DDoS attack forecasting system architecture using Honeynet

Abstract

This paper proposes a proactive security system to forecast Distributed Denial of Service (DDoS) attacks. A reactive system focused on detection after network attacks occur has difficulties responding rapidly to massive distributed attacks, such as DDoS. By forecasting the attack, we can take active countermeasures such as strengthening the power of the security devices and it would also enable us to plan a recovery procedure and countermeasures beforehand, providing a more rapid response. In this paper, we discuss previous studies related to intrusion forecasting, define the concept of intrusion forecasting and propose the Internet Intrusion Forecasting System Architecture. To obtain intrusion factors for DDoS attack forecasts, Honeynet was deployed and we analyze Hflow data gathered from Honeynet.