Signature-based Traffic Classification for DDoS Attack Detection and Analysis of Mitigation for DDoS Attacks using Programmable Commodity Switches

doi:10.23940/ijpe.22.07.p8.529536

Abstract

Abstract: According to a study on vulnerabilities of network security, the novel-based signature, and anomaly-based approaches for Distributed Denial of Service (DDoS) attacks attempt to exploit the security flaws. Based on signature filtering criteria, the goal of this work is to develop an effective strategy for anomaly detection and mitigation of Distributed Denial of Service (DDoS) assaults. Most of today’s performance reduction of internet resources is based on Distributed Denial of Service (DDoS) assaults. Whenever we heard about a website being hacked, we assumed it was the result of a DDoS attack. The accessibility of the services or resources is normally reduced to a legitimate user by overloading the excessive traffic using a zombie distributed network which is due to DDoS assaults. Botnet refers to the widespread network of hacked hosts that carry out the attack. We designed a Non-Anomaly Evolutionary (NAE) Signature-based Model for a DDoS protection system using a signature and anomaly-based method that detects and mitigates assaults at their source, ensuring the network infrastructure's normal operation. According to the findings of the test, our approach took a total average mitigation time of 1.75 seconds with the total average Round Trip Time (RTT) of 0.481 milliseconds to detect DDoS attacks and to mitigate the same when compared to other existing novel signature-based models.

Key words: non-anomaly evolutionary (NAE) signature-based model, distributed denial of service, Botnet, signature filtering, DDoS mitigation system

Yerriswamy T and Gururaj Murtugudde. Signature-based Traffic Classification for DDoS Attack Detection and Analysis of Mitigation for DDoS Attacks using Programmable Commodity Switches [J]. Int J Performability Eng, 2022, 18(7): 529-536.

Add to citation manager EndNote|Reference Manager|ProCite|BibTeX|RefWorks

References

1. Network-Layer DDoS Attack Trends for Q4 2020. Available: https://blog.cloudare.com/networklayer-ddos-attack-trends-for- q4-2020/. Accessed in August 2021.
2. Bakr A., Ahmed A.E., andHefny H.A.A Survey on Mitigation Techniques against DDoS Attacks on Cloud Computing Architecture. International Journal of Advanced Science and Technology, vol. 28, no. 12, pp. 187-200, 2019.
3. Zegzhda D., Lavrova D., Pavlenko E., andShtyrkina A.Cyber Attack Prevention Based on Evolutionary Cybernetics Approach. Symmetry, vol. 12, no. 11, pp. 1931, 2020.
4. Manso P., Moura J., andSerrão C.SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks. Information, vol. 10, no. 3, pp. 106, 2019.
5. Sumantra, I. and Gandhi, S.I.DDoS Attack Detection and Mitigation in Software Defined Networks. In2020 International Conference on System, Computation, Automation and Networking (ICSCAN), IEEE, pp. 1-5, 2020.
6. Somani G., Gaur M.S., Sanghi D., Conti M., andRajarajan M.Scale Inside-out: Rapid Mitigation of Cloud DDoS Attacks. IEEE Transactions on Dependable and Secure Computing, vol. 15, no. 6, pp. 959-973, 2017.
7. Cui Y., Yan L., Li S., Xing H., Pan W., Zhu J., andZheng X.SD-Anti-DDoS: Fast and Efficient DDoS Defense in Software- defined Networks. Journal of Network and Computer Applications, vol. 68, pp. 65-79, 2016.
8. Dimolianis M., Pavlidis A., andMaglaris V.SYN Flood Attack Detection and Mitigation Using Machine Learning Traffic Classification and Programmable Data Plane Filtering. In2021 24th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), IEEE, pp. 126-133, 2021.
9. Global DDoS Summary NETSCOUT Cyber Threat Horizon. Available: https://horizon.netscout.com/?atlas=summary. Accessed in August 2021.
10. Lapolli Â.C., Marques J.A., andGaspary L.P.Offloading Real-Time DDoS Attack Detection to Programmable Data Planes. In2019 IFIP/IEEE Symposium on Integrated Network and Service Management (IM), IEEE, pp. 19-27, 2019.
11. Ding D., Savi M., Pederzolli F., Campanella M., andSiracusa D.In-network Volumetric DDoS Victim Identification Using Programmable Commodity Switches. IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp. 1191-1202, 2021.
12. You X., Feng Y., andSakurai K.Packet in Message Based DDoS Attack Detection in SDN Network Using Openflow. In2017 Fifth International Symposium on Computing and Networking (CANDAR), IEEE, pp. 522-528, 2017.
13. Xing T., Huang D., Xu L., Chung C.J., andKhatkar P.Snortflow: A Openflow-based Intrusion Prevention System in Cloud Environment. In2013 second GENI research and educational experiment workshop, IEEE, pp. 89-92, 2013.
14. Ahmed M., Mahmood A.N., andHu J.A Survey of Network Anomaly Detection Techniques. Journal of Network and Computer Applications, vol. 60, pp. 19-31, 2016.
15. Huong, T.T. and Thanh, N.H.Software Defined Networking-based One-packet DDoS Mitigation Architecture. InProceedings of the 11th International Conference on Ubiquitous Information Management and Communication, pp. 1-7, 2017.
16. Mishra P., Varadharajan V., Tupakula U., andPilli E.S.A Detailed Investigation and Analysis of Using Machine Learning Techniques for Intrusion Detection. IEEE Communications Surveys & Tutorials, vol. 21, no. 1, pp. 686-728, 2018.
17. Behal S., Kumar K., andSachdeva M.D-FACE: An Anomaly Based Distributed Approach for Early Detection of DDoS Attacks and Flash Events. Journal of Network and Computer Applications, vol. 111, pp. 49-63, 2018.
18. Yerriswamy, T. and Murtugudde, G.An Efficient Algorithm for Anomaly Intrusion Detection in a Network. Global Transitions Proceedings, vol. 2, no. 2, pp. 255-260, 2021.
19. Yerriswamy, T. and Murtugudde, G.Study of Evolutionary Techniques in the Field of Network Security. In2020 International Conference on Smart Technologies in Computing, Electrical and Electronics (ICSTCEE), IEEE, pp. 594-598, 2020.
20. Giotis K., Androulidakis G., andMaglaris V.A Scalable Anomaly Detection and Mitigation Architecture for Legacy Networks via an Openflow Middlebox. Security and Communication Networks, vol. 9, no. 13, pp. 1958-1970, 2016.
21. Kaur P., Kumar M., andBhandari A.A Review of Detection Approaches for Distributed Denial of Service Attacks. Systems Science & Control Engineering, vol. 5, no. 1, pp. 301-320, 2017.
22. Siaterlis, C. and Maglaris, V.Detecting Incoming and Outgoing DDoS Attacks at the Edge Using a Single Set of Network Characteristics. In10th IEEE Symposium on Computers and Communications (ISCC'05), IEEE, pp. 469-475, 2005.
23. Supreeth S, & Kirankumari Patil, “Hybrid Genetic Algorithm and Modified-Particle Swarm Optimization Algorithm (GA-MPSO) for Predicting Scheduling Virtual Machines in Educational Cloud Platforms”, International Journal of Emerging Technologies in Learning (iJET), 17(07), pp. 208-225, 2022.
24. Li S., Cui Y., Ni Y., andYan L.An Effective Sdn Controller Scheduling Method to Defence DDoS Attacks. Chinese Journal of Electronics, vol. 28, no. 2, pp. 404-407, 2019.

[1]	Balaganesh Bojarajulu, Sarvesh Tanwar, and Thipendra Pal Singh. Parametric and Non-parametric Analysis on MAOA-based Intelligent IoT-BOTNET Attack Detection Model [J]. Int J Performability Eng, 2022, 18(10): 741-750.
[2]	Wei Feng and Yuqin Wu. DDoS Attack Real-Time Defense Mechanism using Deep Q-Learning Network [J]. Int J Performability Eng, 2020, 16(9): 1362-1373.