© The Institution of Engineering and Technology
Distributed denial of service (DDoS) attacks pose a significant threat to the smooth operations of today's online critical services and applications. Existing mechanisms to detect these attacks have had limited success. With the rapid growth in size and bandwidth of contemporary computer networks, an efficient and effective distributed solution is needed for detecting DDoS attacks. In this study, the authors propose a multiagent pattern recognition mechanism for detecting DDoS attacks, in adistributed fashion. Our proposed solution is very effective in detecting such attacks launched against victim servers residing inside a production network which has multiple gateways to the Internet. Using simulation, the authors show that our proposed mechanism achieves a high degree of accuracy in detecting DDoS attacks, with low false alarm rates, using a reasonable numbers of attack detection agents collaboratively operating in a typical production network. The authors also study the relationship of the number of agents participating in the attack detection process and the false alarm rate of the detection scheme.
References
-
-
1)
-
Du, W., Deng, J., Han, Y.S., Chen, S., Varshney, P.K.: `A key management scheme for wireless sensor networks using deployment knowledge', Proc. Twenty-third Conf. of the IEEE Communications Society INFOCOM04, 2004, p. 586–597.
-
2)
-
Peng, T., Leckie, C., Ramamohanrao, K.: `Detecting distributed denial of service attacks by sharing distributed beliefs', Proc. Eight Australasian Conf. on Information Security and Privacy, ACISP, 2003, p. 214–225.
-
3)
-
Yu, J., Fang, C., Lu, L., Li, Z.: `A lightweight mechanism to mitigate application layer DDoS attacks', Proc. Fourth Int. ICST Conf. on Scalable Information Systems, (INFOSCALE), 2009, p. 175–191.
-
4)
-
Jin, S., Yeung, D.: `DDoS detection based on feature space modeling', Proc. Third Int. Conf. on Machine learning and Cybernetics, 2004, p. 4210–4215.
-
5)
-
Eschenauer, L., Gligor, V.D.: `A key-management scheme for distributed sensor networks', Proc. Ninth ACM Conf. on Computer and Communications Security, 2002, p. 41–47.
-
6)
-
G. Carpenter ,
S. Grossberg
.
(1998)
Adaptive resonance theory, the handbook of brain theory and neural networks.
-
7)
-
Gligor, V.D.: `Guaranteeing access in spite of distributed service-flooding attacks', Proc. Int. Workshop on Security Protocols, 2003, p. 80–96.
-
8)
-
Y. Chen ,
K. Hwang ,
W.S. Ku
.
Collaborative detection of DDoS attacks over multiple network domains.
IEEE Trans. Parallel Distrib. Syst.
,
12 ,
1649 -
1662
-
9)
-
Chan, H., Perrig, A., Song, D.: `Random key predistribution schemes for sensor networks', IEEE Symp. on Security and Privacy, 2003, p. 197–213.
-
10)
-
Jalili, R., Imani-Mehr, F., Amini, M., Shahriari, H.: `Detection of distributed denial of service attacks using statistical pre-processor and unsupervised neural networks', Proc. First Information Security Practice and Experience Conf., 2005, p. 192–203.
-
11)
-
Kobsa, A., Fink, J.: `Performance evaluation of user modeling servers under real-world workload conditions', Proc. Ninth Int. Conf. on User Modeling, 2003, p. 143–153.
-
12)
-
Elliot, J.: `Distributed denial of service attacks and the zombie ant effect', IT Proc, March/April 2000, p. 55–57.
-
13)
-
Khan, A.I., Mihailescu, P.: `Parallel pattern recognition computations within a wireless sensor network', Proc. Int. Conf. on Pattern Recognition, 2004, 1, p. 777–780.
-
14)
-
G. Zhang ,
M. Parashar
.
Cooperative defence against DDoS attacks.
J. Res. Pract. Inf. Technol.
,
1 ,
69 -
84
-
15)
-
T. Kohonen
.
(1995)
Self-organizing maps.
-
16)
-
B. Nasution ,
A. Khan
.
A hierarchical graph neuron scheme for real-time pattern recognition.
IEEE Trans. Neural Netw.
,
2 ,
212 -
229
-
17)
-
Baig, Z.A.: `Distributed denial of service attack detection in wireless sensor networks', 2008, PhD, Monash University, Australia.
-
18)
-
Khan, A.I.: `A peer-to-peer associative memory network for intelligent information systems', Proc. 13th Australasian Conf. on Information Systems, 2002, 1, p. 1–12.
-
19)
-
R. Chang
.
Defending against flooding-based distributed denial of service attacks: a tutorial.
IEEE Commun. Mag.
,
10 ,
42 -
51
-
20)
-
Moore, D., Voelker, G., Savage, S.: `Inferring internet denial-of-service activity', Proc. USENIX Security Symp., 2001, p. 9–22.
-
21)
-
E.M. Izhikevich
.
Weakly pulse-coupled oscillators, fm interactions, synchronization, and oscillatory associative memory.
IEEE Trans. Neural Netw.
,
508 -
526
-
22)
-
Noh, S., Lee, C., Choi, K., Jung, G.: `Detecting distributed denial of service (DDoS) attacks through inductive learning', Proc. Fourth Int. Conf. on Intelligent Data Engineering and Automated Learning, IDEAL, 2003, p. 286–295.
-
23)
-
S. Haykin
.
(1999)
Neural networks.
-
24)
-
Hussain, A., Heidermann, J., Papadopoulos, C.: `A framework for classifying denial of service attacks', Proc. ACM, SIGCOMM 2003, 2003, p. 99–110.
-
25)
-
Servin, A., Kudenko, D.: `Multi-agent reinforcement learning for intrusion detection: A case study and evaluation', Proc. Eighteenth European Conf. on Artificial Intelligence, ECAI, 2008, p. 873–874.
-
26)
-
Szymczyk, M.: `Detecting botnets in computer networks using multi-agent technology', Proc. Fourth Int. Conf. on Dependability of Computer Systems, 2009, p. 192–201.
http://iet.metastore.ingenta.com/content/journals/10.1049/iet-ifs.2009.0255
Related content
content/journals/10.1049/iet-ifs.2009.0255
pub_keyword,iet_inspecKeyword,pub_concept
6
6