measuring the metric difference between legitimate traffic and attack traffic. IP traceback is performed using the metric values for an attack sample detected by the detection scheme. The meth...
#1Abhinav Bhandari (NITJ: Dr. B. R. Ambedkar National Institute of Technology Jalandhar)H-Index: 8
#2Amrit Lal Sangal (NITJ: Dr. B. R. Ambedkar National Institute of Technology Jalandhar)H-Index: 11
Last. Krishan Kumar (Shaheed Bhagat Singh State Technical Campus)H-Index: 21
view all 3 authors...
In the information age where Internet is the most important means of delivery of plethora of services, distributed denial-of-service DDoS attacks have emerged as one of the most serious threat. Strategic, security, social, and financial implications of these attacks have ceaselessly alarmed the entire cyber community. To obviate a DDoS attack and mitigate its impact, there is an irrevocable prerequisite to accurately detect them promptly. An inherent challenge in addressing this issue is to effi...
#1Ognjen V. Joldzic (University of Banja Luka)H-Index: 3
#2Zoran Djuric (University of Banja Luka)H-Index: 5
Last. Pavle V. Vuleti膰H-Index: 4
view all 3 authors...
Intrusions and intrusive behaviour can be aimed at different parts of the system, ranging from lower-level network attacks intended to disrupt the flow of data in general, to higher-level attacks targeted against specific applications or services. Due to the constant growth of network traffic and the need to inspect the traffic thoroughly, intrusion detection and prevention are becoming increasingly complex and require significant computational resources. This paper presents a distributed, scala...
#1Yunhe Cui (Southwest Jiaotong University)H-Index: 3
#2Lianshan Yan (Southwest Jiaotong University)H-Index: 39
Last. Xiaoyang ZhengH-Index: 1
view all 7 authors...
In order to overcome Distributed Denial of Service (DDoS) in Software Defined Networking (SDN), this paper proposes a mechanism consisting of four modules, namely attack detection trigger, attack detection, attack traceback and attack mitigation. The trigger of attack detection mechanism is introduced for the first time to respond more quickly against DDoS attack and reduce the workload of controllers and switches. In the meantime, the DDoS attack detection method based on neural network is impl...
Distributed denial of service (DDoS) attacks are ever threatening to the developers and users of the Internet. DDoS attacks targeted at the application layer are especially difficult to be detected since they mimic the legitimate users鈥 requests. The situation becomes more serious when they occur during flash events. A more sophisticated algorithm is required to detect such attacks during a flash crowd. A few existing works make use of flow similarity for differentiating flash crowds and DDoS, b...
Cited By50
#1Sahareesh Agha (BU: Bahria University)
#2Osama M. Hussain Rehman (BU: Bahria University)H-Index: 6
Last. Ibrahim M. H. Rahman (The Open Polytechnic of New Zealand)H-Index: 1
view all 3 authors...
#1Zhili Zhou (NUIST: Nanjing University of Information Science and Technology)H-Index: 22
#2Akshat GauravH-Index: 3
Last. Nadia Nedjah (UERJ: Rio de Janeiro State University)H-Index: 22
view all 5 authors...
Over the course of this year, more than a billion people have been afflicted by the COVID-19 outbreak. As long as individuals maintain their social distance, they should all be secure at this period. Because of this, there has been a rise in the usage of different online technologies, but at the same time, there has also been a rise in the likelihood of different cyber-attacks. A DDoS assault, the most prevalent and deadly of them all, impairs an online resource for its users. Thus, in this pape...
#1Shimin SunH-Index: 1
#2Xinchao ZhangH-Index: 1
Last. Li HanH-Index: 1
view all 6 authors...
Last. Bin Xiao
view all 4 authors...
#1J. Ramprasath (Dr. Mahalingam College of Engineering and Technology)H-Index: 1
#2V. SeethalakshmiH-Index: 1
Software defined networks (SDN) creates an environment for designing customized networks based on consumer needs. SDN can effectively apply the decoupling methods on the forwarding plane and the control plane. The SDN controller will forward the traffic information to northbound API and controller obtain the traffic information from openflow virtual switch. SDN routes data and control packets to their destinations based on flow labels, but it lacks protection features to prevent malicious traffi...
#1Kiran Salunke (Narsee Monjee Institute of Management Studies)
#2U. Ragavendran (Narsee Monjee Institute of Management Studies)H-Index: 1
In today鈥檚 world of wireless networks the mobile ad-hoc networks are widely preferred as a communication medium as these are infrastructure less networks. The application layer of these networks is targeted by attackers because it is responsible for actual data exchange with end users. As human dependency on wireless networks is increasing the DDoS attacks i.e. distributed denial of service attack which becomes a nightmare for the researchers. This attack is one of the most devastating attacks t...
Jun 1, 2021 in ICC (International Conference on Communications)
#1Salva Daneshgadeh 脟akmak莽i (University of Bremen)H-Index: 1
#2Helmar Hutschenreuter (University of Bremen)H-Index: 1
Last. Thomas Kemmerich (University of Bremen)H-Index: 2
view all 4 authors...
#1Vikash Kumar (National Institute of Technology, Patna)H-Index: 3
#2Ditipriya Sinha (National Institute of Technology, Patna)H-Index: 7
With the introduction of the Internet to the mainstream like e-commerce, online banking, health system and other day-to-day essentials, risk of being exposed to various are increasing exponentially. Zero-day attack(s) targeting unknown vulnerabilities of a software or system opens up further research direction in the field of cyber-attacks. Existing approaches either uses ML/DNN or anomaly-based approach to protect against these attacks. Detecting zero-day attacks through these techniques miss s...
#1Manish Snehi (Punjabi University)H-Index: 1
#2Abhinav Bhandari (Punjabi University)H-Index: 8
Abstract The wide dispersion of the Internet of Things (IoT), Software-defined Networks and Cloud Computing have given the wings to Cyber鈥揚hysical System adoption. The newfangled society relies so much on Cyber鈥揚hysical Systems, such as Smart Cities, Smart Agriculture, Medical Cyber System, that a dearth to any of the available services may lead to severe concerns. The IoT devices are unwittingly contributing to the denial of service attacks. Though the neoteric Software-defined Anything (SDx) p...
This website uses cookies.
We use cookies to improve your online experience. By continuing to use our website we assume you agree to the placement of these cookies.
To learn more, you can find in our Privacy Policy.