A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment
Distributed denial-of-service (DDoS) has developed multiple variants, one of which is distributed reflective denial-of-service (DRDoS). Within the increasing number of Internet-of-Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. Many existing methods for DRDoS cannot generalize early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flow. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on deep forest, which consists of 5 estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the identified attack flow in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flow, and dramatically reduce the damage of DRDoS attack.
KeywordsDRDoS Deep forest IoT Big data Differentiated service
This work was supported by the National Natural Science Foundation of China [61762033, 61702539]; The National Natural Science Foundation of Hainan [617048, 2018CXTD333]; Hainan University Doctor Start Fund Project [kyqd1328]; Hainan University Youth Fund Project [qnjj1444]. This work is partially supported by Social Development Project of Public Welfare Technology Application of Zhejiang Province [LGF18F020019].
- 1.CERT Coordination Center: Results of the distributed-systems intruder tools workshop. Software Engineering Institute (1999)Google Scholar
- 3.Kargl, F., Maier, J., Weber, M.: Protecting web servers from distributed denial of service attacks. In: Proceedings of the 10th International Conference on World Wide Web, pp. 514–524. ACM (2001)Google Scholar
- 4.Jieren, C., Yin, J., Liu, Y.: DDoS attack detection using IP address feature interaction. In: International Conference on Intelligent Networking and Collaborative Systems, pp. 113–118. IEEE Computer Society (2009)Google Scholar
- 6.Jieren, C., Yin, J., Liu, Y.: Detecting distributed denial of service attack based on multi-feature fusion. In: Security Technology - International Conference, pp. 132–139 (2009)Google Scholar
- 7.Jieren, C., Xiangyan, T., Zhu, X.: Distributed denial of service attack detection based on IP flow interaction. In: International Conference on E -Business and E -Government, pp. 1–4. IEEE (2011)Google Scholar
- 8.Jieren, C., Chen, Z., Xiangyan, T.: Adaptive DDoS attack detection method based on multiple-kernel learning. Security and Communication Networks (2018)Google Scholar
- 9.Jieren, C., Ruomeng, X., Xiangyan, T.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Contin. 55(1), 95–119 (2018)Google Scholar
- 12.AlEroud, A., Karabatis, G.: Beyond data: contextual information fusion for cyber security analytics. In: 31st ACM Symposium on Applied Computing (2016)Google Scholar
- 13.Li, J., Wang, L., Wang, L.: Verifiable Chebyshev maps-based chaotic encryption schemes with outsourcing computations in the cloud/fog scenarios. Concurr. Comput.: Pract. Exp. (2018). https://doi.org/10.1002/cpe.4523
- 15.Bingshuang, L., Jun, L., Tao, W.: SF-DRDoS: the store-and-flood distributed reflective denial of service attack. Comput. Commun. 69(1), 107–115 (2015)Google Scholar
- 16.WRCCDC 2018. https://archive.wrccdc.org/pcaps/2018/