TY - GEN
T1 - A detection system for distributed DoS attacks based on automatic extraction of normal mode and its performance evaluation
AU - Feng, Yaokai
AU - Hori, Yoshiaki
AU - Sakurai, Kouichi
N1 - Funding Information:
Acknowledgments. This work was partially supported by Proactive Response Against Cyber-attacks Through International Collaborative Exchange (PRACTICE), Ministry of Internal Affairs and Communications, Japan and partially supported by Strategic International Research Cooperative Program, Japan Science and Technology Agency (JST).
Funding Information:
The early stage of this study was a part of a project supported by Japan Government, called PRACTICE (Proactive Response Against Cyber-attacks Through
Funding Information:
Also, this work was partially supported by JSPS KAKENHI Grant Numbers JP17K00187 and JP16K00132.
Publisher Copyright:
© 2017, Springer International Publishing AG.
PY - 2017
Y1 - 2017
N2 - Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.
AB - Distributed DoS (Denial-of-Service) attacks, or say DDoS attacks, have reportedly caused the most serious losses in recent years and such attacks are getting worse. How to efficiently detect DDoS attacks has naturally become one of the hottest topics in the cyber security community and many approaches have been proposed. The existing detection technologies, however, have their own weak points. For example, methods based on information theory must choose an information theoretic measures carefully which play an essential role on the detection performance and such methods are efficient only when there are a significantly large number of anomalies present in the data; signature-based methods can not deal with new kinds of attacks and new variants of existing attacks, and so on. The behavior-based ones have been thought to be promising. However, they often need some parameters to define the normal nodes and such parameters cannot be determined easily in advance in many actual situations. In our previous work, an algorithm without parameters was proposed for extracting normal nodes from the historic traffic data. In this paper, we will explain a practical off-line detection system for DDoS attacks that we developed based on that algorithm in a project called PRACTICE (Proactive Response Against Cyber-attacks Through International Collaborative Exchange). The general flow of our detection system and the main specific technologies are explained in details and its detection performance is also verified by several actual examples.
UR - http://www.scopus.com/inward/record.url?scp=85038096833&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85038096833&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-72389-1_37
DO - 10.1007/978-3-319-72389-1_37
M3 - Conference contribution
AN - SCOPUS:85038096833
SN - 9783319723884
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 461
EP - 473
BT - Security, Privacy, and Anonymity in Computation, Communication, and Storage - 10th International Conference, SpaCCS 2017, Proceedings
A2 - Atiquzzaman, Mohammed
A2 - Yan, Zheng
A2 - Choo, Kim-Kwang Raymond
A2 - Wang, Guojun
PB - Springer Verlag
T2 - 10th International Conference on Security, Privacy and Anonymity in Computation, Communication and Storage, SpaCCS 2017
Y2 - 12 December 2017 through 15 December 2017
ER -