An Efficient Hybrid Protocol Framework for DDoS Attack Detection and Mitigation Using Evolutionary Technique

• Autorzy: Yerriswamy T. , Gururaj Murtugudde

Identyfikatory

DOI

10.26636/jtit.2022.165122

• Języki publikacji: EN

Abstrakty

EN

The ever-increasing use of the Internet has created massive amounts network traffic, causing problems related to its scalability, controllability, and manageability. Sophisticated network-based denial of service (DoS) and distributed denial of service (DDoS) attacks increasingly pose a future threat. The literature proposes various methods that may help stop all HTTP DoS/DDoS assaults, but no optimal solution has been identified so far. Therefore, this paper attempts to fill the gap by proposing an alternative solution known as an efficient hybrid protocol framework for distributed DoS attack detection and mitigation (E-HPFDDM). Such an architecture addresses all aspects of these assaults by relaying on a three-layer mechanism. Layer 1 uses the outer advanced blocking (OAB) scheme which blocks unauthorized IP sources using an advanced backlisted table. Layer 2 is a validation layer that relies on the inner service trackback (IST) scheme to help determine whether the inbound request has been initiated by a legitimate or an illegitimate user. Layer 3 (inner layer) uses the deep entropy based (DEB) scheme to identify, classify and mitigate high-rate DDoS (HR-DDoS) and flash crowd (FC) attacks. The research shows that in contrast to earlier studies, the structure of the proposed system offers effective defense against DoS/DDoS assaults for web applications.

Słowa kluczowe

EN

deep entropy based scheme; denial of service; distributed denial of service; flash crowd; high-rate DDoS; inner service trackback; outer advanced blocking

• Wydawca: Instytut Łączności - Państwowy Instytut Badawczy
• Czasopismo: Journal of Telecommunications and Information Technology
• Rocznik: 2022
• Tom: nr 4
• Strony: 77--82
• Opis fizyczny: Bibliogr. 20 poz., rys., wykr.

Twórcy

autor

Yerriswamy T.

• School of CSE, REVA University, India

autor

Gururaj Murtugudde

• School of CSE, REVA University, India

Bibliografia

• [1] A. Saravanan, S.S. Bama, S. Kadry, and L.K. Ramasamy, “A new framework to alleviate DDoS vulnerabilities in cloud computing”, International Journal of Electrical & Computer Engineering, vol. 9, no. 5, pp. 4163–4175, 2019 (DOI: 10.11591/ijece.v9i5.pp4163- 4175).
• [2] R.M. Ujjan, Z. Pervez, K. Dahal, W.A. Khan, A.M. Khattak, and B. Hayat, “Entropy based features distribution for anti-DDoS model in SDN”, Sustainability, vol. 13, no. 3, pp. 1–27, 2021 (DOI: 10.3390/su13031522).
• [3] S. Dong, R. Jain, and K. Abbas, “A Survey on Distributed Denial of Service (DDoS) Attacks in SDN and Cloud Computing Environments”, IEEE Access, vol. 7, pp. 80813–80828, pp. 1–1, 2019 (DOI: 10.1109/ACCESS.2019.2922196).
• [4] A. Alshamrani, A. Chowdhary, S. Pisharody, D. Lu, and D. Huang, “A defense system for defeating DDoS attacks in SDN based networks”, In proceedings of the ACM International Symposium on Mobility Management and Wireless Access, pp. 83–92, 2017 (DOI: 10.1145/3132062.3132074).
• [5] M. Imran, M.H. Durad, F.A. Khan, and A. Derhab, “Toward an optimal solution against denial of service attacks in software defined networks”, Future Gener. Comput. Syst., vol. 92, pp. 444–453, 2019 (DOI: 10.1016/j.future.2018.09.022).
• [6] A. Bushra, A. Sufyan, E. Hany, B.S. Haythem, and A. Moussa, “A survey on DoS/DDoS mitigation techniques in SDNs: Classification, comparison, solutions, testing tools and datasets”, Computers & Electrical Engineering, vol. 99, 2022 (DOI: 10.1016/j.compeleceng.2022.107706).
• [7] J. Cui, M. Wang, Y. Luo, and H. Zhong, “DDoS detection and defense mechanism based on cognitive-inspired computing in SDN”, Future Generation Computer Systems, vol. 97, 2019 (DOI: 10.1016/j.future.2019.02.037).
• [8] M.A. Naagas, E.L. Mique, T.D. Palaoag, and J.S.D. Cruz, “Defense through-deception network security model: Securing university campus network from DOS/DDOS attack”, Bulletin of Electrical Engineering and Informatics, vol. 7, no. 4, pp. 593–600, 2018 (DOI: 10.11591/eei.v7i4.1349).
• [9] R. Sahay, G. Blanc, Z. Zhang, H. Debar, “ArOMA: an SDN based autonomic DDoS mitigation framework”, Computers & Security, vol. 70, pp. 482–499, 2017 (DOI: 10.1016/j.cose.2017.07.008).
• [10] A. Mehmood, M. Mukherjee, S.H. Ahmed, H. Song, and K.M. Malik, “NBC-MAIDS: Naive Bayesian classification technique in multi agent system-enriched IDS for securing IoT against DDoS attacks”, The Journal of Supercomputing, vol. 74, no. 10, pp. 5156–5170 2018 (DOI: 10.1007/s11227-018-2413-7).
• [11] N. Ravi and S.M. Shalinie, “Learning-driven detection and mitigation of DDoS attack in IoT via SDN-cloud”, IEEE Internet of Things Journal, vol. 7, no. 4, pp. 3559–3570, 2020 (DOI: 10.1109/JIOT.2020.2973176).
• [12] T. Yerriswamy and M. Gururaj, “Signature-based Traffic Classification for DDoS Attack Detection and Analysis of Mitigation for DDoS Attacks using Programmable Commodity Switches”, International Journal of Performability Engineering, vol. 18, no. 7, pp. 529–536, 2022 (DOI: 10.23940/ijpe.22.07.p8.529536).
• [13] T. Yerriswamy and M. Gururaj, “An Efficient Algorithm for Anomaly Intrusion Detection in a Network”, Global Transitions Proceedings, vol. 2, 2021 (DOI: 10.1016/j.gltp.2021.08.066).
• [14] T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of distributed denial-of-service attack, prevention, and mitigation techniques”, International Journal of Distributed Sensor Networks, vol. 13, 155014771774146, 2017 (DOI: 10.1177/1550147717741463).
• [15] L. Zhang and J. Wang, “A hybrid method of entropy and SSAE-SVM based DDoS detection and mitigation mechanism in SDN”, Computers & Security, vol. 115, 102604, 2022 (DOI: 10.1016/j.cose.2022.102604).
• [16] Kamel Hasan and Abdullah Mahmood, “Distributed denial of service attacks detection for software defined networks based on evolutionary decision tree model”, Bulletin of Electrical Engineering and Informatics, vol. 11, pp. 2322–2330, 2022, (DOI: 10.11591/eei.v11i4.3835).
• [17] T. Islam, et al., “A Socio-Technical and Co-evolutionary Framework for Reducing Human-Related Risks in Cyber Security and Cybercrime Ecosystems”, G. Wang, M.Z.A. Bhuiyan S. De Capitani di Vimercati, Y. Ren (eds), Dependability in Sensor, Cloud, and Big Data Systems and Applications. DependSys 2019. Communications in Computer and Information Science, vol. 1123, 2019 (DOI: 10.1007/978-981- 15-1304-6_22).
• [18] T. Yerriswamy and M. Gururaj, “Study of evolutionary techniques in the field of network security”, pp. 594–598, 2020 (DOI: 10.1109/ICSTCEE49637.2020.9277 082).
• [19] S. Supreeth and K.K. Patil, “Hybrid Genetic Algorithm and Modified Swarm Optimization Algorithm (GA-MPSO) for Predicting Scheduling Virtual Machines in Educational Cloud Platforms”, Int. J. Emerg. Technol. Learn., vol. 17, no. 7, pp. 208–225, 2022 (DOI: 10.3991/ijet.v17i07.29223).
• [20] A. Pradhan, S.K. Bisoy, and A. Das, “A Survey on PSO Based Meta-Heuristic Scheduling Mechanism in Cloud Computing Environment”, Journal of King Saud University – Computer and Information Sciences, vol. 34, no. 8, pp. 4888–4901, 2021 (DOI: 10.1016/j.jksuci.2021.01.003).

Uwagi

Opracowanie rekordu ze środków MEiN, umowa nr SONP/SP/546092/2022 w ramach programu "Społeczna odpowiedzialność nauki" - moduł: Popularyzacja nauki i promocja sportu (2022-2023).