CFP last date
21 October 2024
Reseach Article

QVMMA: A Short Term and Long Term Layer 3 DDoS Detector and Mitigator

Published on August 2016 by Sonia Laskar, Dhirendra Mishra
International Conference on Communication Computing and Virtualization
Foundation of Computer Science USA
ICCCV2016 - Number 1
August 2016
Authors: Sonia Laskar, Dhirendra Mishra
f65e518d-b339-4d5d-af65-23b064313cb6

Sonia Laskar, Dhirendra Mishra . QVMMA: A Short Term and Long Term Layer 3 DDoS Detector and Mitigator. International Conference on Communication Computing and Virtualization. ICCCV2016, 1 (August 2016), 6-11.

@article{
author = { Sonia Laskar, Dhirendra Mishra },
title = { QVMMA: A Short Term and Long Term Layer 3 DDoS Detector and Mitigator },
journal = { International Conference on Communication Computing and Virtualization },
issue_date = { August 2016 },
volume = { ICCCV2016 },
number = { 1 },
month = { August },
year = { 2016 },
issn = 0975-8887,
pages = { 6-11 },
numpages = 6,
url = { /proceedings/icccv2016/number1/25595-0163/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International Conference on Communication Computing and Virtualization
%A Sonia Laskar
%A Dhirendra Mishra
%T QVMMA: A Short Term and Long Term Layer 3 DDoS Detector and Mitigator
%J International Conference on Communication Computing and Virtualization
%@ 0975-8887
%V ICCCV2016
%N 1
%P 6-11
%D 2016
%I International Journal of Computer Applications
Abstract

Distributed Denial of Service (DDoS) attacks continue to harm servers using intense wars against popular ecommerce and content websites. The short term and long term types of popular DDoS attacks can be detected, prevented and mitigated using the proposed novel Qualified Vector Match and Merge Algorithm (QVMMA) in real time. 14 feature components are used to generate an attack signature in real time and stored in dynamically updated DDoS Captured Attack Pattern (DCAP)30database. It is effective in detecting new and old attacks. Persistent DDoS attacks cause financial damage or reputation loss by loss of the company's valuable clients. The server's availability is heavily compromised. Popular websites Github and BBC UK faced DDoS attacks in 2015. Long term DDoS attack directed on Github continued for over 118 hours34,35. Short term DDoS attack experienced by BBC36 website caused its patchy response. The main crux of the problem is the absence of a way to differentiate between attack records and legitimate records while the attack is occurring in real time. Several methods1-31,37-42,43 are listed in brief in the paper. Post mortem solutions are not applicable in real time. Available real time solutions are slow. QVMMA is an ideal faster real time solution to prevent DDoS attacks using Statistical Feature Vector Generation. Matlab is used for DDoS real time simulation where the topologies (bus, star, abilene network) are created using OMNET++33. QVMMA generates and uses Statistical Feature Vector for Attack Signature Generation, Matching and Identification only for qualifier satisfied records. The web server's log files used as input to QVMMA are according to W3C log format standard34. Experimentation is completed with exhaustive 336 cases. Four networks are tested with 5, 8, 10, 13 nodes. Performance evaluation of QVMMA concludes EER is 11. 8% when threshold is 1. 6. Using model of FAR and FAR, the trendline provides threshold at 1 with EER at 10%. Abilene network achieves best result. As the number of attackers, nodes and intermediate routers increase, detection time increases. If threshold is increased, the accuracy reduces. If the number of nodes increases, accuracy increases. Thus it is concluded that QVMMA can be used for effective layer 3 DDoS Prevention and Mitigation in real time based on results generated in Matlab simulation. Extended results are provided. A model is provided in this paper to predict the detection time for any number of attackers. Other models are provided based on data collected through experimentation to formulate a relation between detection time, accuracy, Actual Attack Traffic Passed Rate (A_ATPR) with respect to the number of attackers. The corresponding correlation coefficient and regression coefficient are calculated to identify and conclude the strong relationships. This paper focuses on results and discussion on studying the effects and trend observed based on increasing the number of attackers during a DDoS attack. Thus QVMMA is fast enough to be used in real time to detect and mitigate short term or long term layer 3 Denial of Service(DoS) and more complex DDoS attacks.

References
  1. Yang Xiang, Wanlei Zhou. Mark-Aided Distributed Filtering by Using Neural Network for DDoS Defense. IEEE Globecom 2005.
  2. Jose Anand, K. Sivachandar. Performance Analysis of ACO-based IP Traceback. International Journal of Computer Applications (0975-8887), December 2012; Volume 59-No. 1.
  3. V. Paruchuri, A Durresi, S Chellappan. TTL based Packet marking. IEEE 2008.
  4. S Mishra, R. K. Pateriya. Mitigating DDoS using Threshold-based Filtering in Collaboration with Capability Mechanisms. International Journal of Computer Applications(0975-8887), June 2014; Volume 96-No. 10.
  5. Arun Kumar, Sai Ashritha. Analysis of various IP traceback techniques- A Survey. IJCA(0975-8887), September 2013; Volume 77-No. 13, pp. 13-16.
  6. Ruiliang Chen, Jung-Min Park, Randolph Marchany. A Divide-and-Conquer Strategy for Thwarting Distributed Denial-of-Service Attacks. IEEE Transactions On Parallel And Distributed Systems, May 2007; Volume. 18, NO. 5.
  7. Sriharsha Gangam, Puneet Sharma, Sonia Fahmy. Pegasus: Precision Hunting for Icebergs and Anomalies in Network Flows. Proceedings IEEE INFOCOM, 2013.
  8. S Ranjan, R. Swaminathan, M Uysal, A Nucci, E Knightly. DDoS-Shield: DDoS-Resilient Scheduling to Counter Application Layer Attacks. IEEE/ACM Transactions on Networking, February 2009; Vol. 17, No. 1.
  9. M Tavallaee, Wei Lu, Shah Iqbal, Ali A. Ghorbani . A Novel Covariance Matrix based Approach for Detecting Network Anomalies. IEEE 2008 ; 978-0-7695-3135-9.
  10. Wei Xiong, Naixue Xiong, Laurence T. Yang, Jong Hyuk Park, Hanping Hu, Qian Wang. An anomaly-based detection in ubiquitous network using the equilibrium state of the catastrophe theory. Published online: Springer Science Business Media, LLC 5 July 2011.
  11. Shuyuan Jin, Daniel S. Yeung. A Covariance Analysis Model for DDoS Attack Detection. IEEE 2004.
  12. A. Chonka, J. Singh, W. Zhou. Chaos Theory Based Detection against Network Mimicking DDoS Attacks. IEEE COMMUNICATIONS LETTERS, September 2009; VOL. 13, NO. 9.
  13. G. Zhang, Manish Parashar. Cooperative Defence against DDoS Attacks. Journal of Research and Practice in Information Technology February 2006 ; Vol. 38, No. 1.
  14. Rui Zhong, Guangxue Yue. DDoS Detection System Based on Data Mining. Proceedings of the Second International Symposium on Networking and Network Security (ISNNS '10) Jinggangshan, P. R. China, 2-4, April. 2010; pp. 062-065.
  15. Andreas Kind, Marc Ph. Stoecklin, Xenofontas Dimitropoulos. Histogram-Based Traffic Anomaly Detection. IEEE Transactions On Network Service Management JUNE 2009; VOL. 6, NO. 2.
  16. Shui Yu, Wanlei Zhou, Robin Doss. Information Theory Based Detection Against Network Behaviour Mimicking DDoS Attacks. IEEE COMMUNICATIONS LETTERS, April 2008; VOL. 12, NO. 4.
  17. S Gupta, D Grover, A Bhandari. Detection Techniques against DDoS Attacks: A Comprehensive Review. International Journal of Computer Applications (0975 – 8887) June 2014; Volume 96– No. 5.
  18. S Zargar, J Joshi, D Tipper. A Survey of Defence Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE COMMUNICATIONS SURVEYS & TUTORIALS, FOURTH QUARTER 2013; VOL. 15, NO. 4.
  19. Stoecklin, Marc P. , Le Boudec, Jean-Yves, Andreas K. Detection Technique Based on Multi-modal Flow Behaviour Models. PAM 2008 LNCS Springer Verlag 2008 ; 4979, p. 212-221.
  20. S Siraj, A K Gupta, R. Badgujar. Network Simulation Tools Survey. International Journal of Advanced Research in Computer and Communication Engineering Vol. 1, June 2012; Issue 4,ISSN : 2278 – 1021.
  21. V Mishra, S Jangale. Analysis and comparison of different network simulators. International Journal of Application or Innovation in Engineering & Management (IJAIEM), Special Issue for International Technological Conference 2014; ISSN 2319 – 4847.
  22. Yu Chen, Kai Hwang, Wei-Shinn Ku. Collaborative Detection of DDoS Attacks over Multiple Network Domains. IEEE Transactions On Parallel And Distributed Systems June 2007; TPDS-0228-0806.
  23. http://www. calyptix. com/2014/03/top-threats-massive-denial-of-service-attacks/
  24. computerworld-nsl@idgindia. net
  25. Jérôme François, Issam Aib, Raouf Boutaba. FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks. IEEE/ACM TRANSACTIONS ON NETWORKING, December 2012 ; VOL. 20, NO. 6.
  26. Q Jiang, Y Jing, X Xiao, X Wang. A Coding-Based Incremental Traceback Scheme against DDoS Attacks in MANET. Communications and Network, Scientific Research Journal, September 2013; 5, 478-484.
  27. N. Samaan, A. Karmouch. Network anomaly diagnosis via statistical analysis and evidential reasoning. Network and Service Management, IEEE Transactions June 2008; vol. 5, no. 2, pp. 65–77.
  28. S. G. Mallat. A theory for multi-resolution signal decomposition: the wavelet representation. Pattern Analysis and Machine Intelligence, IEEE Transactions 1989; vol. 11, no. 7, pp. 674–693.
  29. Sonia Laskar, Dr. Dhirendra Mishra. A Survey on traffic anomaly detection methods used to detect DDoS attacks. ICTTM IIT Delhi 11-12th April 2015 ;ISBN : 9780992680053.
  30. M Karim Aroua, BZouari. A distributed and coordinated massive DDOS attack detection and response approach. IEEE 36th International Conference on Computer Software and Applications Workshops, IEEE, 2012.
  31. Server Log Standard Format. Available from URL: http://www. w3. org/Daemon/User/Config/Logging. html
  32. Thomas Chamberlain. Learning OMNET++. Packt Publishing, 2013.
  33. Gopinathan K, Practice Head for Managed Security and Network Services, Wipro, in conversation with CIO&Leader. DDoS attacks and how to protect enterprises from it. December 12, 2013. Source Online Available from URL: http://www. cioandleader. com/articles/38859/indian-firms-still-not-prepared-to-fight-ddos-attacks/.
  34. One in five DDoS attacks last for days even weeks. Deccan Chronicle, April 29,2015, 15. 55pm IST. Available from URL: www. deccanchronicle. com/150429/technology-latest/one-five-ddos-attacks-last-days-or-even-weeks/.
  35. Web attack knocks BBC websites offline. 31 December, 2015. Available from URL: http://www. bbc. co. uk/news/technology-35204915.
  36. Method and system for protecting against denial of service attacks using trust, quality of service, personalization and hide port messages. US 20070266426 A1
  37. Handling of DDoS attacks from NAT or proxy devices. US Patent US8370937B2.
  38. Jung-Taek Seo, KiWook Sohn, Eungki Park. DDoS Flooding Attack response approach using deterministic push back method. US Patent US20080127324A1. May 29, 2008.
  39. Anand Eswaran, S Guntupallia. Distributed Denial of Service Signature Transmission. US Patent US20100212005A1. Aug. 19, 2010.
  40. Thomas Wittenschlaege. Vector based Anomaly detection. US Patent US008683591B2. Mar. 25, 2014.
  41. Detecting Application Layer DDoS Attacks. China Patent CN102638474B.
  42. Sonia Laskar, Dr. Dhirendra Mishra, 'Qualified Vector Match and Merge Algorithm (QVMMA) for DDoS Prevention and Mitigation', ICCCV 2016, Mumbai, Elsevier Journal, Procedia Computer Science (2016) , 79C, pp. 41-52.
Index Terms

Computer Science
Information Sciences

Keywords

Ddos Dos qvmma Matlab Omnet++