A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset



Similar documents
ENGINEERING COMPUTATION BY ARTIFICIAL NEURAL NETWORKS. Explaining Neural Networks

Finite Dimensional Vector Spaces.

1.- L a m e j o r o p c ió n e s c l o na r e l d i s co ( s e e x p li c a r á d es p u é s ).

1. Online Event Registration 2. Event Marketing 3. Automated Event Progress Reports 4. Web based Point of Sale Terminal 5. Marketing System

Paper Technics Orientation Course in Papermaking 2009:

SAN JOSE UNIFIED RETURNING VOLUNTEER DRIVER PACKET

Transistor is a semiconductor device with fast respond and accuracy. There are two types

A Formal Model for Data Flow Diagram Rules

Learning & Development

Comparing plans is now simple with metal plans. What Does it Mean to Have a 6-Tier Pharmacy Plan? Tie. Individual Health Insurance


A Novel Approach For Generating Rules For SMS Spam Filtering Using Rough Sets

GROUP MEDICAL INSURANCE PROPOSAL FORM GROUP MEDICAL INSURANCE PROPOSAL FORM

Section 7.4: Exponential Growth and Decay

An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks

Network Security. Marcus Bendtsen Institutionen för Datavetenskap (IDA) Avdelningen för Databas- och Informationsteknik (ADIT)

Who uses our services? We have a growing customer base. with institutions all around the globe.


Campus Sustainability Assessment and Related Literature

First Cut Stock Study Report

Applications of Support Vector Machine Based on Boolean Kernel to Spam Filtering

Victims Compensation Claim Status of All Pending Claims and Claims Decided Within the Last Three Years

Denial of Service Attacks and Countermeasures. Extreme Networks, Inc. All rights reserved. ExtremeXOS Implementing Advanced Security (EIAS)

Evaluating Direct Marketing Practices On the Internet via the Fuzzy Cognitive Mapping Method

Magic Message Maker Amaze your customers with this Gift of Caring communication piece

Network and Services Discovery

Network Security. Chapter 9. Attack prevention, detection and response. Attack Prevention. Part I: Attack Prevention

CHAPTER 2. Time Value of Money 6-1

DEVELOPMENT OF MODEL FOR RUNNING DIESEL ENGINE ON RAPESEED OIL FUEL AND ITS BLENDS WITH FOSSIL DIESEL FUEL

PIN #1 ID FIDUCIAL LOCATED IN THIS AREA TOP VIEW. ccc C SIDE VIEW

How To Get A Pension In Chile

Development of a Network Intrusion Detection System


Form: Parental Consent for Blood Donation

Problem Set 6 Solutions

Question 3: How do you find the relative extrema of a function?

Bishaash. o k j. k k k k k j. k k. k k k e j k k k j k k k j. - one's ask - ing if I know the spell - ing of "Help"...

CLOUD COMPUTING BUSINESS MODELS

Teacher s Hourly Wages: A Comparison Across Michigan Schools and Alternative Occupations

CHAPTER 4c. ROOTS OF EQUATIONS



Why An Event App... Before You Start... Try A Few Apps... Event Management Features... Generate Revenue... Vendors & Questions to Ask...

Basic statistics formulas

Introduction about DDoS. Security Functional Requirements

CAFA DIVERSITY JURISDICTION

Using Predictive Modeling to Reduce Claims Losses in Auto Physical Damage

Proactive Detection of DDoS Attacks Utilizing k-nn Classifier in an Anti-DDos Framework

Adverse Selection and Moral Hazard in a Model With 2 States of the World

Online Insurance Consumer Targeting and Lifetime Value Evaluation - A Mathematics and Data Mining Approach

10/19/2011. Financial Mathematics. Lecture 24 Annuities. Ana NoraEvans 403 Kerchof

NEURAL DATA ENVELOPMENT ANALYSIS: A SIMULATION

Econ 371: Answer Key for Problem Set 1 (Chapter 12-13)

Evaluating Microsoft Hyper-V Live Migration Performance Using IBM System x3650 M3 and IBM N series N5600

CS155 - Firewalls. Simon Cooper <sc@sgi.com> CS155 Firewalls 22 May 2003

M P L S /V P N S e c u rity , C is c o S y s te m s, In c. A ll rig h ts re s e rv e d.

PREFERRED LIFE INSURANCE NORTH AMERICA

ELECTRICAL CAPACITY SYMBOL EQUIPMENT TYPE LOCATION / SERVING MFR MODEL (GALLONS) VOLTS PH AMPS WATTS

International Journal of Innovative Research in Advanced Engineering (IJIRAE) ISSN: Volume 1 Issue 11 (November 2014)

QUANTITATIVE METHODS CLASSES WEEK SEVEN

EM EA. D is trib u te d D e n ia l O f S e rv ic e

Initial inventory levels for a book publishing firm

Denial of Service Attacks

The Casino Experience

Carrier/WAN SDN Brocade Flow Optimizer Making SDN Consumable

Term Structure of Interest Rates: The Theories

MITIGATING DoS/DDoS ATTACKS USING IPTABLES

How To Prevent DoS and DDoS Attacks using Cyberoam

THE OLIVET COLLEGE WING-T PASSING GAME

Intrusion Detection System Based Network Using SNORT Signatures And WINPCAP

Chapter 4: Thinking Like a Programmer

Dr David Dexter The Parkinson s UK Brain Bank

5.4 Exponential Functions: Differentiation and Integration TOOTLIFTST:

STOCK MARKET DECISION MAKING MACHINE

DDos. Distributed Denial of Service Attacks. by Mark Schuchter

The Beer-Bouguer-Lambert law. Concepts of extinction (scattering plus absorption) and emission. Schwarzschild s equation.

Exponential Generating Functions

Traffic Flow Analysis (2)

OLD VULNERABILITIES IN NEW PROTOCOLS? HEADACHES ABOUT IPV6 FRAGMENTS

BASIC DEFINITIONS AND TERMINOLOGY OF SOILS

Consistency Test on Mass Calibration of Set of Weights in Class E 2 and Lowers

@PATilKA. ENIITH]\'ONIKO tiepioaiko IYr'fP,,L\Ii\IA I,KAiAOil4I,,N0.\TIO'I'0 OPAKIKO K[N- PO _!,I}IPI,.\ OPAKIKON I\,II.I\F.TQi\

Sun Synchronous Orbits for the Earth Solar Power Satellite System

Authenticated Encryption. Jeremy, Paul, Ken, and Mike

Repulsive Force

Attack and Defense Techniques

CYBER ATTACKS EXPLAINED: PACKET CRAFTING


Attack Lab: Attacks on TCP/IP Protocols

Detection of Distributed Denial of Service Attacks Using Statistical Pre-Processor and Unsupervised Neural Networks

20-CS X Network Security Spring, An Introduction To. Network Security. Week 1. January 7

TIME VALUE OF MONEY: APPLICATION AND RATIONALITY- AN APPROACH USING DIFFERENTIAL EQUATIONS AND DEFINITE INTEGRALS


OFFSHORE INTERNATIONAL MARINE PERSONNEL SERVICES, INC. EMPLOYMENT APPLICATION

Transcription:

ISSN: 78 133 Itratoal Joural Advad Rarh Comutr Egrg & Thology (IJARCET) Volum, No 5, May 013 A Stattal Aroah to Clafy ad Idtfy DDoS Attak ug UCLA Datat Thw Thw Oo, Thadar Phyu Abtrat Nowaday, Itrt th mot wll-kow ad oular thg that wdly ud by huma bg. It alo a tal art huma lf ad rovd th bt ad fat ommuato mdum. A may ol wdly ud Itrt,.., o may ur Itrt rag, twork urty attak ar alo rag. Amog th urty attak, DDoS (Dtrbutd Dal Srv) th mot rou attak for twork urty. Th attak ot drt attak bau t do ot tr drtly to th ytm ad do ot damag t. I th ar, th two rood algorthm a b lafd ad dtfd what ty DDoS attak by ug UCLA data t. At frt, akt lafato algorthm laf ormal ad attak from omg akt. To gt mor aurat rult, K-NN lafr tmat ormal or attak from rult akt lafato algorthm. Fally, th rood algorthm laf ad dtf ty DDoS attak. Idx Trm DDoS, UCLA, twork urty I. INTRODUCTION May ol wdly ud Itrt all ovr th world. A th umbr Itrt ur ar rag wth w ad dvlod rv, may urty attak thrat hav bom oular. Som rou attak xo ad xlot may urty vulrablt. Rtly, rort for twork urty brah dat that th mat ad th damagd ot attak ar otuouly rag. Th mot oular rt twork attak trd th u twork traff that floodg attak. A attakr llgally la twork or hot, wthout trudg to th hot. Th ty attak uh a Dal Srv(DoS) ad Dtrbutd Dal Srv(DDoS) attak ar th rou attak that a au th mor damag tha th othr attak [1,3,6]. A kllful DoS/ DDoS attak xlot th ytm qukly ad t dffult to tra bak th trudr. Th ar fou o DDoS attak dtto ad lafato mthod, ally for ag ad floodg attak. Th rood ytm aalyz twork traff bad o tattal aroah by ug UCLA data t[7]. Th rood ytm haratrz fld valu (akt out, avrag akt z, tm-trval vara, akt-z vara, ad o o). Th ar orgazd a follow: Sto II trodu om rvou rarh orrodg to DDoS attak. Sto III rt arhttur DDoS attak ad ty DDoS attak ar rtd Sto IV. Th th rood ytm rtd Sto V ad ad rult xrmtal valuato drb Sto VI ad fally th oluo th ar. II. RELATED WORK I th to, om rvou aroah to dtt DDoS attak ar dud. I [5] th rood ytm a tattal aroah mthod bad o varou fatur attak akt, obtad from tudy from omg twork traff ad ug Radal Ba Futo(RBF) Nural Ntwork to aalyz th fatur. Th rood ytm a b lafd thr ormal or attak, but that a t b lafd ad dtfd what ty attak. I[4] th ar rt a abormal twork dttg mthod ad a ytm rototy ad uggt a dtto algorthm ug hag traff attr that aard durg a attak. Th rood ytm a dtfy attak but that aot b dttd by xamg oly gl akt formato. I[] th rood ytm trodu a mthod for roatv dtto DDoS attak by lafyg th twork tatu. Th, t vtgat th rodur DDoS attak ad lt varabl bad o th fatur ad fally, aly th K-Nart Nghbour(K-NN) mthod to lafy th twork tatu to ah ha DDoS attak. III. ARCHITECTURE OF DDOS ATTACK DDoS attak, maly lud fdg hot, makg ommuato to hot, omrom hot ad lauhg attak. Th followg t ar th dtal ro DDoS attak: (1) Bfor tartg DDoS attak, th attakr arh th hot th twork whh hot hav urty vulrablty ad wak. Th th attakr trud th vulrabl hot ad thy gt admtrato authorty to tall otrol rogram. () Th attakr gv otrol truto/ommad to th hadlr that au th hadlr do ordr to th agt. Grally, o or mor hadlr tak otrol th agt. (3) Th agt otuouly or rodally d a hug umbr ul akt to th vtm. Wh th vtm rv th hug amout akt, thy aot rod 1766

ISSN: 78 133 Itratoal Joural Advad Rarh Comutr Egrg & Thology (IJARCET) Volum, No 5, May 013 for th tr omg rqut. Th othr ormal rqut ar ot abl to rv ad orrodg rly to thm bau th ogtd twork traff ad th vtm ytm rah ad low dow. th ort mot lkly lod ad dtf ottally o ad fltrd ort. V. PROPOSED SYSTEM Th rood ytm volv th followg t: (1) Collto akt () Fatur Extrato (3) Attak lafato by ug Pakt Clafato Algorthm (4) Etmat ug K-NN Clafr (5) DDoS attak lafato Fg.1.Arhttur DDoS Attak IV. TYPES OF DDOS ATTACKS I th ar, th rood ytm mhaz two ty DDoS attak; floodg ad ag attak. Thr ar may ty floodg ad ag attak uh a SYN Floodg attak, ACK Floodg, SYN Sa ad ACK Sa, t. I a TCP SYN floodg attak, a attakr d may SYN mag, wth od IP addr, to a gl rvr vtm. Although th rvr rl wth SYN/ACK mag, th mag ar vr akowldgd by th lt. A a rult, may halfo oto xt o th rvr, oumg t rour.th otu utl th rvr ha oumd all t rour, h a o logr at w TCP oto rqut. ACK Flood attak u a larg umbr ACK akt to attak th vtm, wth all TCP mag bg wth ACK flag bt. Wh th hot rv a akt wth ACK flag bt, th xt th four-tul oto xrd by th akt d to b hkd. If th four-tul oto xt, th hot hk whthr th tat rrtd by th akt lgal, ad th th akt a b ad to th alato layr. If th akt foud to b llgal durg th to (.g. f th akt targtd ort do ot o o th mah) th th hot' oratg ytm rotool tak wll rod wth a RST akt, tllg th othr d that th ort do ot xt. I SYN Sa, d a SYN akt to th targtd dtato ort. If a hot rl wth a RST or do ot rly, th ort lod. If a hot rl wth a ACK, lo th oto by RSTad dtf o ort. I ACK Sa, d a ACK akt to th targtd dtato ort. If a hot rl wth a RST, a ort mot lkly o. If a hot do ot rly but a ICMP dtato urahabl akt rvd, th ort fltrd. Othrw A. Collto Pakt Th rood ytm ollt th omg akt vry o od. For olltg akt o od, t do ot mat to th lafato auray. Th u logr flow tmout obl; howvr, thr logr lafato ro. B. Fatur Extrato Fatur xtrato alulat th ltd fatur for aturd akt. Th fatur ar rood by obrvg th haratrt DDoS attak akt. Th fatur a b ud to rogz ad lafy omg attak akt. Th rood fatur xla a follow: Numbr akt: Total umbr akt from our IP to dtato IP. Durg a attak, th attakr d a larg umbr akt to th vtm ytm. Numbr byt: Total umbr byt t from our IP to dtato IP. It ra wh lauhg DDoS attak. Avrag akt z: Th rato umbr byt to umbr akt. It ra attak tm. Pakt rat: Rat akt r od. For akt rat alulato: 1 Pakt rat r od = t t = umbr akt = d akt t tm = tart akt t tm Byt rat: Rat akt byt r od. For byt rat alulato: 1 Byt rat r od = bt b t t t = total umbr byt = d akt t tm = tart akt t tm t t ) ) 1767

ISSN: 78 133 Itratoal Joural Advad Rarh Comutr Egrg & Thology (IJARCET) Volum, No 5, May 013 vara Tm-trval vara: Th attakr d attak akt th am tm a whl lauhg DDoS attak, o tm trval vara wll b lor to zro. For tm-trval vara alulato: () Frt, alulatg th ma:, = 1,,3, () Sod, quarg dvato th ma, = ollto umbr(1,,3, ) ()Thrd, fal alulato tm-trval- Pakt-z vara: Although ormal akt hav dffrt akt z, attak akt z ar th am. So akt-z-vara wll b lor to zro. For akt z alulato: () Frt, alulatg th ma:, = 1,,3, () Sod, quarg dvato th ma ()Thrd, fal alulato akt-z-vara C. Attak lafato by ug Pakt Clafato Algorthm Th algorthm hk th fld valu th akt. Th dagram Fgur () laf attak by th fld valu th akt. N o: kt Av g kt z t t t t Pa kt z var a T- m- It -rval var -a Numbr byt t t Pa -kt rat r Byt Rat r od No: Flag a -kt Cla - L L >0 L L <α L L Normal H H <0 <0 H >λ H H Atta -k t) ( ) ( ) D.Etmat ug K-NN Clafr It obl that o fld valu th omg akt may m wth th fld valu th algorthm. For xaml, ormal a, akt z vara valu ot (>0) although othr fld valu math to th algorthm. If th a our, t aot b ur that ormal or attak. Wh th a our, th rood ytm dtf that th a Othr a whh ot ormal or attak. To dtfy Othr a a ormal or attak, u th K-NN lafr to tmat ormal or attak. Thr ar may wll-kow mthod for lafyg doumt uh a SVM, NN, fuzzy log, ad rough t.w hoo th k-nn mthod bau th mthod ha fatur that ar utabl for rood ytm.th fatur ar: ay mlmtato, hort tm omutato, ad hgh auray.th k-nn algorthm a mlarty-bad larg algorthm ad kow to b hghly fftv varou roblm doma, ludg lafato roblm. Gv a tt lmt dt, th k-nn algorthm fd t k art ghbor amog th trag lmt, whh form th ghborhood dt. E.DDoS Attak Clafato Fg..K-NN Clafr Fally, th rood algorthm laf ad dtf what ty attak. IF (o-akt==high) AND (avg-akt-z wth am Dtato IP==HIGH) AND (rotool==udp) THEN UDP Floodg IF (o-akt==high) AND (avgakt-z wth am Dtato IP==HIGH) AND (rotool==tcp) Bg IF(o-ACK wth am dtato THEN TCP ACK Floodg IF (o-syn wth am dtato THEN TCP SYN Floodg Ed 1768

ISSN: 78 133 Itratoal Joural Advad Rarh Comutr Egrg & Thology (IJARCET) Volum, No 5, May 013 IF(o-akt==HIGH) AND (o-dtato- AND (o-our-ip== LOW) Bg IF (o-ack wth am dtato THEN TCP ACK Sag IF (o-syn wth am dtato THEN TCP SYN Sag IF (o-fin wth am dtato THEN TCP FIN Sag Ed IF (o-akt==high) AND (o-dtato-ip==high) AND (o-dtato-ort==low) THEN Ntwork Sag Attak VI. EXPERIMENTAL EVALUATION I th to, th rood DDoS attak dtto drbd by th valuato rult. Th rood ytm laf DDoS attak by ug UCLA Datat. Tabl I how mathmatal alulato for fatur xtrato. Fg.3. Collto akt from raw log fl Fg.4. Collto akt for o od ad tor to databa VI. CONCLUSIONS Th mot rou attak for twork urty DDoS (Dtrbutd Dal Srv) attak.th mor th rat th trt uag ra, th mor hallg ra for fft DDo dtto ytm.so thr ar may hallg for dttg ad lafyg DDoS attak. I th rood ytm, DDoS attak akt ar tudd from UCLA data t ad xtrat th fatur to aalyz ad lafy DDoS attak. Th rood algorthm ad akt lafato algorthm wll b fft ad utabl for lafyg DDoS floodg ad ag attak. 1. Drw Da, Matt Frakl, ad Adam Stubblfld, A algbra aroah to trabak, Pro. Ntwork ad Dtrbutd Sytm Surty Symoum, NDSS '01, Sa Dgo, Calfora, Fbruary 001.. Hoa-Vu Nguy ad Yogu Cho, Proatv Dtto DDoS Attak Utlzg k-nn Clafr a At-DDo Framwork, Itratoal Joural Eltral ad Eltro Egrg 4:4 010 3. L. Joh Ioad ad Stv M. Bllov, Imlmtg uhbak: Routrbad df agat DDoS att ak, Pro. Ntwork ad Dtrbutd Sytm Surty Symoum, NDSwS 0, Sa Dgo,Calfora, Fbruary 00. 4. Myug-Su Km, Hu-Jog Kag, Sog-Chol Hog, Sug-Hwa Chug, ad Jam W. Hog, Dt. Comutr S ad Egrg, POSTECH, A Flow-bad Mthod for Abormal Ntwork Traff Dtto. 5. Ryhah Karmazad ad Ahmad Faraah, A Aomaly-Bad Mthod for DDoS Attak Dtto ug RBF Nural Ntwork, 011 Itratoal Cr o Ntwork ad Eltro Egrg, IPCSIT vol.11 (011) (011) IACSIT Pr, Sgaor. 6. Stfa Savag, Davd Wthrall, Aa Karl, ad Tom Adro, Pratal twork uort for IP trabak, Pro. th 000 ACM SIGCOMM, Stokholm, Swd, Augut 000. 7. UCLA CSD akt tra. htt://www.lar..ula.du/ddo/tra/ubl/u. 1769

ISSN: 78 133 Itratoal Joural Advad Rarh Comutr Egrg & Thology (IJARCET) Volum, No 5, May 013 No Sour IP Dtato IP Calulatd Fatur Numbr akt Avrag akt z Tm-trval vara Pakt-z-v ara TABLE I.MATHEMATICAL CALCULATION FOR FEATURES EXTRACTION Numbr byt Pakt rat Byt rat 1 14.38.35.57 1.1.1.57 5 7 1.58 3.9 94 0.61 154.89 69.9.75.100 1.1.180.177 17 69 3.98 69.88 1140 1.7 68.79 3 1.6.54.8 1.1.1.0 1355 970 0.001 0.0 1636585 34.73 7659.58 4 69.9.3.1 1.1.180.177 1504 994 0.001 0.01 1599453 39.05 86958.36 1770

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information