Improving Discriminating Accuracy Rate of DDoS Attacks and Flash Events

Improving Discriminating Accuracy Rate of DDoS Attacks and Flash Events

Sahareesh Agha, Osama Rehman, Ibrahim M. H. Rahman
Copyright: © 2021 |Pages: 22
DOI: 10.4018/IJCWT.2021100102
OnDemand:
(Individual Articles)
Available
$37.50
Current Special Offers
No Current Special Offers
TOTAL SAVINGS: $37.50

Abstract

Internet security has become a big issue with the passage of time. Among many threats, the distributed denial-of-service (DDoS) attack is the most frequent threat in the networks. The purpose of the DDoS attacks is to interrupt service availability provided by different web servers. This results in legitimate users not being able to access the servers and hence facing denial of services. On the other hand, flash events are a high amount of legitimate users visiting a website due to a specific event. Consequences of these attacks are more powerful when launched during flash events, which are legitimate traffic and cause a denial of service. The purpose of this study is to build an intelligent network traffic classification model to improve the discrimination accuracy rate of DDoS attacks from flash events traffic. Weka is adopted as the platform for evaluating the performance of a random forest algorithm.
Article Preview
Top

Introduction

Internet security has become a major issue and with an increase in number of security attacks. Among many cyber-attacks, the Distributed Denial-of-Service (DDoS) attack is one of the most frequently executed attacks in the internet. Approximately, 20% or more of the enterprises around the world have gone through at least one DDoS attack every year on their network infrastructure (Somani et al., 2017). On Feb 2020, Amazon Web Services were hit by a huge DDOS attack, which was the most extreme recent DDOS attack, using Connectionless Lightweight Directory Access Protocol (CLDAP). An unidentified AWS customer was targeted (Nicholson, 2020). Another DDoS attack was executed on the 21st October 2016, where the attacks were launched for almost two hours on Twitter, Scpotify Amazon servers and it results in financial loss of 206$(Moss, 2016).

In DDoS attack, the attacker intends either to occupy bandwidth of the network so that legitimate users cannot access the online resource, or sends large amount of data traffic on a particular resource on server. It keeps server busy in handling requests of attackers so that legitimate users cannot use these servers(Gupta & Badve, 2017). Hence, the attackers aim is to deny access to legitimate users. In general, DDoS attacks are launched by sending requests from a group of compromised machines, known as Botnets, to the targeted servers (Hoque et al., 2015).

In general, DDoS attacks can be divided into two categories: high-rate DDoS attacks and low-rate DDoS attacks (Koay et al., 2018). The major difference between these attacks is in packet transmission rates. Smurf (Koay et al., 2018) is a high-rate DDoS attack which causes sudden increase in traffic volume, which results in congestion in network resources . On the other hand, HTTP-GET attack (Somani et al., 2017) is a low-rate DDoS attack, low rate attacks are slow rate requests with less number of bytes or payload than high rate attacks. To handle these requests, large amount of processing is usually required. So destination bytes and time is required to fulfill attack requests is also high.

It is observed that the frequency of DDoS attacks has been increased to 25% during lockdown from March to June as compared to 2019(Vijayan, 2020). DDoS attacks can be used as weapons in cyber warfare by hackers to target critical infrastructures like hospitals, transportation hubs, Banks, energy utilities. These culprits can be terrorist cells or any other nation state. (Reo, 2017). DDoS attacks have been the best choice for terrorists since many years, their main targets are online payment networks and bank applications (Alguliyev et al., 2019). Cyber warfare can be considered as a virtual war because it can cause same destruction as physical war would do, some countries send cyber-attacks on others to weaken their economy and DDoS attack is one type of cyber warfare. (Papathanasaki et al., 2020).

Current DDOS attacks tend to mimic Flash Events and disrupts legitimate access to the server (Sachdeva et al., 2016). Flash events are sudden rush of legitimate users of a website who access the website simultaneously due to some breaking news which happens in the world (Behal et al., 2017) Flash Events are quite common in occurrence, from news websites to online shopping websites or whenever a new product is launched by any electronic company, Flash Events usually occur. This can lead to server slow down or even crashing it in case of poor server configurations, but usually load balancers are employed on web servers to control these kind of traffic loads (Saravanan et al., 2016). Data sets used for evaluating classifiers are also very important and as per literature in chapter 2, researchers have used CAIDA, CICD and KDD cup and FIFA world cup dataset. CAIDA, FIFA and KDD cup data sets are old and with time, pattern of attacks and flash events have also changed while CICD data sets are not for flash events. So it is decided to take NSL KDD dataset which is improvement over KDD dataset and as per our knowledge it is not used before for Flash events and DDoS attacks using random forest. 25% appraisal is observed in the frequency of DDoS attacks during lockdown from March to June as compared to 2019

Complete Article List

Search this Journal:
Reset
Volume 14: 1 Issue (2024)
Volume 13: 1 Issue (2023)
Volume 12: 4 Issues (2022): 2 Released, 2 Forthcoming
Volume 11: 4 Issues (2021)
Volume 10: 4 Issues (2020)
Volume 9: 4 Issues (2019)
Volume 8: 4 Issues (2018)
Volume 7: 4 Issues (2017)
Volume 6: 4 Issues (2016)
Volume 5: 4 Issues (2015)
Volume 4: 4 Issues (2014)
Volume 3: 4 Issues (2013)
Volume 2: 4 Issues (2012)
Volume 1: 4 Issues (2011)
View Complete Journal Contents Listing