A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.

Original languageEnglish
Title of host publicationSecurity, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings
EditorsMohammed Atiquzzaman, Zheng Yan, Kim-Kwang Raymond Choo, Guojun Wang
PublisherSpringer Verlag
Pages461-473
Number of pages13
ISBN (Print)9783319723884
DOIs
Publication statusPublished - Jan 1 2017
Event10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017 - Guangzhou, China
Duration: Dec 12 2017Dec 15 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10656 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017
CountryChina
CityGuangzhou
Period12/12/1712/15/17

Fingerprint

Denial of Service
Normal Modes
Performance Evaluation
Attack
Information theory
DDoS
Line Detection
Denial-of-service attack
Information Theory
Vertex of a graph
Anomaly
Signature
Choose
Traffic

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Feng, Y., Hori, Y., & Sakurai, K. (2017). A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation. In M. Atiquzzaman, Z. Yan, K-K. R. Choo, & G. Wang (Eds.), Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings (pp. 461-473). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10656 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-72389-1_37

A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation. / Feng, Yaokai; Hori, Yoshiaki; Sakurai, Kouichi.

Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings. ed. / Mohammed Atiquzzaman; Zheng Yan; Kim-Kwang Raymond Choo; Guojun Wang. Springer Verlag, 2017. p. 461-473 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10656 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Feng, Y, Hori, Y & Sakurai, K 2017, A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation. in M Atiquzzaman, Z Yan, K-KR Choo & G Wang (eds), Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10656 LNCS, Springer Verlag, pp. 461-473, 10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017, Guangzhou, China, 12/12/17. https://doi.org/10.1007/978-3-319-72389-1_37
Feng Y, Hori Y, Sakurai K. A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation. In Atiquzzaman M, Yan Z, Choo K-KR, Wang G, editors, Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings. Springer Verlag. 2017. p. 461-473. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-72389-1_37
Feng, Yaokai ; Hori, Yoshiaki ; Sakurai, Kouichi. / A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation. Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings. editor / Mohammed Atiquzzaman ; Zheng Yan ; Kim-Kwang Raymond Choo ; Guojun Wang. Springer Verlag, 2017. pp. 461-473 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{8a9a26a7819a4c20807d48d10416b322,
title = "A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation",
abstract = "Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.",
author = "Yaokai Feng and Yoshiaki Hori and Kouichi Sakurai",
year = "2017",
month = "1",
day = "1",
doi = "10.1007/978-3-319-72389-1_37",
language = "English",
isbn = "9783319723884",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "461--473",
editor = "Mohammed Atiquzzaman and Zheng Yan and Choo, {Kim-Kwang Raymond} and Guojun Wang",
booktitle = "Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings",
address = "Germany",

}

TY - GEN

T1 - A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation

AU - Feng, Yaokai

AU - Hori, Yoshiaki

AU - Sakurai, Kouichi

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.

AB - Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.

UR - http://www.scopus.com/inward/record.url?scp=85038096833&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85038096833&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-72389-1_37

DO - 10.1007/978-3-319-72389-1_37

M3 - Conference contribution

AN - SCOPUS:85038096833

SN - 9783319723884

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 461

EP - 473

BT - Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings

A2 - Atiquzzaman, Mohammed

A2 - Yan, Zheng

A2 - Choo, Kim-Kwang Raymond

A2 - Wang, Guojun

PB - Springer Verlag

ER -