Total views : 412

Anomaly based Real Time Prevention of under Rated App-DDOS Attacks on Web: An Experiential Metrics based Machine Learning Approach

Affiliations

  • Department of CSE, JNTUH, Hyderabad - 500085, Telangana, India
  • Department of CSE, SVUCE, SV University, Tirupati - 517502, Andhra Pradesh, India
  • Department of CSE, GNITS, Hyderabad - 500008, Telangana, India

Abstract


To devise an Anomaly based Real Time Prevention (ARTP) of under rated App-DDOS attacks on Web for achieving fast and early detection. Method: We proposed a model based on machine learning approach that used to achieve the fast and early detection of the App-DDOS by multitude request flood. The proposed model ARTP is focused on defining set of metrics called "Re-quest chain length, request chain context, ratio of packet types, ratio of packet count, route context, router chain context and ratio of request intervals. The key factor of the proposal is unlike many of the bench marking models, which are considering requests or sessions as input to discover the anomalies, it considers set of requests are sessions in a time frame discovered to identify the anomalies of the metrics proposed. The experiments were carried out on bench marking LLDOS dataset and the performance analysis was done by the statistical analysis of the metrics like precision, recall, sensitivity and specificity. The process over-head also assessed in order to estimate the scalability and robustness of the proposal. Findings: The proposed model is highly significant in App-DDOS attack detection to adopt by current scenario of web applications with crowded requests that is phenomenally magnified to petabytes that compared to the past web request load in gigabytes.

Keywords

APP-DDoS, ARTP, Distributed Denial of Service, DDoS Atacks, HTTP Flooding, Intrusion Detection.

Full Text:

 |  (PDF views: 341)

References


  • Udhayan J, Anitha R. Demystifying and rate limiting ICMP hosted DoS/DDOS flooding attacks with attack productivity analysis. IEEE International Conference on Advance Computing; 2009. p. 558-64.
  • Chun-Tao Xia X-HD-F-C. An algorithm of detecting and defending CC attack in real time. International Conference on Industrial Control and Electronics Engineering; 2012. p. 1804-6.
  • Lee SM. Distributed denial of service: Taxonomies of attacks, tools and counter measures. Proceedings of the International Workshop on Security in Parallel and Distributed Systems; San Francisco. 2004. p. 543-50.
  • Byers S, Rubin AD, Kormann D. Defending against an internetbased attack on physical world. ACM Transactions on Internet Technorogy. 2004; 239-54.
  • Estevez-Tapiador JM. Detection of web-based attacks through Markovian protocol parsing. 10th IEEE Symposium on Computers and Communications; 2005. p. 457-62.
  • Jyothsna VP. A review of anomaly based intrusion detection systems. International Journal of Computer Applications. 2013; 26-35.
  • Abraham A, Jain R, Thomas J, Han SY. D-SCIDS: Distributed soft computing intrusion detection system. J Network Computer. 2007; 30(1):81-98.
  • Sundaram A. An introduction to intrusion detection. The ACM Student Magazine. 1996; 2(4):3-7.
  • Li YX. An efficient intrusion detection system based on support vector machines and gradually feature removal method. Expert Systems with Applications. 2012; 424-30.
  • Mell RB. Intrusion detection systems. Intrusion Detection System. NIST Special Publication; 2001.
  • Chie Ishida YA. Forecast techniques for predicting increase or decrease of attacks using Bayesian inference. IEEE Pacific Rim Conference on Communications, Computers and Signal Processing; Victria, Canada. 2005. 1088-92.
  • Cacheda RA. QoS requirements for multimedia services. Resource Management in Satellite Networks. Springer; 2007. p. 67-94.
  • Saravanan A, Irfan Ahmed MS, Sathya Bama S. Policy approval engine - A framework for securing web applications and web user. Indian Journal of Science and Technology. 2016 Jan; 9(4).DOI:10.17485/ijst/2016/v9i4/84341 14. Hassan MM. Current studies on intrusion detection system, genetic algorithm and fuzzy logic. International Journal of Distributed and Parallel Systems. 2013; 35-48.
  • Lane T. Machine learning techniques for the computer security. Purdue University; 2000.
  • Goodman NR. Statistical analysis based on a certain multivariate complex Gaussian distribution. Annals of Mathematical Statistics. 1963; 152-77.
  • Bhatti DG. Conceptual framework for soft computing based intrusion detection to reduce false positive rate. International Journal of Computer Applications. 2012; 44(13):1-3.
  • Bauer DS. NIDX - An expert system for real-time network intrusion detection. Proceedings of the Computer Networking Symposium; 1998. p. 98-106.
  • Abbasvand S, Nasser S, Hashemi S, Jamali S. Defense against SYN-flooding attacks by using game theory. Indian Journal of Science and Technology. 2014 Oct; 7(10):1618–24.
  • Ranjan S. DDoS shield: DDoS-resilient scheduling to counter application layer attacks. IEEE/ACM Trans Netw. 2009; 26-39.
  • Yatagai T. Detection of HTTP-GET flood attack based on analysis of page access behavior. Proceedings IEEE Pacific RIM Conference on Communications, Computers and Signal Processing; 2007. p. 232-5.
  • Sindhu SS. Decision tree based light weight intrusion detection using a wrapper approach. Expert Systems with Applications. 2012; 129-41.
  • Shevtekar A. Is it congestion or a DDoS attack? IEEE Commun Lett. 2009; 546-8.
  • Kandula S. Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. Proceedings of the 2nd Conference on Symposium on Networked Systems Design and Implementation. 2005; 287-300.
  • Katar C. Combining multiple techniques for intrusion detection. Int J Comput Sci Network Security. 2006; 208–18.
  • KDD cup99. Available from: kdd.ics.uci.edu/databases/kddcup99/kddcup99.html
  • Kennedy J. Particle swarm optimization. Encyclopedia of Machine Learning. 2010; 760-6.
  • Chen WH. Application of SVM and ANN for intrusion detection. Comput Oper Res. 2005; 32(10):2617–34.
  • Chen Y. Feature deduction and intrusion detection using flexible neural trees. 2nd IEEE International Symposium on Neural Networks. 2005; 32(10):2617-34.
  • Xie Y. A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans Netw. 2009; 54-65.
  • Yang XS. Cuckoo search via Levy flights. World Congress on Nature and Biologically Inspired Computing. 2009; 210-4.
  • Stolfo WL. Data mining approaches for intrusion detection. Proceedings of the 7th USENIX Security Symposium; 1998.
  • Real R. The probabilistic basis of Jaccard’s index of similarity. Systematic Biology. 1996; 380-5.
  • Leys CL. Detecting outliers: Do not use standard deviation around the mean, use absolute deviation around the median. Journal of Experimental Social Psychology. 2013; 5(3):764-6.
  • Hartigan JA. Algorithm AS 136: A k-means clustering algorithm. Journal of the Royal Statistical Society. 1979; 100-8.
  • MIT, MI. Darpa intrusion detection evaluation. Available from: https://www.ll.mit.edu/ideval/data/1998data.html
  • MIT MI. 2000. Available from: https://www.ll.mit.edu/ideval/data/2000data.html
  • Powers DM. Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation. 23rd International Conference on Machine Learning; Pitsburg. 2006.

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.