SlideShare uma empresa Scribd logo

A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset

E
Editor IJARCET

This document discusses a statistical approach for classifying and identifying DDoS attacks using the UCLA dataset. It proposes extracting features from network traffic such as packet count, average packet size, time interval variance, and packet size variance. A packet classification algorithm first classifies packets as normal or attacks. For uncertain cases, a K-NN classifier is used. Then the types of DDoS attacks, including flooding and scanning attacks, are identified based on the feature values. The proposed approach is evaluated using the UCLA dataset and shows mathematical calculations for feature extraction. In conclusion, the statistical approach and packet classification algorithm are effective for classifying common DDoS flooding and scanning attacks.

TecnologiaNotícias e política
1 de 5
Baixar para ler offline
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 www.ijarcet.org 1766  Abstract— Nowadays, Internet is the most well-known and popular thing that is widely used by human beings. It is also an essential part of human life and provides the best and fast communication medium. As many people widely used Internet, i.e., so many user of Internet is increasing, network security attacks are also increasing. Among these security attacks, DDoS (Distributed Denial of Service) is the most serious attack for network security. This attack is not direct attack because it does not enter directly to the system and does not damage it. In this paper, the two proposed algorithms can be classified and identified what types of DDoS attacks by using UCLA data set. At first, packet classification algorithm classifies normal and attack from incoming packets. To get more accurate result, K-NN classifier estimates normal or attacks from results of packet classification algorithm. Finally, the proposed algorithm classifies and identifies types of DDoS attacks. Index Terms— DDoS, UCLA, network security I. INTRODUCTION Many people widely used Internet in all over the world. As the numbers of Internet users are increasing with new and developed services, many security attack threats have become popular. Some serious attacks expose and exploit in many security vulnerabilities. Recently, report for network security breaches indicate that the impact and the damaged costs of attacks are continuously increasing. The most popular recent network attack trend is the use of network traffic that is flooding attack. An attacker illegally places networks or hosts, without intruding into the hosts. These types of attacks such as Denial of Service(DoS) and Distributed Denial of Service(DDoS) attacks are the serious attacks that can cause the more damage than the other attacks [1,3,6]. A skillful DoS/ DDoS attack exploit the system quickly and it is difficult to trace back the intruder. This paper focuses on DDoS attack detection and classification method, especially for scanning and flooding attacks. The proposed system analyzes network traffic based on statistical approach by using UCLA data set[7]. The proposed system characterizes field values (packet count, average of packet size, time-interval variance, packet-size variance, and so on). This paper is organized as follows: Section II introduces some previous researches corresponding to DDoS attacks. Section III presents architecture of DDoS attack and types of DDoS attacks are presented in Section IV. Then the proposed system is presented in Section V and and results in experimental evaluation describes in Section VI and finally the conclusion of this paper. II. RELATED WORK In this section, some previous approaches to detect DDoS attacks are discussed. In [5] the proposed system is a statistical approach method based on various features of attacks packets, obtained from study from incoming network traffic and using of Radial Basic Function(RBF) Neural Network to analyze these features. This proposed system can be classified either normal or attack, but that can’t be classified and identified what types of attacks. In[4] this paper presents an abnormal network detecting method and a system prototype and suggests a detection algorithm using changes in traffic patterns that appeared during an attack. This proposed system can identify attacks but that cannot be detected by examining only single packet information. In[2] this proposed system introduces a method for proactive detection of DDoS attacks by classifying the network status. Then, it investigates the procedure of DDoS attacks and selects variables based on these features and finally, apply the K-Nearest Neighbour(K-NN) method to classify the network status into each phase of DDoS attack. III. ARCHITECTURE OF DDOS ATTACK DDoS attack, mainly includes finding hosts, making communication to hosts, compromise hosts and launching attack. The following steps are the detail process of DDoS attack: (1) Before starting DDoS attack, the attacker searches the hosts in the network which hosts have security vulnerability and weakness. Then the attacker intrudes these vulnerable hosts and they get administration authority to install control programs. (2) The attacker gives control instruction/command to the handlers that causes the handlers do orders to the agents. Generally, one or more handlers take control the agents. (3) The agents continuously or periodically send a huge numbers of useless packets to the victim. When the victim receives these huge amounts of packets, they cannot respond A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset Thwe Thwe Oo, Thandar Phyu
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 1767 www.ijarcet.org for the entire incoming request. The other normal requests are not able to receive and corresponding reply to them because of the congested network traffic and the victim system crash and slow down. Fig.1.Architecture of DDoS Attack IV.TYPES OF DDOS ATTACKS In this paper, the proposed system emphasizes two types of DDoS attacks; flooding and scanning attacks. There are many types of flooding and scanning attacks such as SYN Flooding attack, ACK Flooding, SYN Scan and ACK Scan, etc. In a TCP SYN flooding attack, an attacker sends many SYN messages, with spoofed IP addresses, to a single server victim. Although the server replies with SYN/ACK messages, these messages are never acknowledged by the client. As a result, many halfopen connections exist on the server, consuming its resources.This continues until the server has consumed all its resources, hence can no longer accept new TCP connection requests. ACK Flood attacks use a large number of ACK packets to attack the victims, with all TCP messages being with ACK flag bits. When the host receives a packet with ACK flag bits, the existence of the four-tuple connection expressed by the packet needs to be checked. If the four-tuple connection exists, the host checks whether the state represented by the packet is legal, and then the packet can be passed to the application layer. If the packet is found to be illegal during the inspection (e.g. if the packet’s targeted port does not open on the machine) then the host's operating system protocol stack will respond with a RST packet, telling the other side that this port does not exist. In SYN Scan, send a SYN packet to the targeted destination port. If a host replies with a RST or does not reply, the port is closed. If a host replies with a ACK, close the connection by RSTand identifies open ports. In ACK Scan, send an ACK packet to the targeted destination port. If a host replies with an RST, a port is most likely open. If a host does not reply but an ICMP destination unreachable packet is received, the port is filtered. Otherwise the port is most likely closed and identifies potentially open and filtered ports. V. PROPOSED SYSTEM The proposed system involves the following steps: (1) Collection of packets (2) Features Extraction (3) Attack classification by using Packet Classification Algorithm (4) Estimate using K-NN Classifier (5) DDoS attack classification A. Collection of Packets The proposed system collects the incoming packets in every one second. For collecting packets in one second, it does not impact to the classification accuracy. The use of longer flow timeouts is possible; however, there is longer classification response. B. Features Extraction Feature extraction calculates the selected features for captured packets. These features are proposed by observing the characteristics of DDoS attack packets. These features can be used to recognize and classify incoming attack packets. The proposed features explain as follows:  Number of packets: Total number of packets from source IP to destination IP. During an attack, the attacker sends a large number of packets to the victim system.  Number of bytes: Total number of bytes sent from source IP to destination IP. It increases when launching DDoS attack.  Average packet size: The ratio of number of bytes to number of packets. It increases in attack time.  Packet rate: Rate of packet per second. For packet rate calculation: Packet rate per second = = number of packets = end packet sent time = start packet sent time  Byte rate: Rate of packets byte per second. For byte rate calculation: Byte rate per second = = total number of bytes = end packet sent time = start packet sent time )( 1 se p tt n   pn et st )( 1 se t tt b   tb et st
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 www.ijarcet.org 1768  Time-interval variance: The attacker sends attack packets in the same time span while launching DDoS attack, so time interval variance will be closer to zero. For time-interval variance calculation: (i) First, calculating the means: , i = 1,2,3,… (ii) Second, squaring deviation of the means , c = collection number(c1,c2,c3,…) (iii)Third, final calculation of time-interval- variance  Packet-size variance: Although normal packets have different packet sizes, attack packet size are the same. So packet-size-variance will be closer to zero. For packet size calculation: (i) First, calculating the means: , i = 1,2,3,… (ii) Second, squaring deviation of the means (iii)Third, final calculation of packet-size-variance C. Attack classification by using Packet Classification Algorithm The algorithm checks the field values of the packet. The diagram in Figure (2) classifies attacks by the field values of the packets. N o: of p kt s Av g pkt size Ti- me- Inte -rv- al vari -an- ce Pac ket size vari anc e Nu- mb- er of byt- es Pac -ket rate per sec Bytes Rate per second No: of Fla- g pac -ket s Clas -s L L >0 L L <α L L Nor- mal H H <0 <0 H >λ H H Atta -ck D.Estimate using K-NN Classifier It is possible that one field value of the incoming packet may miss with the field value of the algorithm. For example, in normal case, packet size variance value is not (>0) although other field values match to the algorithm. If this case occurs, it cannot be sure that is normal or attack. When this case occurs, the proposed system identifies that this case is “Other” case which is not normal or attacks. To identify “Other” case as normal or attack, use the K-NN classifier to estimate normal or attack. There are many well-known methods for classifying documents such as SVM, NN, fuzzy logic, and rough set .We choose the k-NN method because this method has features that are suitable for proposed system.These features are: easy implementation, short time computation, and high accuracy.The k-NN algorithm is a similarity-based learning algorithm and is known to be highly effective in various problem domains, including classification problems. Given a test element dt, the k-NN algorithm finds its k nearest neighbors among the training elements, which form the neighborhood of dt. Fig.2.K-NN Classifier E.DDoS Attack Classification Finally, the proposed algorithm classifies and identifies what types of attacks.  IF (no-packets==HIGH) AND (avg-packet-size with same Destination IP==HIGH) AND (protocol==UDP) THEN UDP Flooding  IF (no-packets==HIGH) AND (avg- packet-size with same Destination IP==HIGH) AND (protocol==TCP) Begin IF(no-ACK with same destination port==HIGH) THEN TCP ACK Flooding IF (no-SYN with same destination port==HIGH) THEN TCP SYN Flooding End i t t i  2 2 n tt t n c    n tt t n c    2 )( i p p i n pp p n c 2 2 )(   n pp p n c    2 )(
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 1769 www.ijarcet.org  IF(no-packets==HIGH) AND (no-destination-port==HIGH) AND (no-source-IP== LOW) Begin IF (no-ACK with same destination port==HIGH) THEN TCP ACK Scanning IF (no-SYN with same destination port==HIGH) THEN TCP SYN Scanning IF (no-FIN with same destination port==HIGH) THEN TCP FIN Scanning End  IF (no-packets==HIGH) AND (no-destination-IP==HIGH) AND (no-destination-port==LOW) THEN Network Scanning Attack VI.EXPERIMENTAL EVALUATION In this section, the proposed DDoS attack detection is described by the evaluation result. The proposed system classifies DDoS attacks by using UCLA Dataset. Table I shows mathematical calculation for features extraction. Fig.3. Collection of packet from raw log file Fig.4. Collection of packets for one second and store into database VI. CONCLUSIONS The most serious attack for network security is DDoS (Distributed Denial of Service) attack.The more the rate of the internet usage increases, the more challenge increase for efficient DDos detection system.So there are many challenges for detecting and classifying DDoS attacks. In the proposed system, DDoS attack packets are studied from UCLA data set and extract the features to analyze and classify DDoS attack. The proposed algorithm and packet classification algorithm will be efficient and suitable for classifying DDoS flooding and scanning attacks. 1. Drew Dean, Matt Franklin, and Adam Stubblefield, “An algebraic approach to ip traceback,” Proc. of Network and Distributed System Security Symposium, NDSS '01, San Diego, California, February 2001. 2. Hoai-Vu Nguyen and Yongsun Choi, “Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework”, International Journal of Electrical and Electronics Engineering 4:4 2010 3. L. John Ioannidis and Steven M. Bellovin, “Implementing pushback: Routerbased defense against DDoS att acks,” Proc. of Network and Distributed System Security Symposium, NDSwsS ’02, San Diego,California, February 2002. 4. Myung-Sup Kim, Hun-Jeong Kang, Seong-Cheol Hong, Seung-Hwa Chung, and James W. Hong, Dept. of Computer Science and Engineering, POSTECH, “A Flow-based Method for Abnormal Network Traffic Detection”. 5. Reyhaneh Karimazad and Ahmad Faraahi, “An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks”, 2011 International Conference on Network and Electronics Engineering , IPCSIT vol.11 (2011) © (2011) IACSIT Press, Singapore. 6. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical network support for IP traceback”, Proc.of the 2000 ACM SIGCOMM, Stockholm, Sweden, August 2000. 7. UCLA CSD packet traces. http://www.lasr.cs.ucla.edu/ddos/traces/public/usc.
ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 www.ijarcet.org 1770 TABLE I .MATHEMATICAL CALCULATION FOR FEATURES EXTRACTION No Source IP Destination IP Calculated Features Number of packets Average of packet size Time-interval variance Packet-size-v ariance Number of bytes Packet rate Byte rate 1 14.238.35.257 1.1.12.257 5 27 1.58 3.9 94 0.61 154.89 2 69.9.75.100 1.1.180.177 17 69 3.98 69.88 1140 1.27 682.79 3 12.6.54.82 1.1.12.220 1355 970 0.001 0.02 1636585 34.73 276529.58 4 69.9.232.212 1.1.180.177 1504 994 0.001 0.01 1599453 39.05 286958.36

Recomendados

Entropy and denial of service attacks
Entropy and denial of service attacksEntropy and denial of service attacks
Entropy and denial of service attackschris zlatis
 
透视消费者.ppt
透视消费者.ppt透视消费者.ppt
透视消费者.pptwei mingyang
 
Time-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerTime-based DDoS Detection and Mitigation for SDN Controller
Time-based DDoS Detection and Mitigation for SDN ControllerLippo Group Digital
 
DDoS ATTACKS
DDoS ATTACKSDDoS ATTACKS
DDoS ATTACKSAnil Antony
 
IRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET- DDOS Detection System using C4.5 Decision Tree Algorithm
IRJET- DDOS Detection System using C4.5 Decision Tree AlgorithmIRJET Journal
 
Protection of server from syn flood attack
Protection of server from syn flood attackProtection of server from syn flood attack
Protection of server from syn flood attackIAEME Publication
 
Entropy based DDos Detection in SDN
Entropy based DDos Detection in SDNEntropy based DDos Detection in SDN
Entropy based DDos Detection in SDNVishal Vasudev
 
DDoS-bdNOG
DDoS-bdNOGDDoS-bdNOG
DDoS-bdNOGZobair Khan
 

Mais conteúdo relacionado

Mais procurados

Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicState of the Internet
 
Monitoring of traffic over the victim under tcp syn flood in a lan
Monitoring of traffic over the victim under tcp syn flood in a lanMonitoring of traffic over the victim under tcp syn flood in a lan
Monitoring of traffic over the victim under tcp syn flood in a laneSAT Publishing House
 
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...journalBEEI
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNChao Chen
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full reportdeepakmarndi
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesSeungjoo Kim
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and MitigationDevang Badrakiya
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningeSAT Publishing House
 
A Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos AttackA Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos Attacktheijes
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvseSAT Journals
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvseSAT Publishing House
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 

Mais procurados (19)

DDoS Attack
DDoS AttackDDoS Attack
DDoS Attack
 
Rise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - InfographicRise of Dr Dos DDoS Attacks - Infographic
Rise of Dr Dos DDoS Attacks - Infographic
 
DDOS ATTACKS
DDOS ATTACKSDDOS ATTACKS
DDOS ATTACKS
 
DDoS attacks
DDoS attacksDDoS attacks
DDoS attacks
 
Monitoring of traffic over the victim under tcp syn flood in a lan
Monitoring of traffic over the victim under tcp syn flood in a lanMonitoring of traffic over the victim under tcp syn flood in a lan
Monitoring of traffic over the victim under tcp syn flood in a lan
 
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Ne...
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
DDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDNDDoS Attack Detection & Mitigation in SDN
DDoS Attack Detection & Mitigation in SDN
 
Ix3615551559
Ix3615551559Ix3615551559
Ix3615551559
 
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...
 
Ip traceback seminar full report
Ip traceback seminar full reportIp traceback seminar full report
Ip traceback seminar full report
 
Aw36294299
Aw36294299Aw36294299
Aw36294299
 
DDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT DevicesDDoS Attack on DNS using infected IoT Devices
DDoS Attack on DNS using infected IoT Devices
 
DDoS Attack and Mitigation
DDoS Attack and MitigationDDoS Attack and Mitigation
DDoS Attack and Mitigation
 
Defense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learningDefense mechanism for d do s attack through machine learning
Defense mechanism for d do s attack through machine learning
 
A Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos AttackA Trusted Approach Towards DDos Attack
A Trusted Approach Towards DDos Attack
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvs
 
Efficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvsEfficient ddos attacks security scheme using asvs
Efficient ddos attacks security scheme using asvs
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 

Destaque

How to Talk About Immigration
How to Talk About ImmigrationHow to Talk About Immigration
How to Talk About ImmigrationMiqui Mel
 
Pesquisa e ensino
Pesquisa e ensinoPesquisa e ensino
Pesquisa e ensinoRitaToledo
 
Polígonos regulares 1 - blog
Polígonos regulares 1 - blogPolígonos regulares 1 - blog
Polígonos regulares 1 - blogAdriano Souza
 
Open Health Data Workshop Hackathon 16-06-2012
Open Health Data Workshop Hackathon 16-06-2012Open Health Data Workshop Hackathon 16-06-2012
Open Health Data Workshop Hackathon 16-06-2012Hack DeOverheid
 

Destaque (9)

How to Talk About Immigration
How to Talk About ImmigrationHow to Talk About Immigration
How to Talk About Immigration
 
Kathrin Rosenfield
Kathrin RosenfieldKathrin Rosenfield
Kathrin Rosenfield
 
Visão
Visão Visão
Visão
 
Abnt 2011
Abnt 2011Abnt 2011
Abnt 2011
 
Pesquisa e ensino
Pesquisa e ensinoPesquisa e ensino
Pesquisa e ensino
 
Dia1 azul
Dia1 azulDia1 azul
Dia1 azul
 
Mobilização
Mobilização Mobilização
Mobilização
 
Polígonos regulares 1 - blog
Polígonos regulares 1 - blogPolígonos regulares 1 - blog
Polígonos regulares 1 - blog
 
Open Health Data Workshop Hackathon 16-06-2012
Open Health Data Workshop Hackathon 16-06-2012Open Health Data Workshop Hackathon 16-06-2012
Open Health Data Workshop Hackathon 16-06-2012
 

Semelhante a A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset

DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
 
I034_I041_I052_DDOS Attacks_Presentation.pdf
I034_I041_I052_DDOS Attacks_Presentation.pdfI034_I041_I052_DDOS Attacks_Presentation.pdf
I034_I041_I052_DDOS Attacks_Presentation.pdfDevesh Pawar
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSIJNSA Journal
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux serversIJNSA Journal
 
DDoS Attack and Defense Scheme in Wireless Ad hoc Networks
DDoS Attack and Defense Scheme in Wireless Ad hoc NetworksDDoS Attack and Defense Scheme in Wireless Ad hoc Networks
DDoS Attack and Defense Scheme in Wireless Ad hoc NetworksIJNSA Journal
 
Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122Gulshan Shrivastava
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Mumbai Academisc
 
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEM
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMA SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEM
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERJournal For Research
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
 
Study of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedStudy of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
 
Study of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedStudy of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
 

Semelhante a A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset (20)

7 ijcse-01229
7 ijcse-012297 ijcse-01229
7 ijcse-01229
 
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMDISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM
 
I034_I041_I052_DDOS Attacks_Presentation.pdf
I034_I041_I052_DDOS Attacks_Presentation.pdfI034_I041_I052_DDOS Attacks_Presentation.pdf
I034_I041_I052_DDOS Attacks_Presentation.pdf
 
L1803046876
L1803046876L1803046876
L1803046876
 
1716 1719
1716 17191716 1719
1716 1719
 
1716 1719
1716 17191716 1719
1716 1719
 
DDoS.ppt
DDoS.pptDDoS.ppt
DDoS.ppt
 
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS
 
Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments Preventing Distributed Denial of Service Attacks in Cloud Environments
Preventing Distributed Denial of Service Attacks in Cloud Environments
 
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERSENHANCING THE IMPREGNABILITY OF LINUX SERVERS
ENHANCING THE IMPREGNABILITY OF LINUX SERVERS
 
Enhancing the impregnability of linux servers
Enhancing the impregnability of linux serversEnhancing the impregnability of linux servers
Enhancing the impregnability of linux servers
 
DDoS Attack and Defense Scheme in Wireless Ad hoc Networks
DDoS Attack and Defense Scheme in Wireless Ad hoc NetworksDDoS Attack and Defense Scheme in Wireless Ad hoc Networks
DDoS Attack and Defense Scheme in Wireless Ad hoc Networks
 
Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122Icimt 2010 procediing rp118 vol.2 d10122
Icimt 2010 procediing rp118 vol.2 d10122
 
Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...Detection of application layer ddos attack using hidden semi markov model (20...
Detection of application layer ddos attack using hidden semi markov model (20...
 
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEM
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMA SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEM
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEM
 
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKERA STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
A STATISTICAL APPROACH TO DETECT DENIAL OF SERVICE ATTACKER
 
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...
 
D do s
D do sD do s
D do s
 
Study of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbedStudy of flooding based ddos attacks and their effect using deter testbed
Study of flooding based ddos attacks and their effect using deter testbed
 
Study of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbedStudy of flooding based d do s attacks and their effect using deter testbed
Study of flooding based d do s attacks and their effect using deter testbed
 

Mais de Editor IJARCET

Electrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationElectrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationEditor IJARCET
 
Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Editor IJARCET
 
Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Editor IJARCET
 
Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Editor IJARCET
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Editor IJARCET
 
Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Editor IJARCET
 
Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Editor IJARCET
 
Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Editor IJARCET
 
Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Editor IJARCET
 
Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Editor IJARCET
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Editor IJARCET
 
Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Editor IJARCET
 
Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Editor IJARCET
 
Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Editor IJARCET
 
Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Editor IJARCET
 
Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Editor IJARCET
 
Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Editor IJARCET
 
Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Editor IJARCET
 
Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Editor IJARCET
 
Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Editor IJARCET
 

Mais de Editor IJARCET (20)

Electrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturizationElectrically small antennas: The art of miniaturization
Electrically small antennas: The art of miniaturization
 
Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207Volume 2-issue-6-2205-2207
Volume 2-issue-6-2205-2207
 
Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199Volume 2-issue-6-2195-2199
Volume 2-issue-6-2195-2199
 
Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204Volume 2-issue-6-2200-2204
Volume 2-issue-6-2200-2204
 
Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194Volume 2-issue-6-2190-2194
Volume 2-issue-6-2190-2194
 
Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189Volume 2-issue-6-2186-2189
Volume 2-issue-6-2186-2189
 
Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185Volume 2-issue-6-2177-2185
Volume 2-issue-6-2177-2185
 
Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176Volume 2-issue-6-2173-2176
Volume 2-issue-6-2173-2176
 
Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172Volume 2-issue-6-2165-2172
Volume 2-issue-6-2165-2172
 
Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164Volume 2-issue-6-2159-2164
Volume 2-issue-6-2159-2164
 
Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158Volume 2-issue-6-2155-2158
Volume 2-issue-6-2155-2158
 
Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154Volume 2-issue-6-2148-2154
Volume 2-issue-6-2148-2154
 
Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147Volume 2-issue-6-2143-2147
Volume 2-issue-6-2143-2147
 
Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124Volume 2-issue-6-2119-2124
Volume 2-issue-6-2119-2124
 
Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142Volume 2-issue-6-2139-2142
Volume 2-issue-6-2139-2142
 
Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138Volume 2-issue-6-2130-2138
Volume 2-issue-6-2130-2138
 
Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129Volume 2-issue-6-2125-2129
Volume 2-issue-6-2125-2129
 
Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118Volume 2-issue-6-2114-2118
Volume 2-issue-6-2114-2118
 
Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113Volume 2-issue-6-2108-2113
Volume 2-issue-6-2108-2113
 
Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107Volume 2-issue-6-2102-2107
Volume 2-issue-6-2102-2107
 

Último

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Hiroshi SHIBATA
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024TopCSSGallery
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPathCommunity
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFMichael Gough
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentMahmoud Rabie
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialJoão Esperancinha
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Nikki Chapple
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Mark Simos
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructureitnewsafrica
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 

Último (20)

Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024Long journey of Ruby standard library at RubyConf AU 2024
Long journey of Ruby standard library at RubyConf AU 2024
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024Top 10 Hubspot Development Companies in 2024
Top 10 Hubspot Development Companies in 2024
 
UiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to HeroUiPath Community: Communication Mining from Zero to Hero
UiPath Community: Communication Mining from Zero to Hero
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
All These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDFAll These Sophisticated Attacks, Can We Really Detect Them - PDF
All These Sophisticated Attacks, Can We Really Detect Them - PDF
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Digital Tools & AI in Career Development
Digital Tools & AI in Career DevelopmentDigital Tools & AI in Career Development
Digital Tools & AI in Career Development
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Kuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorialKuma Meshes Part I - The basics - A tutorial
Kuma Meshes Part I - The basics - A tutorial
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
Microsoft 365 Copilot: How to boost your productivity with AI – Part two: Dat...
 
A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
Tampa BSides - The No BS SOC (slides from April 6, 2024 talk)
 
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical InfrastructureVarsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
Varsha Sewlal- Cyber Attacks on Critical Critical Infrastructure
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 

A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset

  • 1. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 www.ijarcet.org 1766  Abstract— Nowadays, Internet is the most well-known and popular thing that is widely used by human beings. It is also an essential part of human life and provides the best and fast communication medium. As many people widely used Internet, i.e., so many user of Internet is increasing, network security attacks are also increasing. Among these security attacks, DDoS (Distributed Denial of Service) is the most serious attack for network security. This attack is not direct attack because it does not enter directly to the system and does not damage it. In this paper, the two proposed algorithms can be classified and identified what types of DDoS attacks by using UCLA data set. At first, packet classification algorithm classifies normal and attack from incoming packets. To get more accurate result, K-NN classifier estimates normal or attacks from results of packet classification algorithm. Finally, the proposed algorithm classifies and identifies types of DDoS attacks. Index Terms— DDoS, UCLA, network security I. INTRODUCTION Many people widely used Internet in all over the world. As the numbers of Internet users are increasing with new and developed services, many security attack threats have become popular. Some serious attacks expose and exploit in many security vulnerabilities. Recently, report for network security breaches indicate that the impact and the damaged costs of attacks are continuously increasing. The most popular recent network attack trend is the use of network traffic that is flooding attack. An attacker illegally places networks or hosts, without intruding into the hosts. These types of attacks such as Denial of Service(DoS) and Distributed Denial of Service(DDoS) attacks are the serious attacks that can cause the more damage than the other attacks [1,3,6]. A skillful DoS/ DDoS attack exploit the system quickly and it is difficult to trace back the intruder. This paper focuses on DDoS attack detection and classification method, especially for scanning and flooding attacks. The proposed system analyzes network traffic based on statistical approach by using UCLA data set[7]. The proposed system characterizes field values (packet count, average of packet size, time-interval variance, packet-size variance, and so on). This paper is organized as follows: Section II introduces some previous researches corresponding to DDoS attacks. Section III presents architecture of DDoS attack and types of DDoS attacks are presented in Section IV. Then the proposed system is presented in Section V and and results in experimental evaluation describes in Section VI and finally the conclusion of this paper. II. RELATED WORK In this section, some previous approaches to detect DDoS attacks are discussed. In [5] the proposed system is a statistical approach method based on various features of attacks packets, obtained from study from incoming network traffic and using of Radial Basic Function(RBF) Neural Network to analyze these features. This proposed system can be classified either normal or attack, but that can’t be classified and identified what types of attacks. In[4] this paper presents an abnormal network detecting method and a system prototype and suggests a detection algorithm using changes in traffic patterns that appeared during an attack. This proposed system can identify attacks but that cannot be detected by examining only single packet information. In[2] this proposed system introduces a method for proactive detection of DDoS attacks by classifying the network status. Then, it investigates the procedure of DDoS attacks and selects variables based on these features and finally, apply the K-Nearest Neighbour(K-NN) method to classify the network status into each phase of DDoS attack. III. ARCHITECTURE OF DDOS ATTACK DDoS attack, mainly includes finding hosts, making communication to hosts, compromise hosts and launching attack. The following steps are the detail process of DDoS attack: (1) Before starting DDoS attack, the attacker searches the hosts in the network which hosts have security vulnerability and weakness. Then the attacker intrudes these vulnerable hosts and they get administration authority to install control programs. (2) The attacker gives control instruction/command to the handlers that causes the handlers do orders to the agents. Generally, one or more handlers take control the agents. (3) The agents continuously or periodically send a huge numbers of useless packets to the victim. When the victim receives these huge amounts of packets, they cannot respond A Statistical Approach to Classify and Identify DDoS Attacks using UCLA Dataset Thwe Thwe Oo, Thandar Phyu
  • 2. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 1767 www.ijarcet.org for the entire incoming request. The other normal requests are not able to receive and corresponding reply to them because of the congested network traffic and the victim system crash and slow down. Fig.1.Architecture of DDoS Attack IV.TYPES OF DDOS ATTACKS In this paper, the proposed system emphasizes two types of DDoS attacks; flooding and scanning attacks. There are many types of flooding and scanning attacks such as SYN Flooding attack, ACK Flooding, SYN Scan and ACK Scan, etc. In a TCP SYN flooding attack, an attacker sends many SYN messages, with spoofed IP addresses, to a single server victim. Although the server replies with SYN/ACK messages, these messages are never acknowledged by the client. As a result, many halfopen connections exist on the server, consuming its resources.This continues until the server has consumed all its resources, hence can no longer accept new TCP connection requests. ACK Flood attacks use a large number of ACK packets to attack the victims, with all TCP messages being with ACK flag bits. When the host receives a packet with ACK flag bits, the existence of the four-tuple connection expressed by the packet needs to be checked. If the four-tuple connection exists, the host checks whether the state represented by the packet is legal, and then the packet can be passed to the application layer. If the packet is found to be illegal during the inspection (e.g. if the packet’s targeted port does not open on the machine) then the host's operating system protocol stack will respond with a RST packet, telling the other side that this port does not exist. In SYN Scan, send a SYN packet to the targeted destination port. If a host replies with a RST or does not reply, the port is closed. If a host replies with a ACK, close the connection by RSTand identifies open ports. In ACK Scan, send an ACK packet to the targeted destination port. If a host replies with an RST, a port is most likely open. If a host does not reply but an ICMP destination unreachable packet is received, the port is filtered. Otherwise the port is most likely closed and identifies potentially open and filtered ports. V. PROPOSED SYSTEM The proposed system involves the following steps: (1) Collection of packets (2) Features Extraction (3) Attack classification by using Packet Classification Algorithm (4) Estimate using K-NN Classifier (5) DDoS attack classification A. Collection of Packets The proposed system collects the incoming packets in every one second. For collecting packets in one second, it does not impact to the classification accuracy. The use of longer flow timeouts is possible; however, there is longer classification response. B. Features Extraction Feature extraction calculates the selected features for captured packets. These features are proposed by observing the characteristics of DDoS attack packets. These features can be used to recognize and classify incoming attack packets. The proposed features explain as follows:  Number of packets: Total number of packets from source IP to destination IP. During an attack, the attacker sends a large number of packets to the victim system.  Number of bytes: Total number of bytes sent from source IP to destination IP. It increases when launching DDoS attack.  Average packet size: The ratio of number of bytes to number of packets. It increases in attack time.  Packet rate: Rate of packet per second. For packet rate calculation: Packet rate per second = = number of packets = end packet sent time = start packet sent time  Byte rate: Rate of packets byte per second. For byte rate calculation: Byte rate per second = = total number of bytes = end packet sent time = start packet sent time )( 1 se p tt n   pn et st )( 1 se t tt b   tb et st
  • 3. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 www.ijarcet.org 1768  Time-interval variance: The attacker sends attack packets in the same time span while launching DDoS attack, so time interval variance will be closer to zero. For time-interval variance calculation: (i) First, calculating the means: , i = 1,2,3,… (ii) Second, squaring deviation of the means , c = collection number(c1,c2,c3,…) (iii)Third, final calculation of time-interval- variance  Packet-size variance: Although normal packets have different packet sizes, attack packet size are the same. So packet-size-variance will be closer to zero. For packet size calculation: (i) First, calculating the means: , i = 1,2,3,… (ii) Second, squaring deviation of the means (iii)Third, final calculation of packet-size-variance C. Attack classification by using Packet Classification Algorithm The algorithm checks the field values of the packet. The diagram in Figure (2) classifies attacks by the field values of the packets. N o: of p kt s Av g pkt size Ti- me- Inte -rv- al vari -an- ce Pac ket size vari anc e Nu- mb- er of byt- es Pac -ket rate per sec Bytes Rate per second No: of Fla- g pac -ket s Clas -s L L >0 L L <α L L Nor- mal H H <0 <0 H >λ H H Atta -ck D.Estimate using K-NN Classifier It is possible that one field value of the incoming packet may miss with the field value of the algorithm. For example, in normal case, packet size variance value is not (>0) although other field values match to the algorithm. If this case occurs, it cannot be sure that is normal or attack. When this case occurs, the proposed system identifies that this case is “Other” case which is not normal or attacks. To identify “Other” case as normal or attack, use the K-NN classifier to estimate normal or attack. There are many well-known methods for classifying documents such as SVM, NN, fuzzy logic, and rough set .We choose the k-NN method because this method has features that are suitable for proposed system.These features are: easy implementation, short time computation, and high accuracy.The k-NN algorithm is a similarity-based learning algorithm and is known to be highly effective in various problem domains, including classification problems. Given a test element dt, the k-NN algorithm finds its k nearest neighbors among the training elements, which form the neighborhood of dt. Fig.2.K-NN Classifier E.DDoS Attack Classification Finally, the proposed algorithm classifies and identifies what types of attacks.  IF (no-packets==HIGH) AND (avg-packet-size with same Destination IP==HIGH) AND (protocol==UDP) THEN UDP Flooding  IF (no-packets==HIGH) AND (avg- packet-size with same Destination IP==HIGH) AND (protocol==TCP) Begin IF(no-ACK with same destination port==HIGH) THEN TCP ACK Flooding IF (no-SYN with same destination port==HIGH) THEN TCP SYN Flooding End i t t i  2 2 n tt t n c    n tt t n c    2 )( i p p i n pp p n c 2 2 )(   n pp p n c    2 )(
  • 4. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 1769 www.ijarcet.org  IF(no-packets==HIGH) AND (no-destination-port==HIGH) AND (no-source-IP== LOW) Begin IF (no-ACK with same destination port==HIGH) THEN TCP ACK Scanning IF (no-SYN with same destination port==HIGH) THEN TCP SYN Scanning IF (no-FIN with same destination port==HIGH) THEN TCP FIN Scanning End  IF (no-packets==HIGH) AND (no-destination-IP==HIGH) AND (no-destination-port==LOW) THEN Network Scanning Attack VI.EXPERIMENTAL EVALUATION In this section, the proposed DDoS attack detection is described by the evaluation result. The proposed system classifies DDoS attacks by using UCLA Dataset. Table I shows mathematical calculation for features extraction. Fig.3. Collection of packet from raw log file Fig.4. Collection of packets for one second and store into database VI. CONCLUSIONS The most serious attack for network security is DDoS (Distributed Denial of Service) attack.The more the rate of the internet usage increases, the more challenge increase for efficient DDos detection system.So there are many challenges for detecting and classifying DDoS attacks. In the proposed system, DDoS attack packets are studied from UCLA data set and extract the features to analyze and classify DDoS attack. The proposed algorithm and packet classification algorithm will be efficient and suitable for classifying DDoS flooding and scanning attacks. 1. Drew Dean, Matt Franklin, and Adam Stubblefield, “An algebraic approach to ip traceback,” Proc. of Network and Distributed System Security Symposium, NDSS '01, San Diego, California, February 2001. 2. Hoai-Vu Nguyen and Yongsun Choi, “Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework”, International Journal of Electrical and Electronics Engineering 4:4 2010 3. L. John Ioannidis and Steven M. Bellovin, “Implementing pushback: Routerbased defense against DDoS att acks,” Proc. of Network and Distributed System Security Symposium, NDSwsS ’02, San Diego,California, February 2002. 4. Myung-Sup Kim, Hun-Jeong Kang, Seong-Cheol Hong, Seung-Hwa Chung, and James W. Hong, Dept. of Computer Science and Engineering, POSTECH, “A Flow-based Method for Abnormal Network Traffic Detection”. 5. Reyhaneh Karimazad and Ahmad Faraahi, “An Anomaly-Based Method for DDoS Attacks Detection using RBF Neural Networks”, 2011 International Conference on Network and Electronics Engineering , IPCSIT vol.11 (2011) © (2011) IACSIT Press, Singapore. 6. Stefan Savage, David Wetherall, Anna Karlin, and Tom Anderson, “Practical network support for IP traceback”, Proc.of the 2000 ACM SIGCOMM, Stockholm, Sweden, August 2000. 7. UCLA CSD packet traces. http://www.lasr.cs.ucla.edu/ddos/traces/public/usc.
  • 5. ISSN: 2278 – 1323 International Journal of Advanced Research in Computer Engineering & Technology (IJARCET) Volume 2, No 5, May 2013 www.ijarcet.org 1770 TABLE I .MATHEMATICAL CALCULATION FOR FEATURES EXTRACTION No Source IP Destination IP Calculated Features Number of packets Average of packet size Time-interval variance Packet-size-v ariance Number of bytes Packet rate Byte rate 1 14.238.35.257 1.1.12.257 5 27 1.58 3.9 94 0.61 154.89 2 69.9.75.100 1.1.180.177 17 69 3.98 69.88 1140 1.27 682.79 3 12.6.54.82 1.1.12.220 1355 970 0.001 0.02 1636585 34.73 276529.58 4 69.9.232.212 1.1.180.177 1504 994 0.001 0.01 1599453 39.05 286958.36