影响分析:使用机器学习进行实时DDoS攻击检测和缓解

2014 International Conference on Recent Trends in Information Technology Pub Date : 2014-04-10 DOI:10.1109/ICRTIT.2014.6996133

B. Kiruthika, Devi, G. Preetha, G. Selvaram, S. Mercy, Shalinie Corresponding

{"title":"影响分析:使用机器学习进行实时DDoS攻击检测和缓解","authors":"B. Kiruthika, Devi, G. Preetha, G. Selvaram, S. Mercy, Shalinie Corresponding","doi":"10.1109/ICRTIT.2014.6996133","DOIUrl":null,"url":null,"abstract":"Distributed Denial of service (DDoS) attacks is the most devastating attack which tampers the normal functionality of critical services in internet community. DDoS cyber weapon is highly motivated by several aspects including hactivitism, personal revenge, anti-government force, disgruntled employers/customers, ideological and political cause, cyber espionage and so on. IP spoofing is the powerful technique used by attackers to disrupt the availability of services in the internet network by impersonating as a trusted source. Since the spoofed traffic shares the same resources as that of the legitimate one's detection and filtering becomes very essential. The proposed model consists of online monitoring system (OMS), spoofed traffic detection module and interface based rate limiting (IBRL) algorithm. OMS provides DDoS impact measurements in real time by monitoring the degradation in host and network performance metrics. The spoofed traffic detection module incorporates hop count inspection algorithm (HCF) to check the authenticity of incoming packet by means of source IP address and its corresponding hops to destined victim. HCF coupled with support vector machine (SVM) provides 98.99% accuracy with reduced false positive. Followed with, IBRL algorithm restricts the traffic aggregates at victim router when exceeding system limits in order to provide sufficient bandwidth for remaining flows.","PeriodicalId":422275,"journal":{"name":"2014 International Conference on Recent Trends in Information Technology","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2014-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"An impact analysis: Real time DDoS attack detection and mitigation using machine learning\",\"authors\":\"B. Kiruthika, Devi, G. Preetha, G. Selvaram, S. Mercy, Shalinie Corresponding\",\"doi\":\"10.1109/ICRTIT.2014.6996133\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed Denial of service (DDoS) attacks is the most devastating attack which tampers the normal functionality of critical services in internet community. DDoS cyber weapon is highly motivated by several aspects including hactivitism, personal revenge, anti-government force, disgruntled employers/customers, ideological and political cause, cyber espionage and so on. IP spoofing is the powerful technique used by attackers to disrupt the availability of services in the internet network by impersonating as a trusted source. Since the spoofed traffic shares the same resources as that of the legitimate one's detection and filtering becomes very essential. The proposed model consists of online monitoring system (OMS), spoofed traffic detection module and interface based rate limiting (IBRL) algorithm. OMS provides DDoS impact measurements in real time by monitoring the degradation in host and network performance metrics. The spoofed traffic detection module incorporates hop count inspection algorithm (HCF) to check the authenticity of incoming packet by means of source IP address and its corresponding hops to destined victim. HCF coupled with support vector machine (SVM) provides 98.99% accuracy with reduced false positive. Followed with, IBRL algorithm restricts the traffic aggregates at victim router when exceeding system limits in order to provide sufficient bandwidth for remaining flows.\",\"PeriodicalId\":422275,\"journal\":{\"name\":\"2014 International Conference on Recent Trends in Information Technology\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2014-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2014 International Conference on Recent Trends in Information Technology\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICRTIT.2014.6996133\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2014 International Conference on Recent Trends in Information Technology","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICRTIT.2014.6996133","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

分布式拒绝服务攻击(Distributed Denial of service, DDoS)是网络社区中破坏关键服务正常运行的最具破坏性的攻击。DDoS网络武器的动机主要有行动主义、个人报复、反政府力量、不满雇主/客户、意识形态和政治原因、网络间谍活动等。IP欺骗是一种强大的技术，攻击者通过冒充可信源来破坏internet网络中服务的可用性。由于欺骗流量与合法流量共享相同的资源，因此检测和过滤变得非常重要。该模型由在线监控系统(OMS)、欺骗流量检测模块和基于接口的限速(IBRL)算法组成。OMS通过监控主机和网络性能指标的下降，实时提供DDoS影响测量。欺骗流量检测模块采用HCF (hop count inspection algorithm)算法，通过源IP地址和到达目标对象的跳数来检测报文的真实性。HCF与支持向量机(SVM)相结合，准确率达到98.99%，同时减少了误报。IBRL算法在流量超过系统限制时，对受害路由器上的流量聚合进行限制，为剩余流量提供足够的带宽。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

An impact analysis: Real time DDoS attack detection and mitigation using machine learning

Distributed Denial of service (DDoS) attacks is the most devastating attack which tampers the normal functionality of critical services in internet community. DDoS cyber weapon is highly motivated by several aspects including hactivitism, personal revenge, anti-government force, disgruntled employers/customers, ideological and political cause, cyber espionage and so on. IP spoofing is the powerful technique used by attackers to disrupt the availability of services in the internet network by impersonating as a trusted source. Since the spoofed traffic shares the same resources as that of the legitimate one's detection and filtering becomes very essential. The proposed model consists of online monitoring system (OMS), spoofed traffic detection module and interface based rate limiting (IBRL) algorithm. OMS provides DDoS impact measurements in real time by monitoring the degradation in host and network performance metrics. The spoofed traffic detection module incorporates hop count inspection algorithm (HCF) to check the authenticity of incoming packet by means of source IP address and its corresponding hops to destined victim. HCF coupled with support vector machine (SVM) provides 98.99% accuracy with reduced false positive. Followed with, IBRL algorithm restricts the traffic aggregates at victim router when exceeding system limits in order to provide sufficient bandwidth for remaining flows.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2014 International Conference on Recent Trends in Information Technology

自引率

0.00%

发文量