A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation

Yuxuan Gao, Yaokai Feng, Junpei Kawamoto, Kouichi Sakurai

Research output: Chapter in Book/Report/Conference proceedingConference contribution

7 Citations (Scopus)

Abstract

DRDoS (Distributed Reflection Denial of Service) attack is a kind of DoS (Denial of Service) attack, in which third-party servers are tricked into sending large amounts of data to the victims. That is, attackers use source address IP spoofing to hide their identity and cause third-parties to send data to the victims as identified by the source address field of the IP packet. This is called reflection because the servers of benign services are tricked into "reflecting" attack traffic to the victims. The most typical existing detection methods of such attacks are designed based on known attacks by protocol and are difficult to detect the unknown ones. According to our investigations, one protocol-independent detection method has been existing, which is based on the assumption that a strong linear relationship exists among the abnormal flows from the reflector to the victim. Moreover, the method is assumed that the all packets from reflectors are attack packets when attacked, which is clearly not reasonable. In this study, we found five features are effective for detecting DRDoS attacks, and we proposed a method to detect DRDoS attacks using these features and machine learning algorithms. Its detection performance is experimentally examined and the experimental result indicates that our proposal is of clearly better detection performance.

Original languageEnglish
Title of host publicationProceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages80-86
Number of pages7
ISBN (Electronic)9781509022854
DOIs
Publication statusPublished - Dec 12 2016
Event11th Asia Joint Conference on Information Security, AsiaJCIS 2016 - Fukuoka, Japan
Duration: Aug 4 2016Aug 5 2016

Publication series

NameProceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016

Other

Other11th Asia Joint Conference on Information Security, AsiaJCIS 2016
CountryJapan
CityFukuoka
Period8/4/168/5/16

Fingerprint

Learning systems
Servers
Network protocols
Learning algorithms
Denial-of-service attack

All Science Journal Classification (ASJC) codes

  • Information Systems
  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

Cite this

Gao, Y., Feng, Y., Kawamoto, J., & Sakurai, K. (2016). A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation. In Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016 (pp. 80-86). [7782062] (Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/AsiaJCIS.2016.24

A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation. / Gao, Yuxuan; Feng, Yaokai; Kawamoto, Junpei; Sakurai, Kouichi.

Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016. Institute of Electrical and Electronics Engineers Inc., 2016. p. 80-86 7782062 (Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Gao, Y, Feng, Y, Kawamoto, J & Sakurai, K 2016, A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation. in Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016., 7782062, Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016, Institute of Electrical and Electronics Engineers Inc., pp. 80-86, 11th Asia Joint Conference on Information Security, AsiaJCIS 2016, Fukuoka, Japan, 8/4/16. https://doi.org/10.1109/AsiaJCIS.2016.24
Gao Y, Feng Y, Kawamoto J, Sakurai K. A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation. In Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016. Institute of Electrical and Electronics Engineers Inc. 2016. p. 80-86. 7782062. (Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016). https://doi.org/10.1109/AsiaJCIS.2016.24
Gao, Yuxuan ; Feng, Yaokai ; Kawamoto, Junpei ; Sakurai, Kouichi. / A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation. Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016. Institute of Electrical and Electronics Engineers Inc., 2016. pp. 80-86 (Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016).
@inproceedings{068c8f1ef34f44b4bca0897ff6c88147,
title = "A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation",
abstract = "DRDoS (Distributed Reflection Denial of Service) attack is a kind of DoS (Denial of Service) attack, in which third-party servers are tricked into sending large amounts of data to the victims. That is, attackers use source address IP spoofing to hide their identity and cause third-parties to send data to the victims as identified by the source address field of the IP packet. This is called reflection because the servers of benign services are tricked into {"}reflecting{"} attack traffic to the victims. The most typical existing detection methods of such attacks are designed based on known attacks by protocol and are difficult to detect the unknown ones. According to our investigations, one protocol-independent detection method has been existing, which is based on the assumption that a strong linear relationship exists among the abnormal flows from the reflector to the victim. Moreover, the method is assumed that the all packets from reflectors are attack packets when attacked, which is clearly not reasonable. In this study, we found five features are effective for detecting DRDoS attacks, and we proposed a method to detect DRDoS attacks using these features and machine learning algorithms. Its detection performance is experimentally examined and the experimental result indicates that our proposal is of clearly better detection performance.",
author = "Yuxuan Gao and Yaokai Feng and Junpei Kawamoto and Kouichi Sakurai",
year = "2016",
month = "12",
day = "12",
doi = "10.1109/AsiaJCIS.2016.24",
language = "English",
series = "Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "80--86",
booktitle = "Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016",
address = "United States",

}

TY - GEN

T1 - A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation

AU - Gao, Yuxuan

AU - Feng, Yaokai

AU - Kawamoto, Junpei

AU - Sakurai, Kouichi

PY - 2016/12/12

Y1 - 2016/12/12

N2 - DRDoS (Distributed Reflection Denial of Service) attack is a kind of DoS (Denial of Service) attack, in which third-party servers are tricked into sending large amounts of data to the victims. That is, attackers use source address IP spoofing to hide their identity and cause third-parties to send data to the victims as identified by the source address field of the IP packet. This is called reflection because the servers of benign services are tricked into "reflecting" attack traffic to the victims. The most typical existing detection methods of such attacks are designed based on known attacks by protocol and are difficult to detect the unknown ones. According to our investigations, one protocol-independent detection method has been existing, which is based on the assumption that a strong linear relationship exists among the abnormal flows from the reflector to the victim. Moreover, the method is assumed that the all packets from reflectors are attack packets when attacked, which is clearly not reasonable. In this study, we found five features are effective for detecting DRDoS attacks, and we proposed a method to detect DRDoS attacks using these features and machine learning algorithms. Its detection performance is experimentally examined and the experimental result indicates that our proposal is of clearly better detection performance.

AB - DRDoS (Distributed Reflection Denial of Service) attack is a kind of DoS (Denial of Service) attack, in which third-party servers are tricked into sending large amounts of data to the victims. That is, attackers use source address IP spoofing to hide their identity and cause third-parties to send data to the victims as identified by the source address field of the IP packet. This is called reflection because the servers of benign services are tricked into "reflecting" attack traffic to the victims. The most typical existing detection methods of such attacks are designed based on known attacks by protocol and are difficult to detect the unknown ones. According to our investigations, one protocol-independent detection method has been existing, which is based on the assumption that a strong linear relationship exists among the abnormal flows from the reflector to the victim. Moreover, the method is assumed that the all packets from reflectors are attack packets when attacked, which is clearly not reasonable. In this study, we found five features are effective for detecting DRDoS attacks, and we proposed a method to detect DRDoS attacks using these features and machine learning algorithms. Its detection performance is experimentally examined and the experimental result indicates that our proposal is of clearly better detection performance.

UR - http://www.scopus.com/inward/record.url?scp=85010443318&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85010443318&partnerID=8YFLogxK

U2 - 10.1109/AsiaJCIS.2016.24

DO - 10.1109/AsiaJCIS.2016.24

M3 - Conference contribution

AN - SCOPUS:85010443318

T3 - Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016

SP - 80

EP - 86

BT - Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016

PB - Institute of Electrical and Electronics Engineers Inc.

ER -