A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.

Original languageEnglish
Title of host publicationSecurity, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings
EditorsMohammed Atiquzzaman, Zheng Yan, Kim-Kwang Raymond Choo, Guojun Wang
PublisherSpringer Verlag
Pages461-473
Number of pages13
ISBN (Print)9783319723884
DOIs
Publication statusPublished - Jan 1 2017
Event10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017 - Guangzhou, China
Duration: Dec 12 2017Dec 15 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10656 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017
CountryChina
CityGuangzhou
Period12/12/1712/15/17

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation'. Together they form a unique fingerprint.

  • Cite this

    Feng, Y., Hori, Y., & Sakurai, K. (2017). A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation. In M. Atiquzzaman, Z. Yan, K-K. R. Choo, & G. Wang (Eds.), Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings (pp. 461-473). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10656 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-72389-1_37