Abstract
Distributed denial of service (DDoS) attacks continue to be an ever-increasing threat in cyberspace. Nowadays, attackers tend to launch advanced DDoS attacks with botnets to bypass the detection system. In this paper, we present a method for launching an advanced application-layer DDoS which masquerades as a flash crowd (FC). The attack strategy falls in two aspects: (1) extracting legitimate users’ behaviors; (2) instructing bots to behave as legitimate users. To achieve this, we propose a multi-step algorithm to extract user browsing behaviors and establish a Sequence Generative Adversarial Nets (SeqGAN) model to generate mimicking behaviors of bots. In addition, we experimentally study the effectiveness of this mimicking attack. The study shows that the mimicking attack can fool a detection system that is based on machine learning algorithms. The experimental results also demonstrate that the mimicking attack is indistinguishable from FC in term of statistics.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Netscout’s 14th annual worldwide infrastructure security report. https://www.netscout.com/report/
Arjovsky, M., Chintala, S., Bottou, L.: Wasserstein generative adversarial networks. In: International Conference on Machine Learning, pp. 214–223 (2017)
Berthelot, D., Schumm, T., Metz, L.: BEGAN: boundary equilibrium generative adversarial networks. arXiv preprint arXiv:1703.10717 (2017)
Borji, A.: Pros and cons of gan evaluation measures. Comput. Vis. Image Underst. 179, 41–65 (2019)
Browne, C.B., et al.: A survey of monte carlo tree search methods. IEEE Trans. Comput. Intell. AI Games 4(1), 1–43 (2012)
Burklen, S., Marron, P.J., Fritsch, S., Rothermel, K.: User centric walk: An integrated approach for modeling the browsing behavior of users on the web. In: Proceedings of the 38th Annual Symposium on Simulation, pp. 149–159. IEEE Computer Society (2005)
Giralte, L.C., Conde, C., De Diego, I.M., Cabello, E.: Detecting denial of service by modelling web-server behaviour. Comput. Electr. Eng. 39(7), 2252–2262 (2013)
Goodfellow, I., et al.: Generative adversarial nets. In: Advances in Neural Information Processing Systems, pp. 2672–2680 (2014)
Hoque, N., Bhattacharyya, D.K., Kalita, J.K.: Botnet in DDoS attacks: trends and challenges. IEEE Commun. Surv. Tutor. 17(4), 2242–2270 (2015)
Huberman, B.A., Pirolli, P.L., Pitkow, J.E., Lukose, R.M.: Strong regularities in world wide web surfing. Science 280(5360), 95–97 (1998)
Jaafar, G.A., Abdullah, S.M., Ismail, S.: Review of recent detection methods for HTTP DDoS attack. J. Comput. Netw. Commun. 2019 (2019)
Jung, J., Krishnamurthy, B., Rabinovich, M.: Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites. In: Proceedings of the 11th International Conference on World Wide Web, pp. 293–304. ACM (2002)
Liao, Q., Li, H., Kang, S., Liu, C.: Feature extraction and construction of application layer DDoS attack based on user behavior. In: Proceedings of the 33rd Chinese Control Conference, pp. 5492–5497. IEEE (2014)
Luo, X., et al.: Anomaly detection for application layer user browsing behavior based on attributes and features. J. Phys: Conf. Ser. 1069(1), 12072 (2018)
Mitzenmacher, M.: A brief history of generative models for power law and lognormal distributions. Internet Math. 1(2), 226–251 (2004)
Miu, T.N., Wang, C., Luo, D.X., Wang, J.: Modeling user browsing activity for application layer DDoS attack detection. In: Deng, R., Weng, J., Ren, K., Yegneswaran, V. (eds.) SecureComm 2016. LNICST, vol. 198, pp. 747–750. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59608-2_42
Molnár, S., Megyesi, P., Szabó, G.: How to validate traffic generators? In: 2013 IEEE International Conference on Communications Workshops (ICC), pp. 1340–1344. IEEE (2013)
Najafabadi, M.M., Khoshgoftaar, T.M., Calvert, C., Kemp, C.: User behavior anomaly detection for application layer DDoS attacks. In: 2017 IEEE International Conference on Information Reuse and Integration (IRI), pp. 154–161. IEEE (2017)
Qi, G.J.: Loss-sensitive generative adversarial networks on lipschitz densities. arXiv preprint arXiv:1701.06264 (2017)
Radford, A., Metz, L., Chintala, S.: Unsupervised representation learning with deep convolutional generative adversarial networks. arXiv preprint arXiv:1511.06434 (2015)
Rigaki, M., Garcia, S.: Bringing a GAN to a knife-fight: adapting malware communication to avoid detection. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 70–75. IEEE (2018)
Silagadze, Z.: Citations and the Zipf-Mandelbrot’s law. arXiv preprint physics/9901035 (1999)
Singh, K., Singh, P., Kumar, K.: Application layer HTTP-GET flood DDoS attacks. Comput. Secur. 65, 344–372 (2017)
Singh, K., Singh, P., Kumar, K.: User behavior analytics-based classification of application layer HTTP-GET flood attacks. J. Netw. Comput. Appl. 112, 97–114 (2018)
Sun, D., Yang, K., Lv, B., Shi, Z.: Could we beat a new mimicking attack? In: 2017 19th Asia-Pacific Network Operations and Management Symposium (APNOMS), pp. 247–250. IEEE (2017)
Von Ahn, L., Blum, M., Langford, J.: Telling humans and computers apart automatically. Commun. ACM 47(2), 56–60 (2004)
Xie, Y., Yu, S.Z.: A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors. IEEE/ACM Trans. Netw. 17(1), 54–65 (2009)
Xu, C., Zhao, G., Xie, G., Yu, S.: Detection on application layer DDoS using random walk model. In: 2014 IEEE International Conference on Communications (ICC), pp. 707–712. IEEE (2014)
Ye, C., Zheng, K., She, C.: Application layer DDoS detection using clustering analysis. In: Proceedings of 2012 2nd International Conference on Computer Science and Network Technology, pp. 1038–1041. IEEE (2012)
Yu, L., Zhang, W., Wang, J., Yu, Y.: SeqGAN: sequence generative adversarial nets with policy gradient. In: Thirty-First AAAI Conference on Artificial Intelligence (2017)
Yu, S., Guo, S., Stojmenovic, I.: Fool me if you can: mimicking attacks and anti-attacks in cyberspace. IEEE Trans. Comput. 64(1), 139–151 (2015)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Huang, W., Peng, X., Shi, Z. (2020). A SeqGAN-Based Method for Mimicking Attack. In: Liu, Z., Yung, M. (eds) Information Security and Cryptology. Inscrypt 2019. Lecture Notes in Computer Science(), vol 12020. Springer, Cham. https://doi.org/10.1007/978-3-030-42921-8_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-42921-8_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-42920-1
Online ISBN: 978-3-030-42921-8
eBook Packages: Computer ScienceComputer Science (R0)