Skip to main content
SpringerLink
Log in

A SeqGAN-Based Method for Mimicking Attack

  • Conference paper
  • First Online:
Information Security and Cryptology (Inscrypt 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12020))

Included in the following conference series:

  • 951 Accesses

Abstract

Distributed denial of service (DDoS) attacks continue to be an ever-increasing threat in cyberspace. Nowadays, attackers tend to launch advanced DDoS attacks with botnets to bypass the detection system. In this paper, we present a method for launching an advanced application-layer DDoS which masquerades as a flash crowd (FC). The attack strategy falls in two aspects: (1) extracting legitimate users’ behaviors; (2) instructing bots to behave as legitimate users. To achieve this, we propose a multi-step algorithm to extract user browsing behaviors and establish a Sequence Generative Adversarial Nets (SeqGAN) model to generate mimicking behaviors of bots. In addition, we experimentally study the effectiveness of this mimicking attack. The study shows that the mimicking attack can fool a detection system that is based on machine learning algorithms. The experimental results also demonstrate that the mimicking attack is indistinguishable from FC in term of statistics.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Netscout’s 14th annual worldwide infrastructure security report. https://www.netscout.com/report/

  2. Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein generative adversarial networks. In: International Conference on Machine Learning, pp. 214–223 (2017)

    Google Scholar 

  3. Berthelot, D., Schumm, T., Metz, L.: BEGAN: boundary equilibrium generative adversarial networks. arXiv preprint arXiv:1703.10717 (2017)

  4. Borji, A.: Pros and cons of gan evaluation measures. Comput. Vis. Image Underst. 179, 41–65 (2019)

    Article  Google Scholar 

  5. Browne, C.B., et al.: A survey of monte carlo tree search methods. IEEE Trans. Comput. Intell. AI Games 4(1), 1–43 (2012)

    Article  Google Scholar 

  6. Burklen, S., Marron, P.J., Fritsch, S., Rothermel, K.: User centric walk: An integrated approach for modeling the browsing behavior of users on the web. In: Proceedings of the 38th Annual Symposium on Simulation, pp. 149–159. IEEE Computer Society (2005)

    Google Scholar 

  7. Giralte, L.C., Conde, C., De Diego, I.M., Cabello, E.: Detecting denial of service by modelling web-server behaviour. Comput. Electr. Eng. 39(7), 2252–2262 (2013)

    Article  Google Scholar 

  8. Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)

    Google Scholar 

  9. Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015)

    Article  Google Scholar 

  10. Huberman, B.A., Pirolli, P.L., Pitkow, J.E., Lukose, R.M.: Strong regularities in world wide web surfing. Science 280(5360), 95–97 (1998)

    Article  Google Scholar 

  11. Jaafar, G.A., Abdullah, S.M., Ismail, S.: Review of recent detection methods for HTTP DDoS attack. J. Comput. Netw. Commun. 2019 (2019)

    Google Scholar 

  12. Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, pp. 293–304. ACM (2002)

    Google Scholar 

  13. Liao, Q., Li, H., Kang, S., Liu, C.: Feature extraction and construction of application layer DDoS attack based on user behavior. In: Proceedings of the 33rd Chinese Control Conference, pp. 5492–5497. IEEE (2014)

    Google Scholar 

  14. Luo, X., et al.: Anomaly detection for application layer user browsing behavior based on attributes and features. J. Phys: Conf. Ser. 1069(1), 12072 (2018)

    Google Scholar 

  15. Mitzenmacher, M.: A brief history of generative models for power law and lognormal distributions. Internet Math. 1(2), 226–251 (2004)

    Article  MathSciNet  Google Scholar 

  16. Miu, T.N., Wang, C., Luo, D.X., Wang, J.: Modeling user browsing activity for application layer DDoS attack detection. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds.) SecureComm 2016. LNICST, vol. 198, pp. 747–750. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59608-2_42

    Chapter  Google Scholar 

  17. Molnár, S., Megyesi, P., Szabó, G.: How to validate traffic generators? In: 2013 IEEE International Conference on Communications Workshops (ICC), pp. 1340–1344. IEEE (2013)

    Google Scholar 

  18. Najafabadi, M.M., Khoshgoftaar, T.M., Calvert, C., Kemp, C.: User behavior anomaly detection for application layer DDoS attacks. In: 2017 IEEE International Conference on Information Reuse and Integration (IRI), pp. 154–161. IEEE (2017)

    Google Scholar 

  19. Qi, G.J.: Loss-sensitive generative adversarial networks on lipschitz densities. arXiv preprint arXiv:1701.06264 (2017)

  20. Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434 (2015)

  21. Rigaki, M., Garcia, S.: Bringing a GAN to a knife-fight: adapting malware communication to avoid detection. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 70–75. IEEE (2018)

    Google Scholar 

  22. Silagadze, Z.: Citations and the Zipf-Mandelbrot’s law. arXiv preprint physics/9901035 (1999)

    Google Scholar 

  23. Singh, K., Singh, P., Kumar, K.: Application layer HTTP-GET flood DDoS attacks. Comput. Secur. 65, 344–372 (2017)

    Article  Google Scholar 

  24. Singh, K., Singh, P., Kumar, K.: User behavior analytics-based classification of application layer HTTP-GET flood attacks. J. Netw. Comput. Appl. 112, 97–114 (2018)

    Article  Google Scholar 

  25. Sun, D., Yang, K., Lv, B., Shi, Z.: Could we beat a new mimicking attack? In: 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 247–250. IEEE (2017)

    Google Scholar 

  26. Von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47(2), 56–60 (2004)

    Article  Google Scholar 

  27. Xie, Y., Yu, S.Z.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. 17(1), 54–65 (2009)

    Article  Google Scholar 

  28. Xu, C., Zhao, G., Xie, G., Yu, S.: Detection on application layer DDoS using random walk model. In: 2014 IEEE International Conference on Communications (ICC), pp. 707–712. IEEE (2014)

    Google Scholar 

  29. Ye, C., Zheng, K., She, C.: Application layer DDoS detection using clustering analysis. In: Proceedings of 2012 2nd International Conference on Computer Science and Network Technology, pp. 1038–1041. IEEE (2012)

    Google Scholar 

  30. Yu, L., Zhang, W., Wang, J., Yu, Y.: SeqGAN: sequence generative adversarial nets with policy gradient. In: Thirty-First AAAI Conference on Artificial Intelligence (2017)

    Google Scholar 

  31. Yu, S., Guo, S., Stojmenovic, I.: Fool me if you can: mimicking attacks and anti-attacks in cyberspace. IEEE Trans. Comput. 64(1), 139–151 (2015)

    Article  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Information Engineering, Chinese Academy of Sciences, Beijing, China

    Weiqing Huang, Xiao Peng & Zhixin Shi

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China

    Weiqing Huang, Xiao Peng & Zhixin Shi

Authors
  1. Weiqing Huang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiao Peng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Zhixin Shi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Zhixin Shi .

Editor information

Editors and Affiliations

  1. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Zhe Liu

  2. Computer Science Department, Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Huang, W., Peng, X., Shi, Z. (2020). A SeqGAN-Based Method for Mimicking Attack. In: Liu, Z., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2019. Lecture Notes in Computer Science(), vol 12020. Springer, Cham. https://doi.org/10.1007/978-3-030-42921-8_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-42921-8_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-42920-1

  • Online ISBN: 978-3-030-42921-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation