TY - GEN
T1 - A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation
AU - Gao, Yuxuan
AU - Feng, Yaokai
AU - Kawamoto, Junpei
AU - Sakurai, Kouichi
N1 - Publisher Copyright:
© 2016 IEEE.
PY - 2016/12/12
Y1 - 2016/12/12
N2 - DRDoS (Distributed Reflection Denial of Service) attack is a kind of DoS (Denial of Service) attack, in which third-party servers are tricked into sending large amounts of data to the victims. That is, attackers use source address IP spoofing to hide their identity and cause third-parties to send data to the victims as identified by the source address field of the IP packet. This is called reflection because the servers of benign services are tricked into "reflecting" attack traffic to the victims. The most typical existing detection methods of such attacks are designed based on known attacks by protocol and are difficult to detect the unknown ones. According to our investigations, one protocol-independent detection method has been existing, which is based on the assumption that a strong linear relationship exists among the abnormal flows from the reflector to the victim. Moreover, the method is assumed that the all packets from reflectors are attack packets when attacked, which is clearly not reasonable. In this study, we found five features are effective for detecting DRDoS attacks, and we proposed a method to detect DRDoS attacks using these features and machine learning algorithms. Its detection performance is experimentally examined and the experimental result indicates that our proposal is of clearly better detection performance.
AB - DRDoS (Distributed Reflection Denial of Service) attack is a kind of DoS (Denial of Service) attack, in which third-party servers are tricked into sending large amounts of data to the victims. That is, attackers use source address IP spoofing to hide their identity and cause third-parties to send data to the victims as identified by the source address field of the IP packet. This is called reflection because the servers of benign services are tricked into "reflecting" attack traffic to the victims. The most typical existing detection methods of such attacks are designed based on known attacks by protocol and are difficult to detect the unknown ones. According to our investigations, one protocol-independent detection method has been existing, which is based on the assumption that a strong linear relationship exists among the abnormal flows from the reflector to the victim. Moreover, the method is assumed that the all packets from reflectors are attack packets when attacked, which is clearly not reasonable. In this study, we found five features are effective for detecting DRDoS attacks, and we proposed a method to detect DRDoS attacks using these features and machine learning algorithms. Its detection performance is experimentally examined and the experimental result indicates that our proposal is of clearly better detection performance.
UR - http://www.scopus.com/inward/record.url?scp=85010443318&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85010443318&partnerID=8YFLogxK
U2 - 10.1109/AsiaJCIS.2016.24
DO - 10.1109/AsiaJCIS.2016.24
M3 - Conference contribution
AN - SCOPUS:85010443318
T3 - Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016
SP - 80
EP - 86
BT - Proceedings - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 11th Asia Joint Conference on Information Security, AsiaJCIS 2016
Y2 - 4 August 2016 through 5 August 2016
ER -