Using a History-based Profile to Detect and Respond to DDoS Attacks

Negar Mosharraf, Anura P. Jayasumana, Indrakshi Ray

Abstract

Distributed Denial-of-Service (DDoS) attack has been identified among the most serious threat to service availability on the Internet. It prevents legitimate users from accessing the victim node by flooding and consuming network resources. In order to combat such attacks, a distributed defense mechanism is needed that will thwart the attack traffic in real time. We propose one such mechanism that when deployed is able to filter out malicious and allow legitimate traffic to the extent possible during the attack period. We characterize the network traffic and introduce a new history-based profile algorithm that filters potential attack traffic and aims to maximize the flow of legitimate traffic in the event of an attack. We investigate the features of network traffic that can be used to do such filtration. We use a Bloom filter based mechanism to efficiently implement the history-based profile model which serves to reduce the communication and computation costs. We evaluate our scheme using simulations on recent real-world traffic datasets. The experimental results demonstrate the effectiveness of our scheme. In order to improve communication and computation costs even further, we propose using three octets of the IP address instead of the whole address. We also demonstrate how using three octets of IP address impacts the accuracy, efficiency, and memory requirement of the filtering mechanism.

Download


Paper Citation


in Harvard Style

Mosharraf N., P. Jayasumana A. and Ray I. (2017). Using a History-based Profile to Detect and Respond to DDoS Attacks . In Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017) ISBN 978-989-758-259-2, pages 175-186. DOI: 10.5220/0006435801750186


in EndNote Style

TY - CONF
JO - Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)
TI - Using a History-based Profile to Detect and Respond to DDoS Attacks
SN - 978-989-758-259-2
AU - Mosharraf N.
AU - P. Jayasumana A.
AU - Ray I.
PY - 2017
SP - 175
EP - 186
DO - 10.5220/0006435801750186


in Bibtex Style

@conference{secrypt17,
author={Negar Mosharraf and Anura P. Jayasumana and Indrakshi Ray},
title={Using a History-based Profile to Detect and Respond to DDoS Attacks},
booktitle={Proceedings of the 14th International Joint Conference on e-Business and Telecommunications - Volume 6: SECRYPT, (ICETE 2017)},
year={2017},
pages={175-186},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0006435801750186},
isbn={978-989-758-259-2},
}