Skip to main content
SpringerLink
Log in

Predicting Number of Zombies in a DDoS Attacks Using Isotonic Regression

  • Chapter
Mining Social Networks and Security Informatics

Part of the book series: Lecture Notes in Social Networks ((LNSN))

Abstract

Anomaly based DDoS detection systems construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic deviate from normal profile beyond a threshold. This deviation in traffic beyond threshold is used in the past for DDoS detection but not for finding number of zombies. This chapter presents an approach that utilizes this deviation in traffic to predict number of zombies using isotonic regression model. A relationship is established between number of zombies and observed deviation in sample entropy. Internet type topologies used for simulation are generated using Transit-Stub model of GT-ITM topology generator. NS-2 network simulator on Linux platform is used as simulation test bed for launching DDoS attacks with varied number of zombies. Various statistical performance measures are used to measure the performance of the regression model. The simulation results are promising as we are able to predict number of zombies efficiently with very less error rate using isotonic regression model.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Gupta BB, Misra M, Joshi RC (2008) An ISP level solution to combat DDoS attacks using combined statistical based approach. Int J Inf Assur Secur 3(2):102–110

    Google Scholar 

  2. Gupta BB, Joshi RC, Misra M (2009) Defending against distributed denial of service attacks: issues and challenges. Inf Secur J 18(5):224–247

    Google Scholar 

  3. Gupta BB, Joshi RC, Misra M (2009) Dynamic and auto responsive solution for distributed denial-of-service attacks detection in ISP network. Int J Comput Theory Eng 1(1):71–80

    Google Scholar 

  4. Wu WB, Woodroofe M, Mentz G (2009) Isotonic regression: another look at the changepoint problem. Biometrika 88(3):793–804

    Article  MathSciNet  Google Scholar 

  5. Barlow RE, Brunk HD (1972) The isotonic regression problem and its dual. J Am Stat Assoc 67(337):140–147

    Article  MathSciNet  MATH  Google Scholar 

  6. Moore D, Shannon C, Brown DJ, Voelker G, Savage S (2006) Inferring internet denial-of-service activity. ACM Trans Comput Syst 24(2):115–139

    Article  Google Scholar 

  7. GT-ITM Traffic Generator documentation and tool. Available at http://www.cc.gatech.edu/fac/EllenLegura/graphs.html

  8. Documentation NS. Available at http://www.isi.edu/nsnam/ns

  9. Ferguson P, Senie D (1998) Network ingress filtering: defeating denial of service attacks which employ IP source address spoofing. In: RFC 2267, the Internet Engineering Task Force (IETF)

    Google Scholar 

  10. Peng T, Leckie C, Ramamohanarao K (2003) Protection from distributed denial of service attack using history-based IP filtering. In: Proceedings of ICC 2003, USA, pp 482–486

    Google Scholar 

  11. Molsa J (2005) Mitigating denial of service attacks: a tutorial. J Comput Secur 13:807–837

    Google Scholar 

  12. Geng X, Whinston AB (2000) Defeating distributed denial of service attacks. IEEE IT Prof 2(4):36–41

    Article  Google Scholar 

  13. Paxson V (1999) Bro: a system for detecting network intruders in real-time. Int J Comput Telecommun Netw 31(24):2435–2463

    Article  Google Scholar 

  14. Roesch M (1999) Snort-lightweight intrusion detection for networks. In: Proceedings of the USENIX systems administration conference, LISA ’99, pp 229–238

    Google Scholar 

  15. Gil TM, Poletto M (2001) Multops: a data-structure for bandwidth attack detection. In: Proceedings of the 10th USENIX security symposium, Washington, DC, USA, pp 23–38

    Google Scholar 

  16. Blazek RB, Kim H, Rozovskii B, Tartakovsky A (2001) A novel approach to detection of denial-of-service attacks via adaptive sequential and batch sequential change-point detection methods. In: Proceedings of IEEE systems, man and cybernetics information assurance workshop, pp 220–226

    Google Scholar 

  17. Cheng CM, Kung HT, Tan KS (2002) Use of spectral analysis in defense against DoS attacks. In: Proceedings of IEEE GLOBECOM 2002, Taipei, Taiwan, pp 2143–2148

    Google Scholar 

  18. Lee W, Stolfo SJ, Mok KW (1999) A data mining framework for building intrusion detection models. In: Proceedings of the 1999 IEEE symposium on security and privacy, Oakland, CA, pp 120–132

    Google Scholar 

  19. Huang Y, Pullen JM (2001) Countering Denial of Service attacks using congestion triggered packet sampling and filtering. In: Proceedings of the 10th international conference on computer communications and networks, Scottsdale, Arizona, pp 490–494

    Google Scholar 

  20. Mirkovic J, Prier G, Reiher P (2002) Attacking DDoS at the source. In: Proceedings of ICNP-2002, Paris, France, pp 312–321

    Google Scholar 

  21. Bencsath B, Vajda I (2004) Protection against DDoS attacks based on traffic level measurements. In: Proceedings of the western simulation multi conference, San Diego, California, pp 22–28

    Google Scholar 

  22. Chen Y, Hwang K, Ku W (2007) Collaborative detection of DDoS attacks over multiple network domains. IEEE Trans Parallel Distrib Syst, TPDS-0228-0806 (12)

    Google Scholar 

  23. Feinstein L, Schnackenberg D, Balupari R, Kindred D (2003) Statistical approaches to DDoS attack detection and response. In: Proceedings of DISCEX’03, Washington, DC, USA, pp 303–314

    Google Scholar 

  24. Savage S, Wetherall D, Karlin A, Anderson T (2000) Practical network support for IP traceback. In: Proceedings of ACM SIGCOMM 2000, Stockholm, Sweden, pp 295–306

    Google Scholar 

  25. Snoeren AC, Partridge C, Sanchez LA, Jones CE, Tchakountio F, Kent ST, Strayer WT (2001) Hash-based IP traceback. In: Proceedings of ACM SIGCOMM 2001, San Diego, CA, USA, pp 3–14

    Google Scholar 

  26. Darmohray T, Oliver R Hot spares for DDoS attacks. http://www.usenix.org/publications/login/2000-7/apropos.html

  27. Mahajan R, Bellovin SM, Floyd S, Ioannidis J, Paxson V, Shenker S (2002) Controlling high bandwidth aggregates in the network. Comput Commun Rev 32(3):62–73

    Article  Google Scholar 

  28. Lau F, Rubin SH, Smith MH, Trajkovic L (2000) Distributed denial of service attacks. In: Proceedings of IEEE international conference on systems, man, and cybernetics, pp 2275–2280

    Google Scholar 

  29. Floyd S, Jacobson V (1993) Random early detection gateways for congestion avoidance. IEEE/ACM Trans Netw 1(4):397–413

    Article  Google Scholar 

  30. Demers A, Keshav S, Shenker S (1990) Analysis and simulation of a fair queuing algorithm. J Internetworking Res Exp 1(1):3–26

    Google Scholar 

  31. Khattab SM, Sangpachatanaruk C, Melhem R, Mosse D, Znati T (2003) Proactive server roaming for mitigating denial-of-service attacks. In: Proceedings of international conference on information technology: research and education, ITRE2003, pp 286–290

    Google Scholar 

  32. Kumar K, Joshi RC, Singh K (2007) Predicting number of attackers using regression analysis. In: Proceedings of IEEE international conference on information and communication technology, Bangladesh, pp 319–322

    Google Scholar 

  33. Lindley DV (1987) Regression and correlation analysis. New Palgrave, A Dict Econ 4:120–123

    Google Scholar 

  34. Freedman DA (2005) Statistical models: theory and practice. Cambridge University Press, Cambridge

    Book  MATH  Google Scholar 

  35. Shannon CE (2001) A mathematical theory of communication. Mob Comput Commun Rev 5(1):3–55

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Indian Institute of Technology Roorkee, Roorkee, India

    B. B. Gupta

  2. University of Saskatchewan, Saskatoon, Canada

    Nadeem Jamali

Authors
  1. B. B. Gupta
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Nadeem Jamali
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to B. B. Gupta .

Editor information

Editors and Affiliations

  1. Department of Computer Engineering, TOBB University, Sogutozu Cad No. 43, Sogutozu Ankara, Turkey

    Tansel Özyer

  2. Information Technologies Institute, TUBITAK BILGEM, Gebze, Kocaeli, 41470, Turkey

    Zeki Erdem

  3. Computer Science, University of Calgary, University Dr. NW 2500, Calgary, T2N 1N4, Canada

    Jon Rokne

  4. American University of Sharjah, Universities City, Sharjah, Saudi Arabia

    Suheil Khoury

Rights and permissions

Reprints and permissions

Copyright information

© 2013 Springer Science+Business Media Dordrecht

About this chapter

Cite this chapter

Gupta, B.B., Jamali, N. (2013). Predicting Number of Zombies in a DDoS Attacks Using Isotonic Regression. In: Özyer, T., Erdem, Z., Rokne, J., Khoury, S. (eds) Mining Social Networks and Security Informatics. Lecture Notes in Social Networks. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-6359-3_8

Download citation

  • DOI: https://doi.org/10.1007/978-94-007-6359-3_8

  • Publisher Name: Springer, Dordrecht

  • Print ISBN: 978-94-007-6358-6

  • Online ISBN: 978-94-007-6359-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation