Abstract
Distributed denial-of-service (DDoS) has developed multiple variants, one of which is distributed reflective denial-of-service (DRDoS). Within the increasing number of Internet-of-Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. Many existing methods for DRDoS cannot generalize early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flow. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on deep forest, which consists of 5 estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the identified attack flow in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flow, and dramatically reduce the damage of DRDoS attack.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsReferences
CERT Coordination Center: Results of the distributed-systems intruder tools workshop. Software Engineering Institute (1999)
Garber, L.: Denial-of-service attacks rip the Internet. Computer 33(4), 12–17 (2000)
Kargl, F., Maier, J., Weber, M.: Protecting web servers from distributed denial of service attacks. In: Proceedings of the 10th International Conference on World Wide Web, pp. 514–524. ACM (2001)
Jieren, C., Yin, J., Liu, Y.: DDoS attack detection using IP address feature interaction. In: International Conference on Intelligent Networking and Collaborative Systems, pp. 113–118. IEEE Computer Society (2009)
Jieren, C., Zhang, B., Yin, J.: DDoS attack detection using three-state partition based on flow interaction. Commun. Comput. Inf. Sci. 29(4), 176–184 (2009)
Jieren, C., Yin, J., Liu, Y.: Detecting distributed denial of service attack based on multi-feature fusion. In: Security Technology - International Conference, pp. 132–139 (2009)
Jieren, C., Xiangyan, T., Zhu, X.: Distributed denial of service attack detection based on IP flow interaction. In: International Conference on E -Business and E -Government, pp. 1–4. IEEE (2011)
Jieren, C., Chen, Z., Xiangyan, T.: Adaptive DDoS attack detection method based on multiple-kernel learning. Security and Communication Networks (2018)
Jieren, C., Ruomeng, X., Xiangyan, T.: An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Contin. 55(1), 95–119 (2018)
Manikopoulos, C., Papavassiliou, S.: Network intrusion and fault detection: a statistical anomaly approach. IEEE Commun. Mag. 40(10), 76–82 (2002)
Aleroud, A., Karabatis, G.: Contextual information fusion for intrusion detection: a survey and taxonomy. Knowl. Inf. Syst. 52(3), 563–619 (2017)
AlEroud, A., Karabatis, G.: Beyond data: contextual information fusion for cyber security analytics. In: 31st ACM Symposium on Applied Computing (2016)
Li, J., Wang, L., Wang, L.: Verifiable Chebyshev maps-based chaotic encryption schemes with outsourcing computations in the cloud/fog scenarios. Concurr. Comput.: Pract. Exp. (2018). https://doi.org/10.1002/cpe.4523
Li, J., et al.: Multi-authority fine-grained access control with accountability and its application in cloud. J. Netw. Comput. Appl. https://doi.org/10.1016/j.jnca.2018.03.006
Bingshuang, L., Jun, L., Tao, W.: SF-DRDoS: the store-and-flood distributed reflective denial of service attack. Comput. Commun. 69(1), 107–115 (2015)
WRCCDC 2018. https://archive.wrccdc.org/pcaps/2018/
Funding
This work was supported by the National Natural Science Foundation of China [61762033, 61702539]; The National Natural Science Foundation of Hainan [617048, 2018CXTD333]; Hainan University Doctor Start Fund Project [kyqd1328]; Hainan University Youth Fund Project [qnjj1444]. This work is partially supported by Social Development Project of Public Welfare Technology Application of Zhejiang Province [LGF18F020019].
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Xu, R., Cheng, J., Wang, F., Tang, X., Xu, J. (2018). A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment. In: Hu, T., Wang, F., Li, H., Wang, Q. (eds) Algorithms and Architectures for Parallel Processing. ICA3PP 2018. Lecture Notes in Computer Science(), vol 11338. Springer, Cham. https://doi.org/10.1007/978-3-030-05234-8_21
Download citation
DOI: https://doi.org/10.1007/978-3-030-05234-8_21
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-05233-1
Online ISBN: 978-3-030-05234-8
eBook Packages: Computer ScienceComputer Science (R0)