Abstract
Distributed Denial of Service (DDoS) attacks have for the last two decades been among the greatest threats facing the internet infrastructure. Mitigating DDoS attacks is a particularly challenging task as an attacker masks the attack traffic among legitimate users. Mitigation approaches within DDoS has therefore often been investigated within the field of anomaly intrusion detection. This means that even a successful mitigation approach will risk a high disregard of legitimate users. This article proposes to use data mining and machine learning approaches to find unique hidden data structures which keep a high degree of accepted legitimate traffic, while still being able to remove illegitimate and irrelevant data traffic which don’t follow the hidden structure. In this perspective, we devise and evaluate two novel IP Address clustering algorithms for DDoS mitigation, namely, Geographical Clustering (GC) and Reduced Geographical Clustering (RGC).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. ACM Trans. Comput. Syst. (TOCS) 24(2), 115–139 (2006)
Akamai: Akamai’s state of the internet report q1 2016 (2016)
Goldstein, M., Lampert, C., Reif, M., Stahl, A., Breuel, T.: Bayes optimal ddos mitigation by adaptive history-based IP filtering. In: Seventh International Conference on Networking (ICN 2008), pp. 174–179. IEEE (2008)
Peng, T., Leckie, C., Ramamohanarao, K.: Protection from distributed denial of service attacks using history-based IP filtering. In: IEEE International Conference on Communications (ICC 2003), vol. 1, pp. 482–486. IEEE (2003)
Goldstein, M., Reif, M., Stahl, A., Breuel, T.: Server-side prediction of source IP addresses using density estimation. In: International Conference on Availability, Reliability and Security, 2009 (ARES 2009), pp. 82–89. IEEE (2009)
Qin, X., Xu, T., Wang, C.: DDoS attack detection using flow entropy and clustering technique. In: 2015 11th International Conference on Computational Intelligence and Security (CIS), pp. 412–415. IEEE (2015)
Yu, J., Li, Z., Chen, H., Chen, X.: A detection and offense mechanism to defend against application layer DDoS attacks. In: Third International Conference on Networking and Services (ICNS), p. 54. IEEE (2007)
Li, Z., Li, Y., Xu, L.: Anomaly intrusion detection method based on k-means clustering algorithm with particle swarm optimization. In: 2011 International Conference on Information Technology, Computer Engineering and Management Sciences (ICM), vol. 2, pp. 157–161. IEEE (2011)
Mingqiang, Z., Hui, H., Qian, W.: A graph-based clustering algorithm for anomaly intrusion detection. In: 2012 7th International Conference on Computer Science & Education (ICCSE), pp. 1311–1314. IEEE (2012)
Ranjan, R., Sahoo, G.: A new clustering approach for anomaly intrusion detection, arXiv preprint arXiv:1404.2772 (2014)
Guan, Y., Ghorbani, A.A., Belacel, N.: Y-means: a clustering method for intrusion detection. In: Canadian Conference on Electrical and Computer Engineering (CCECE), vol. 2, pp. 1083–1086. IEEE (2003)
Xue-Yong, L., Guo-hong, G., Jia-xia, S.: A new intrusion detection method based on improved DBSCAN. In: 2010 WASE International Conference on Information Engineering (ICIE), vol. 2, pp. 117–120. IEEE (2010)
Ester, M., Kriegel, H.-P., Sander, J., Xu, X., et al.: A density-based algorithm for discovering clusters in large spatial databases with noise. In: Kdd, vol. 96, no. 34, pp. 226–231 (1996)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Kongshavn, M.V., Yazidi, A., Haugerud, H., Hammer, H. (2018). Data Mining Approaches for IP Address Clustering. In: Chen, Y., Duong, T. (eds) Industrial Networks and Intelligent Systems. INISCOM 2017. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 221. Springer, Cham. https://doi.org/10.1007/978-3-319-74176-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-319-74176-5_23
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-74175-8
Online ISBN: 978-3-319-74176-5
eBook Packages: Computer ScienceComputer Science (R0)