ICMP-DDoS Attack Detection Using Clustering-Based Neural Network Techniques

  • Naorem Nalini Devi
  • Khundrakpam Johnson Singh
  • Tanmay De
Conference paper
Part of the Springer Proceedings in Mathematics & Statistics book series (PROMS, volume 225)

Abstract

DDoS comprises of one of the biggest problems in the network security. Monitoring the traffic is the fundamental technique used in order to discover the entity of probable irregularity in the traffic patterns. In this paper, we used SOM to divide the dataset into clusters, as analysis of clusters is easier than the whole dataset. We select the features such as mean inter-arrival time and mean probability of occurrence of the IP addresses that have the greater impact on the DDoS attack from the incoming packets. These features are given as input to the SOM to cluster the structure of similar member in a collection of unlabeled data. The comparison is made between pre-observed features from already trained datasets and features present in each cluster. MLP classifier is used to categorize the incoming clients as normal and attack. In this paper, we used CAIDA 2007 attack datasets and CAIDA 2013 anonymized trace datasets as pre-observed samples. The proposed method detects a DDoS attack with maximum efficiency of 97% and with a low false positive rate of 3.0%.

Keywords

DDoS attack SOM ICMP MLP Clusters 

References

  1. 1.
    Aikaterini, M., Christos, D.: Detecting denial of service attacks using emergent self-organizing maps. In: 2005 IEEE International Symposium on Signal Processing and Information Technology, pp. 375–380. IEEE (2005)Google Scholar
  2. 2.
    Raman, S., Harish, K., Singla, R.K.: An intrusion detection system using network traffic profiling and online sequential extreme learning machine. (Elsevier) 42(22), 8609–8624 (2015)Google Scholar
  3. 3.
    Monowar, H.B., Bhattacharyya, D.K., Kalita, J.K.: A multi-step outlier anomaly detection approach to network-wide traffic. (Elsevier) 348, 243–271 (2016)Google Scholar
  4. 4.
    The CAIDA UCSD “DDoS Attack 2007” Dataset. http://www.caida.org/data/passive/ddos20070804dataset.xml. Accessed 23 Sept 2015
  5. 5.
    Ping, D., Akihiro, N.: Overcourt: DDoS mitigation through credit-based traffic segregation and path migration. (Elsevier) 33, 2164–2175 (2010)Google Scholar
  6. 6.
    Karanpreet, S., Paramvir, S., Krishan, K.: A systematic review of IP traceback schemes for denial of service attacks. Comput. Secur. (2015). http://dx.doi.org/doi:10.1016/j.cose.2015.06.007
  7. 7.
    Saurabh, S., Sairam, A.S.: ICMP based IP traceback with negligible overhead for highly distributed reflector attack using bloom filters. (Elsevier) 42, 60–69 (2014)Google Scholar
  8. 8.
    Bhavani, Y., Janaki, V., Sridevi, R.: IP traceback through modified probabilistic packet marking algorithm using Chinese remainder theorem. (Elsevier) 6(2), 715–722 (2015)Google Scholar
  9. 9.
    Sang, M.L., Dong, S.K., Je, H.L., Jong, S.P.: Detection of DDoS attacks using optimized traffic matrix. (Elsevier) 63, 501–510 (2012)Google Scholar
  10. 10.
    Alan, S., Richard, E.O., Tomasz, R.: Detection of known and unknown DDoS attacks using artificial neural networks. (Elsevier) 1–9 (2015)Google Scholar
  11. 11.
    Rashmi, V.D., Kailas, K.D.: Understanding DDoS attack & its effect in the cloud environment. (Elsevier) 49, 202–210 (2015)Google Scholar
  12. 12.
    Hongbin, L., Yin, L., Hongke, Z.: Preventing DDoS attacks by identifier/locator separation. (IEEE) 60–65 (2013)Google Scholar
  13. 13.
    Sujatha, S., Radcliffe, P.J.: A novel framework to detect and block DDoS attack at the application layer. In: IEEE TENCON Spring Conference, pp. 578–582. IEEE (2013)Google Scholar
  14. 14.
    Liao, Q., Li, H., Kang S., Liu, Ch.: Feature extraction and construction of application layer DDoS attack based on user behavior. In: Proceedings of the 33rd Chinese Control Conference 28–30 July 2014, Nanjing, China (2014)Google Scholar
  15. 15.
    Luiz, F.C., Sylvio, B., Leonardo, D.S.J.M., Mario, L.P.: Unsupervised learning clustering and self-organized agents applied to help network management. 54, 29–47 (2016)Google Scholar
  16. 16.
    Emiro de la, H., Eduardo de la, H., Andres, O., Julio, O., Antonio, M.A.: Feature selection by multi-objective optimization: application to network anomaly detection by hierarchical self-organizing maps. (Elsevier) 71, 322–338 (2014)Google Scholar
  17. 17.
    Dennis, I., Xiaobo, Z.: A-GHSOM: an adaptive growing hierarchical self-organizing map for network anomaly detection. 72(12), 1576–1590 (2012)Google Scholar
  18. 18.
    Dusan, S., Natalija, V., Aijun, A.: Unsupervised clustering of web sessions to detect malicious and non-malicious website users. (Elsevier) 5, 123–131 (2011)Google Scholar
  19. 19.
    Gunasekhar, T., Thirupathi, R.K., Saikiran, P., Lakshmi, P.V.S.: A survey on DDoS attacks. Int. J. Comput. Sci. Inf. Technol. 5, 2373–2376 (2014)Google Scholar
  20. 20.
    Arun Raj Kumar, P., Sevalkumar, S.: Distributed denial of service attack detection using an ensemble of neural classifier. (Elsevier) 34(11), 1328–1341 (2011)Google Scholar
  21. 21.
    http://slideplayer.com/slide/3278185. Accessed 20 April 2016
  22. 22.
    Xinyang, D., Qi, L., Yong, D., Sankaran, M.: An improved method to construct basic probability assignment based on the confusion matrix for classification problem. (Elsevier) 340–341, 250–261 (2016)Google Scholar
  23. 23.
    Zhiyuan, T., Aruna, J., Xiangjian H., Priyadarsi, N., Ren, P.L., Jiankun, H.: Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans. Comput. http://eprints.eemcs.utwente.nl/25297/01/TC-2014–04
  24. 24.
    Theerasak, T., Shui, Y., Wanlei, Z., Beliakov, G.: Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. In: The First International Workshop on Security in Computers, Networking and Communications, pp. 969–974Google Scholar
  25. 25.
    Sin, J.H., Min, Y.S., Yuan, H.C., Tzong, W.K., Rong, J.C., Jui, L.L., Citra, D.P.: A novel intrusion detection system based on hierarchical clustering and support vector machines. 38(1), 306–313 (2011)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  • Naorem Nalini Devi
    • 1
  • Khundrakpam Johnson Singh
    • 1
  • Tanmay De
    • 2
  1. 1.Department of CSENIT ManipurImphalIndia
  2. 2.Department of CSENIT DurgapurDurgapurIndia

Personalised recommendations