An Overview of Distributed Denial of Service Traffic Detection Approaches

Keywords: network traffic anomaly, network-based attack, service availability, denial of service, network anomaly detection

Abstract

The availability of information and communication (IC) resources is a growing problem caused by the increase in the number of users, IC services, and the capacity constraints. IC resources need to be available to legitimate users at the required time. The availability is of crucial importance in IC environments such as smart city, autonomous vehicle, or critical infrastructure management systems. In the mentioned and similar environments the unavailability of resources can also have negative consequences on people's safety. The distributed denial of service (DDoS) attacks and traffic that such attacks generate, represent a growing problem in the last decade. Their goal is to disable access to the resources for legitimate users. This paper analyses the trends of such traffic which indicates the importance of its detection methods research. The paper also provides an overview of the currently used approaches used in detection system and model development. Based on the analysis of the previous research, the disadvantages of the used approaches have been identified which opens the space and gives the direction for future research. Besides the mentioned this paper highlights a DDoS traffic generated through Internet of things (IoT) devices as an evolving threat that needs to be taken into consideration in the future studies.

Author Biography

Ivan Cvitić, Faculty of Transport and Traffic Sciences, University of Zagreb

Ivan Cvitić is an assistant and a PhD student at the Faculty of Transport and Traffic Sciences, University of Zagreb.

References

Bhattacharyya DK, Kalita JK. Network Anomaly Detection: A Machine Learning Perspective. Boca Raton, USA: CRC Press; 2014.

Husnjak S, Peraković D, Cvitić I. Relevant affect factors of smartphone mobile data traffic. Promet – Traffic & Transportation. 2016;28(4): 435-44.

Bidgoli H. Handbook of Information Security. 3rd ed. New Jersey: John Wiley & Sons Inc.; 2006.

Tulloch M. Encyclopedia of Security. Redmond, USA: Microsoft Press; 2003.

Cvitić I, Peraković D, Periša M, Jerneić B. Availability Protection of IoT Concept Based Telematics System in Transport. In: Mikulski J, editor. Challenge of Transport Telematics, Katowice, Poland. Springer International Publishing; 2016. p. 109-21.

Hoque N, Bhuyan MH, Baishya RC, Bhattacharyya DK, Kalita JK. Network attacks: Taxonomy, tools and systems. Journal of Network and Computer Applications. 2014;40(1): 307-24.

Bhattacharyya DK, Kalita JK. DDoS Attacks: Evolution, Detection, Prevention, Reaction and Tolerance. Boca Raton, USA: CRC Press; 2016.

Chandola V, Banerjee A, Kumar V. Anomaly detection. ACM Computing Surveys. 2009;41(3): 1-58.

Hussain A, Heidemann J, Papadopoulos C. A framework for classifying denial of service attacks. In: Proceedings of the 2003 conference on Applications, technologies, architectures, and protocols for computer

communications - SIGCOMM ’03, Karlsruhe, Germany. ACM Press; 2003. p. 99-110.

David J, Thomas C. DDoS Attack Detection Using Fast Entropy Approach on Flow- Based Network Traffic. Procedia Computer Science. 2015;50: 30-6.

Somal LK, Virk KS. Classification of Distributed Denial of Service Attacks – Architecture , Taxonomy and Tools. International Journal of Advanced Research in Computer Science & Technology (IJARCST 2014). 2014;2(2): 118-22.

Mirkovic J, Reiher P. A taxonomy of DDoS attack and DDoS defense mechanisms. SIGCOMM Computer Communication Review. 2004;34(2): 39-53.

Deka RK, Bhattacharyya DK. Self-similarity based DDoS attack detection using Hurst parameter. Security and Communication Networks. 2016;9(17): 4468-81. Available from: doi: 10.1002/sec.1639 [Accessed 2017 Jun 16].

Alomari E, Manickam S, Gupta B, Karuppayah S, Alfaris R. Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art. International Journal of Computer Applications. 2012;49(7): 24-32.

Yi Xie, Shun-Zheng Yu. Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking. 2009;17(1): 15-25.

Zhou W, Jia W, Wen S, Xiang Y, Zhou W. Detection and defense of application-layer DDoS attacks in backbone web traffic. Future Generation Computer Systems. 2014;38: 36-46.

Peraković D, Periša M, Cvitić I. Analysis of the IoT impact on volume of DDoS attacks. In: Bakmaz M, Bojović N, Marković D, Marković G, Radojičić V. (eds.) XXXIII Simpozijum o novim tehnologijama u poštanskom i telekomunikacionom saobraćaju – PosTel 2015. Beograd, Serbia; 2015. p. 295-304.

Prolexic. Prolexic Quarterly Global DDoS Attack Report (Q2-2013). Prolexic Technologies, Inc.; 2013.

Prolexic. Prolexic Quarterly Global DDoS Attack Report (Q3-2013). Prolexic Technologies, Inc.; 2014.

Prolexic. Prolexic Quarterly Global DDoS Attack Report (Q4-2013). Prolexic Technologies, Inc.; 2014.

Prolexic. Prolexic Attack Report (Q1-2014). Prolexic Technologies, Inc.; 2014.

Akamai. Faster Forward to the Latest Global Broadband Trends (Q2-2014). Akamai Technologies Inc; 2014.

Akamai. Akamai’s State of the Internet - Security (Q3- 2014). Akamai Technologies Inc.; 2014.

Akamai. Akamai’s State of the Internet - Security (Q4-2014). Akamai Technologies Inc.; 2014.

Akamai. Akamai’s State of the Internet - Security (Q2-2015). Akamai Technologies Inc.; 2015.

Akamai. Akamai’s State of the Internet - Security (Q3-2015). Akamai Technologies Inc.; 2015.

Akamai. Akamai’s State of the Internet - Security (Q4-2015). Akamai Technologies Inc.; 2015.

Akamai. Akamai’s State of the Internet - Security (Q1-2016). Akamai Technologies Inc.; 2016.

Akamai. Akamai’s State of the Internet - Security (Q2-2016). Akamai Technologies Inc.; 2016.

Akamai. Akamai’s State of the Internet - Security (Q3-2016). Akamai Technologies Inc.; 2016.

Akamai. Akamai’s State of the Internet - Security (Q4-2016). Akamai Technologies Inc.; 2016.

Akamai. Akamai’s State of the Internet - Security (Q1-2017). Akamai Technologies Inc.; 2017.

Akamai. Akamai’s State of the Internet - Security (Q2-2017). Akamai Technologies Inc.; 2017.

Akamai. Akamai’s State of the Internet - Security (Q3-2017). Akamai Technologies Inc.; 2017.

Akamai. Akamai’s State of the Internet - Security (Q4-2017). Akamai Technologies Inc.; 2017.

Somani G, Gaur MS, Sanghi D, Conti M, Buyya R. DDoS attacks in cloud computing: Issues, taxonomy, and future directions. Computer Communications. 2017;107: 30-48.

Cvitić I, Vujić M, Husnjak S. Classification of Security Risks in the IoT Environment. In: Katalinic B. (ed.) Annals of DAAAM and Proceedings of the International DAAAM Symposium, 21 – 24 September 2015, Zadar, Croatia. 2016. p. 0731-40.

Tan Z, Jamdagni A, He X, Member S, Nanda P, Member S, et al. Detection of Denial-of-Service Attacks Based on Computer Vision Techniques. IEEE Transactions on Computers. 2015;64(9): 1-14.

Bhuyan MH, Bhattacharyya DK, Kalita JK. Network Anomaly Detection: Methods, Systems and Tools. IEEE Communications Surveys & Tutorials. 2014;16(1): 303-36.

Zeb K, AsSadhan B, Al-Muhtadi J, Alshebeili S. Anomaly detection using Wavelet-based estimation of LRD in packet and byte count of control traffic. In: 2016 7th International Conference on Information and communication Systems (ICICS); 2016. p. 316-21.

Xiang Y, Li K, Zhou W. Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Transactions on Information Forensics and Security. 2011;6(2): 426-37.

Zargar ST, Joshi J, Tipper D. A survey of defense mechanisms against distributed denial of service (DDOS) flooding attacks. IEEE Communications Surveys and Tutorials. 2013;15(4): 2046-69.

Bhuyan MH, Kashyap HJ, Bhattacharyya DK, Kalita JK. Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions. The Computer Journal. 2014;57(4): 537-56.

Zeb K, AsSadhan B, Al-Muhtadi J, Alshebeili S, Bashaiwth A. Volume based anomaly detection using LRD analysis of decomposed network traffic. In: Fourth edition of the International Conference on the Innovative Computing Technology (INTECH 2014). IEEE; 2014. p. 52-7.

Kaur G, Saxena V, Gupta JP. Detection of TCP targeted high bandwidth attacks using self-similarity. Journal of King Saud University - Computer and Information Sciences. 2017; Available from: http://linkinghub.elsevier.com/retrieve/pii/S1319157817300617

Johnson Singh K, Thongam K, De T. Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks. Entropy. 2016;18(10): 350.

Feinstein L, Schnackenberg D, Balupari R, Kindred D. Statistical approaches to DDoS attack detection and response. In: Proceedings DARPA Information Survivability Conference and Exposition. IEEE Comput. Soc; 2003. p. 303-14.

Oshima S, Nakashima T, Sueyoshi T. A Statistical DoS/DDoS Detection Method Using the Window of the Constant Packet Number. In: 2009 2nd International Conference on Computer Science and its Applications. IEEE; 2009. p. 1-6.

Hoque N, Bhattacharyya DK, Kalita JK. FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis. Security and Communication Networks. 2016;9(22): 2032-41.

Hoque N, Bhattacharyya DK, Kalita JK. Denial of Service Attack Detection using Multivariate Correlation Analysis. In: Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies - ICTCS ’16. New York, USA: ACM Press; 2016. p. 1-6.

Arjun H, Maknur SG. A System for Denial-of-Service Attack Detection Based on Multivariate Correlation Analysis. International Journal of Innovative Research in Computer and Communication Engineering. 2015;3(4): 447-56.

Sharma N, Mahajan A, Mansotra V. Machine Learning Techniques Used in Detection of DOS Attacks: A Literature Review. 2016;6(3): 100-5.

Hamid Y, Sugumaran M, Journaux L. Machine Learning Techniques for Intrusion Detection. In: Proceedings of the International Conference on Informatics and Analytics - ICIA-16. New York, New York, USA: ACM Press; 2016. p. 1-6.

Balkanli E, Alves J, Zincir-Heywood AN. Supervised learning to detect DDoS attacks. In: 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS). IEEE; 2014. p. 1-8.

Osanaiye O, Choo K-KR, Dlodlo M. Analysing Feature Selection and Classification Techniques for DDoS Detection in Cloud. In: Southern Africa Telecommunication Networks and Applications Conference (SATNAC) 2016. Western Cape, South Africa; 2016. p. 198-203.

Singh M, Jain SK. Evaluating Machine Learning Algorithms for Detecting DDoS Attacks. In: Wyld DC, Wozniak M, Chaki N, Meghanathan N, Nagamalai D. (eds.) Communications in Computer and Information Science. Berlin, Heidelberg: Springer; 2011. p. 608-621.

Jia B, Huang X, Liu R, Ma Y. A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning. Journal of Electrical and Computer Engineering. 2017:1-9.

Jalili R, Imani-Mehr F, Amini M, Shahriari HR. Detection of Distributed Denial of Service Attacks Using Statistical Pre-processor and Unsupervised Neural Networks. In: International Conference on Information Security Practice and Experience, Singapore; 2005. p. 192-203.

Saied A, Overill RE, Radzik T. Artificial Neural Networks in the Detection of Known and Unknown DDoS Attacks. In: Corchado MJ, Bajo J, Kozlak J, Pawlewski P, Molina JM, Gaudou B, Julian V, Unland R, Lopes F, Hallenborg K, García P. (eds.) Proof-of-Concept. In: PAAMS 2014: Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. Springer; 2014. p. 309-320.

Peraković D, Periša M, Cvitić I, Husnjak S. Model for detection and classification of DDoS traffic based on artificial neural network. Telfor Journal. 2017;9(1).

Tuncer T, Tatar Y. Detection SYN Flooding Attacks Using Fuzzy Logic. In: 2008 International Conference on Information Security and Assurance (ISA 2008). IEEE; 2008. p. 321-5.

Xia Z, Lu S, Li J, Tang J. Enhancing DDoS flood attack detection via intelligent fuzzy logic. Informatica. 2010;34(4): 497-507.

Doshi R, Apthorpe N, Feamster N. Machine Learning DDoS Detection for Consumer Internet of Things Devices. CoRR, abs/180404159. 2018; Available from: http://arxiv.org/abs/1804.04159

Meidan Y, Bohadana M, Mathov Y, Mirsky Y, Breitenbacher D, Shabtai A, et al. N-BaIoT: Network-based Detection of IoT Botnet Attacks Using Deep Autoencoders. IEEE Pervasive Computing. 2018;13(9): 1-8.

Cvitić I, Peraković D, Periša M, Botica M. Novel approach for detection of IoT generated DDoS traffic. Wireless Networks [Internet]. 2019; Available from: doi:10.1007/s11276-019-02043-1

Bhuyan MH, Bhattacharyya DK, Kalita JK. Towards generating real-life datasets for network intrusion detection. International Journal of Network Security. 2015;17(6): 683-701.

Published
2019-08-23
How to Cite
1.
Cvitić I, Peraković D, Periša M, Husnjak S. An Overview of Distributed Denial of Service Traffic Detection Approaches. PROMET [Internet]. 2019Aug.23 [cited 2019Sep.21];31(4):453-64. Available from: http://traffic.fpz.hr/index.php/PROMTT/article/view/3082
Section
Articles