An impact analysis: Real time DDoS attack detection and mitigation using machine learning

Abstract

Distributed Denial of service (DDoS) attacks is the most devastating attack which tampers the normal functionality of critical services in internet community. DDoS cyber weapon is highly motivated by several aspects including hactivitism, personal revenge, anti-government force, disgruntled employers/customers, ideological and political cause, cyber espionage and so on. IP spoofing is the powerful technique used by attackers to disrupt the availability of services in the internet network by impersonating as a trusted source. Since the spoofed traffic shares the same resources as that of the legitimate one's detection and filtering becomes very essential. The proposed model consists of online monitoring system (OMS), spoofed traffic detection module and interface based rate limiting (IBRL) algorithm. OMS provides DDoS impact measurements in real time by monitoring the degradation in host and network performance metrics. The spoofed traffic detection module incorporates hop count inspection algorithm (HCF) to check the authenticity of incoming packet by means of source IP address and its corresponding hops to destined victim. HCF coupled with support vector machine (SVM) provides 98.99% accuracy with reduced false positive. Followed with, IBRL algorithm restricts the traffic aggregates at victim router when exceeding system limits in order to provide sufficient bandwidth for remaining flows.