A Novel Defense Mechanism against Distributed Denial of Service Attacks using Fuzzy Logic



Similar documents
Preventing DDOS attack in Mobile Ad-hoc Network using a Secure Intrusion Detection System

Comparison of Various Passive Distributed Denial of Service Attack in Mobile Adhoc Networks

A Review of Anomaly Detection Techniques in Network Intrusion Detection System

Survey on DDoS Attack Detection and Prevention in Cloud

A Secure Intrusion detection system against DDOS attack in Wireless Mobile Ad-hoc Network Abstract

Ashok Kumar Gonela MTech Department of CSE Miracle Educational Group Of Institutions Bhogapuram.

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

Survey on DDoS Attack in Cloud Environment

Preventing Resource Exhaustion Attacks in Ad Hoc Networks

A Novel Distributed Denial of Service (DDoS) Attacks Discriminating Detection in Flash Crowds

Prediction of DDoS Attack Scheme

ENHANCED GREEN FIREWALL FOR EFFICIENT DETECTION AND PREVENTION OF MOBILE INTRUDER USING GREYLISTING METHOD

Two State Intrusion Detection System Against DDos Attack in Wireless Network

Detection of Distributed Denial of Service Attack with Hadoop on Live Network

Anomaly Intrusion Detection System in Wireless Sensor Networks: Security Threats and Existing Approaches

Firewalls and Intrusion Detection

An Efficient Way of Denial of Service Attack Detection Based on Triangle Map Generation

Knowledge Based System for Detection and Prevention of DDoS Attacks using Fuzzy logic

Security for Ad Hoc Networks. Hang Zhao

Security Scheme for Distributed DoS in Mobile Ad Hoc Networks

Adaptive Discriminating Detection for DDoS Attacks from Flash Crowds Using Flow. Feedback

CHAPTER 1 INTRODUCTION

How To Detect Denial Of Service Attack On A Network With A Network Traffic Characterization Scheme

DDOS WALL: AN INTERNET SERVICE PROVIDER PROTECTOR

DoS: Attack and Defense

Radware s Behavioral Server Cracking Protection

Queuing Algorithms Performance against Buffer Size and Attack Intensities

Design and Experiments of small DDoS Defense System using Traffic Deflecting in Autonomous System

SECURE AND EFFICIENT ROUTE TRANSFER AND REPUTATION MANAGEMENT SYSTEM FOR GENERIC ADHOC NETWORK

INTERNATIONAL JOURNAL OF PURE AND APPLIED RESEARCH IN ENGINEERING AND TECHNOLOGY

An Implementation of Secure Wireless Network for Avoiding Black hole Attack

III. Our Proposal ASOP ROUTING ALGORITHM. A.Position Management

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

Survey on different attacks in Wireless Sensor Networks and their prevention system

STUDY OF IMPLEMENTATION OF INTRUSION DETECTION SYSTEM (IDS) VIA DIFFERENT APPROACHS

SECURE SIGNATURE BASED CEDAR ROUTING IN MOBILE ADHOC NETWORKS

Complete Protection against Evolving DDoS Threats

Intrusion Detection for Mobile Ad Hoc Networks

An Efficient Filter for Denial-of-Service Bandwidth Attacks

Efficient Detection of Ddos Attacks by Entropy Variation

Dual Mechanism to Detect DDOS Attack Priyanka Dembla, Chander Diwaker 2 1 Research Scholar, 2 Assistant Professor

Keywords Attack model, DDoS, Host Scan, Port Scan

Entropy-Based Collaborative Detection of DDoS Attacks on Community Networks

Security Threats in Mobile Ad Hoc Networks

Layered Approach of Intrusion Detection System with Efficient Alert Aggregation for Heterogeneous Networks

A Catechistic Method for Traffic Pattern Discovery in MANET

White paper. TrusGuard DPX: Complete Protection against Evolving DDoS Threats. AhnLab, Inc.

Robust Security Solution to Countermeasure of Malicious Nodes for the Security of MANET

International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN: Volume 1 Issue 11 (November 2014)

EFFICIENT DETECTION IN DDOS ATTACK FOR TOPOLOGY GRAPH DEPENDENT PERFORMANCE IN PPM LARGE SCALE IPTRACEBACK

Application of Netflow logs in Analysis and Detection of DDoS Attacks

Mobile Security Wireless Mesh Network Security. Sascha Alexander Jopen

A SYSTEM FOR DENIAL OF SERVICE ATTACK DETECTION BASED ON MULTIVARIATE CORRELATION ANALYSIS

A Flow-based Method for Abnormal Network Traffic Detection

Security in Ad Hoc Network

Study of Different Types of Attacks on Multicast in Mobile Ad Hoc Networks

A Novel Packet Marketing Method in DDoS Attack Detection

DDoS Protection. How Cisco IT Protects Against Distributed Denial of Service Attacks. A Cisco on Cisco Case Study: Inside Cisco IT

DETECTING AND PREVENTING THE PACKET FOR TRACE BACK DDOS ATTACK IN MOBILE AD-HOC NETWORK

How To Prevent A Malicious Node From Attacking Manet With A Ddos Attack

Midterm. Name: Andrew user id:

SECURITY FLAWS IN INTERNET VOTING SYSTEM

How Cisco IT Protects Against Distributed Denial of Service Attacks

Wireless Sensor Network: Challenges, Issues and Research

PERFORMANCE STUDY AND SIMULATION OF AN ANYCAST PROTOCOL FOR WIRELESS MOBILE AD HOC NETWORKS

A TWO LEVEL ARCHITECTURE USING CONSENSUS METHOD FOR GLOBAL DECISION MAKING AGAINST DDoS ATTACKS

Denial of Service attacks: analysis and countermeasures. Marek Ostaszewski

WHITE PAPER. FortiGate DoS Protection Block Malicious Traffic Before It Affects Critical Applications and Systems

SECURE DATA TRANSMISSION USING INDISCRIMINATE DATA PATHS FOR STAGNANT DESTINATION IN MANET

: SENIOR DESIGN PROJECT: DDOS ATTACK, DETECTION AND DEFENSE SIMULATION

Network Based Intrusion Detection Using Honey pot Deception

Alessia Garofalo. Critical Infrastructure Protection Cyber Security for Wireless Sensor Networks. Fai della Paganella, 10-12/02/2014

Introduction to Wireless Sensor Network Security

Use of Honeypot and IP Tracing Mechanism for Prevention of DDOS Attack

Vulnerability Analysis of Hash Tables to Sophisticated DDoS Attacks

Modified AODV protocol for prevention of Denial of service attacks in wireless Ad hoc networks

Protecting DNS Critical Infrastructure Solution Overview. Radware Attack Mitigation System (AMS) - Whitepaper

Multi-Channel DDOS Attack Detection & Prevention for Effective Resource Sharing in Cloud

A Security Architecture for. Wireless Sensor Networks Environmental

A UNIFIED APPROACH FOR DETECTION AND PREVENTION OF DDOS ATTACKS USING ENHANCED SUPPORT VECTOR MACHINES AND FILTERING MECHANISMS

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

How To Classify A Dnet Attack

Bandwidth based Distributed Denial of Service Attack Detection using Artificial Immune System

Vulnerabilities of Intrusion Detection Systems in Mobile Ad-hoc Networks - The routing problem

A Defense Security Approach against Hacking Using Trusted Graphs

NETWORK INTRUSION DETECTION SYSTEM USING HYBRID CLASSIFICATION MODEL

Denial of Service Attacks, What They are and How to Combat Them

A Review on Intrusion Detection System to Protect Cloud Data

Double guard: Detecting Interruptions in N- Tier Web Applications

Early DoS Attack Detection using Smoothened Time-Series and Wavelet Analysis

A FUZZY LOGIC APPROACH FOR SALES FORECASTING


A PREVENTION OF DDOS ATTACKS IN CLOUD USING NEIF TECHNIQUES

Transcription:

A Novel Defense Mechanism against Distributed Denial of Service Attacks using Fuzzy Logic Shivani, Er. Amandeep Singh, Dr. Ramesh Chand Kashyap Abstract In this advanced smart life, internet and computer are becomes the essential components of life. From the age of computer birth to now, each individual/organization used to store their data as a soft copy in computer. With the possibility of computer connection and internet was born the necessity to protect the data from attackers who like to get authentic data for their own use. There are several types of attacks (like Dos, Sybil attack, black hole attack, grey hole attack etc) that an attacker can perform within the network to break the network security. Here, our main focus is on the distributed denial of service attack in which attacker consumes the resources of user in distributed network. So, there should be possible methods to protect the system from DDoS attacks. In this paper, we are using fuzzy inference system for defense against DDoS attacks in HTTP server. The parameters of HTTP request (GET & POST) and delta time are considered for the measurement of denial of service attacks. Also a comparison is made with naïve bayes Forest and naïve bayes Multinomial on the basis of accuracy, true positive rate and false positive rate of each algorithm. Index Terms Distributed Denial of Service Attack, HTTP Server, Wireless Network, Fuzzy Inference System. I. INTRODUCTION Wireless communication networks use various packet delivery protocols to send data. There can be one receiver in the networks or more than one receiver and even there can be one or more than one sender and sending this information through a wireless medium can be critical and challenging because there are various type of attacks [1]. We can see the commercial and military applications of wireless communication networks. The usage of wireless network in a variety of applications is highly important with the emphasis on ensuring security. Still, defense against the malicious attacks of all levels may be high or low in wireless sensor network. A variety of attacks on the network like wormholes, DoS, DDoS, sinkhole, Sybil, sleep, and selective forward Manuscript received May,2016. Shivani, Research Scholar, Department of Electronics and Communication Engineering, Rayat Institute of Engineering and Information Technology, India. Er. Amandeep Singh, Assistant Professor, Department of Electronics and Communication Engineering, Rayat Institute of Engineering and Information Technology, India.. Dr. Ramesh Chand Kashyap, Head of the Department, Department of Electronics and Communication Engineering, Rayat Institute of Engineering and Information Technology, India. attacks in the network are being observed [2][3]. Here, we are using a fuzzy logic based defense mechanism for the detection of Distributed Denial of Service attack. Denial of service attack makes the resources unavailable for the intended users making it a major potential threat to availability. Denial of Service is defined as the prevention of authorized access to resources or the delay of time critical operations [4]. DoS attack can be characterized as an attack with the purpose of preventing legitimate users from using a victim computing system or network resource. A Distributed Denial of Service (DDoS) attack is a large-scale, coordinated attack on the availability of services of a victim system or network resource, launched indirectly through many compromised network on the Internet [5]. On the Internet, a DDoS attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system [6]. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users. A hacker begins a DDoS attack by exploiting vulnerability in one computer system and making it the DDoS "master." It is from the master system that the intruder identifies and communicates with other systems that can be compromised [7]. In this research work, we have done the work for the detection of denial of service attacks against HTTP servers. Here, the parameters of HTTP request (GET & POST) and delta time are considered for the measurement of denial of service attacks. Also a comparison is made with naïve bayes Forest and naïve bayes Multinomial on the basis of accuracy, true positive rate and false positive rate of each algorithm. Rest of the paper is organized in the following manner: Section II brief about the Fuzzy Logic. Section III presents the proposed algorithm. Section IV gives the result and comparison of the proposed concept with individual MAP algorithm. Section V concludes the paper. II. FUZZY LOGIC Fuzzy logic is a human reasoning based mathematical tool that deals with parameters like accuracy, uncertainty etc. It is used in network security since long ago and deals with degree of truth instead of complete true or false values [8]. 1632

The selection of fuzzy logic for intrusion detection is presence of values in the form of interval i.e. fuzziness of the approach. Fuzzy logic can be represented with the help of membership function. The membership function can be provided in various forms. In this denial of service attacks, we are using trapezoidal membership function which can be calculated as below: Membership value = (x-a)/ (b-a) Where x=threshold value, a = number of packets forwarded, b = number of packets dropped. Fuzzy inference System is the mathematical framework of fuzzy logic. It works in three phases of fuzzification, rule generation and defuzzification [9]. Fuzzification is the process to convert the crisp values into terms of membership function. Then fuzzy rules generated in the form of If-Else form. Finally defuzzification is done to obtain the output user friendly results [10]. The If-Else rule based system is explained as below: If the output of both the modules is normal, then decision is normal. If the output of one module is normal and other one is abnormal then decision is abnormal. If the output of both modules is abnormal, then decision is abnormal. III. PROPOSED ALGORITHM This work proposes to develop a Fuzzy logic based Distributed Denial of Service attack in HTTP server. In this approach, we have considered the routing protocols of Ad hoc On Demand Distance Vector. By using the AODV protocol with HTTP server, requests are send in the form of GET and POST parameters. The data is more secure with POST method which is routed for on demand packet transfer in http server. Attacker usually attacks in the form of huge traffic and marvellous information so that resources can be consumed. In this proposed concept, the http request methods are considered with delta time (time interval between two consecutive http request from a single IP address) of the nodes. More the value of delta time, lesser will be the chances of attack. The overall decision of system is performed by the fuzzy logic. Fuzzy logic involve basically three steps, (1) fuzzification, (2) Rule based inference mechanism and (3) Defuzzification. This proposed algorithm is structured as below: Input: Virtual training dataset of packets. Output: Distributed Denial of Service Attack Detection Model. ALGORITHM (1) Z = {(N 0, N 1, N 2. N m ), BS} (2) For i = 1 to n (3) Matrix= Nodes (N(id), N (Energy), N (delta time)) (4) E t = Threshold Energy, D th = Threshold Delta Time (5) End For i (6) For i = 1 to n, (7) For j = 1 to m, (8) N i Send packets by GET request N j & N j Receive Packets by POST request N i (9) Calculate E n for each node with fuzzy logic and Delta time between two consecutive nodes D n (10) If E n > = E t and D n > D th (11) Node not affected. (12) Else, (13) Node is affected by external attacker (DDoS Attack). (14) Change the route for communication. (15) End If (16) End For j (17) End For i (18) End Explanation Step 1: Consider total N number of nodes that are randomly deployed in the network from a single base station (BS). Requests in HTTP server are send in the form of GET and POST method. Step 2: During node creation, BS will send a request message to each node and will receive the reply message for the authenticity of nodes with their ID, Energy value and Delta Time. Step 3: From the deployed N number of nodes, number of authentic nodes m are considered and defined the network structure of Z= {(N 1, N 2, N 3,.N m ), BS}. Step 4: Each node attains the Energy level of the HTTP server network. For a node at any location X, Y is represented by Ni= (rand(x), rand (Y)). A threshold Energy value and delta time is set for checking the denial of service attack as E t and D th respectively. Step 5: Initialize the fuzzification parameters and consider the nodes as the fuzzification set of rules. To search the multiple copies of same example in D, if found then keeps only one unique example in D. Step 6: Send the packets of different destination with different paths in the form of GET and POST request 1633

methods in HTTP server. All the decision are to be made by the process of fuzzification in fuzzy logic. Step 7: Fuzzy estimation is done for each node N= (N 1, N 2, N 3,.N m ). Based on the threshold value E t and D th, the matrices values are calculated to check the energy level during the packet transaction process. Step 8: Consider the matrix to store the values of node number and corresponding membership function which can be further calculated as RS[node number][member function value]. Trapezoidal membership method is used to calculate the member function value which is defined as below. Membership value = (x-a)/ (b-a) Where x=threshold value, a = number of packets forwarded, b = number of packets dropped. Step 9: Consider the membership function and calculate the energy level of each node and delta time using fuzzy rule based system. Step 10: Apply Defuzzification and check the values of each node in energy form (E n ) and delta time (D n ) using fuzzy inference rule system. Step 11: If E n > = Et and D n > D th, then node is not affected by external denial of service attacks. Step 12: If E n < E t and D n < D th, then node is affected by external denial attacks. So, discard that nodes for packet transaction and change the path for packet transaction. Step 13: Repeat the steps 7 to 12 and find the possible number of attacks. IV. RESULT & COMPARISON This section examines the performance of the proposed algorithm as compare to MAP algorithm on the basis of obtained results. The proposed concept is implemented in MATLAB version 8.3.052. The Network size of 100 nodes is considered. At each iteration change in time for the sending and receiving of packet is calculated. The process of sending packets from base station to each node is shown in figure 1. In figure 1, the base station is shown in centre. The circular nodes are the empty nodes that have already sent the data and filled circular nodes are those nodes that have received the data. Simple star structure shows data is in the path from one node to another one. During this packet transaction, proposed concept checks for security parameters in the form of REQ and REP message and assure about the defense against the DDoS attacks. For the detection of DDoS attacks, fuzzy based network control system is generated having some fuzzy rules which are shared as below: If (Energy is high) and (Delta Time is max) then (Delay is short) If (Energy is high) and (Delta Time is min) then (Delay is long) If (Energy is low) and (Delta Time is max) then (Delay is long) If (Energy is low) and (Delta Time is min) then (Delay is Denial) Fuzzy Inference System for Distributed Denial of Service attacks detection is shown in figure 2. Figure 1: Packet Transaction from BS to each node Figure 2: Fuzzy Inference System for DDoS attack Detection Further, this concept is evaluated based on the Accuracy, True Positive and False Positive values of proposed concept. The comparison of the concept is made with the existing approaches of naïve bayes classifier, RBF Network, Multilayer Perception, and naïve bayes Multinomial [11]. 1634

To check the accuracy of our proposed algorithm, we have considered the parameters of Accuracy, True Positive and False Positive values. This comparison of naïve bayes Forest, naïve bayes Multinomial and proposed algorithm is presented in table I. Algorithm Proposed Concept TABLE I: Evaluated parameters Accuracy True Positive False Positive 95.238 96.774 2.564 91.14 93.62 12.50 Multinomial True Positive 85 90 95 100 Figure 4: Comparison of Proposed Algorithm with others based on True Positive Multinomial 93.67 91.49 03.10 88.61 89.36 12.50 Random Forest 91.14 93.62 12.50 92.41 93.62 12.50 RBFN Network 89.87 95.74 18.75 This comparison of proposed algorithm with naïve bayes Forest, naïve bayes Multinomial is shown also in figure 3 to 5. Multinomial Accuracy 85 90 95 100 Figure 3: Comparison of Proposed Algorithm with others based on Accuracy Multinomial False Positive Figure 5: Comparison of Proposed Algorithm with others based on False Positive V. CONCLUSION 0 5 10 15 20 The main goal of this research thesis is the improvement of defence mechanism to ruin the DDoS attack in HTTP server based wireless network. DoS attack can be characterized as an attack with the purpose of preventing legitimate users from using a victim computing system or network resource. Here, we have proposed Fuzzy Logic based algorithm for the defense against the Distributed Denial of Service Attacks. To check the accuracy of our proposed algorithm, we have considered the parameters of Accuracy, True Positive and False Positive values. This comparison of naïve bayes Forest, naïve bayes Multinomial and proposed algorithm. The overall results for proposed algorithm as compare to other existing approaches shows better accuracy and other results as shown in table I and figure 3, figure 4 & figure 5. In this way, we can say that the proposed concept is efficient enough to defense against DDoS attacks. 1635

REFERENCES [1] Byers, Paula K., and Suzanne Michele Bourgoin. "Encyclopedia of World Biography. Ford-Grilliparzer." (1998). [2] Wu, Hongyi, Chunming Qiao, Swades De, and Ozan Tonguz. "Integrated cellular and ad hoc relaying systems: icar." Selected Areas in Communications, IEEE Journal on 19, no. 10 (2001): 2105-2115. [3] Djenouri, Djamel, Lyes Khelladi, and Nadjib Badache. "A survey of security issues in mobile ad hoc networks." IEEE communications surveys 7, no. 4 (2005): 2-28. [4] Lau, Felix, Stuart H. Rubin, Michael H. Smith, and Ljiljana Trajković. "Distributed denial of service attacks." In Systems, Man, and Cybernetics, 2000 IEEE International Conference on, vol. 3, pp. 2275-2280. IEEE, 2000. [5] Peng, Tao, Christopher Leckie, and Kotagiri Ramamohanarao. "Protection from distributed denial of service attacks using history-based IP filtering." InCommunications, 2003. ICC'03. IEEE International Conference on, vol. 1, pp. 482-486. IEEE, 2003. [6] Specht, Stephen M., and Ruby B. Lee. "Distributed Denial of Service: Taxonomies of Attacks, Tools, and Countermeasures." In ISCA PDCS, pp. 543-550. 2004. [7] Carl, Glenn, George Kesidis, Richard R. Brooks, and Suresh Rai. "Denial-of-service attack-detection techniques." Internet Computing, IEEE 10, no. 1 (2006): 82-89. [8] Dickerson, John E., and Julie A. Dickerson. "Fuzzy network profiling for intrusion detection." In Fuzzy Information Processing Society, 2000. NAFIPS. 19th International Conference of the North American, pp. 301-306. IEEE, 2000. [9] Botha, Martin, and Rossouw Von Solms. "Utilising fuzzy logic and trend analysis for effective intrusion detection." Computers & Security 22, no. 5 (2003): 423-434. [10] Ross, Timothy J. Fuzzy logic with engineering applications. John Wiley & Sons, 2009. [11] Singh, Khundrakpam Johnson, and Tanmay De. "An Approach of DDOS Attack Detection Using Classifiers." In Emerging Research in Computing, Information, Communication and Applications, pp. 429-437. Springer India, 2015. 1636

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information