Network anomaly detection for protecting web services from the application layer bandwidth flooding attack

  • Authors

    • k V Raghavender OSMANIA UNIVERSITY,HYDERABAD
    • Dr P.Premchand
    2018-06-05
    https://doi.org/10.14419/ijet.v7i2.11154
  • ALBFA, Application-Laye, Distributed Denial of Service (DDoS), Popular Website.
  • Web servers are generally situated in an efficient server center where these servers associate with the outside Web straightforwardly through spines. In the interim, the application layer Bandwidth flooding attack (ALBFA) assaults are basic dangers to the Web, especially to those business web servers. As of now, there are a few strategies intended to deal with the ALBFA assaults, however the greater part of them can't be utilized as a part of substantial spines. In this paper, we propound another technique namely BFADM to identify ALBFA assaults. Our work separates itself from past techniques by considering ALBFA assault discovery in overwhelming spine movement. Moreover, the recognition of ALBFA assaults is effortlessly deceived by streak swarm activity. Keeping in mind the end goal to beat this issue, our propounded technique develops a Constant Recurrence Vector and genuine opportune describes the movement as an arrangement of models. By looking at the entropy of ALBFA assaults and blaze swarms, these models can be utilized to perceive the genuine ALBFA assaults. We coordinate the above discovery standards into a modularized resistance design, which comprises of a head-end sensor, an identification module and an activity channel. With a quick ALBFA discovery speed, the channel is equipped for letting the true blue demands through however the assault movement is ceased.

     

     

  • References

    1. [1] Y. Xie, S. Zheng Yu, Monitoring the application-layer ddos attacks for popular websites, IEEE/ACM Trans. Netw. 17 (1) (2009) 15–25.https://doi.org/10.1109/TNET.2008.925628.

      [2] Arbor. Networks, Worldwide network infrastructure security report, Tech. Rep., Arbor Networks, 2011.

      [3] Y. Xie, S. Zheng Yu, A large-scale hidden semi-Markov model for anomaly detection on user browsing behaviors, IEEE/ACM Trans. Netw. 17 (1) (2009) 54–65.https://doi.org/10.1109/TNET.2008.923716.

      [4] L. von Ahn, M. Blum, N.J. Hopper, J. Langford, Captcha: using hard ai problems for security, in: EUROCRYPT, 2003, pp. 294–311.

      [5] S. Kandula, D. Katabi, M. Jacob, A. Berger, Botz-4-sale: surviving organized ddos attacks that mimic flash crowds, in: Proceedings of the 2nd Conference on Symposium on Networked Systems Design and Implementation, NSDI’05, USENIX Association, Berkeley, CA, USA, 2005, pp. 287–300.

      [6] P. Barford, J. Kline, D. Plonka, A. Ron, A signal analysis of network traffic anomalies, in: Proceedings of the 2nd ACM SIGCOMM Workshop on Internet Measurement, IMW ’02, ACM, New York, NY, USA, 2002, pp. 71–82.https://doi.org/10.1145/637201.637210.

      [7] M. Walfish, M. Vutukuru, H. Balakrishnan, D. Karger, S. Shenker, Ddos defense by offense, ACM Trans. Comput. Syst. 28 (1) (2010) 1–54.https://doi.org/10.1145/1731060.1731063.

      [8] S. Ranjan, R. Swaminathan, M. Uysal, E. Knightly, Ddos-resilient scheduling to counter application layer attacks under imperfect detection, in: Proceedings. INFOCOM 2006. 25th IEEE International Conference on Computer Communications, 2006, pp. 1–13.https://doi.org/10.1109/INFOCOM.2006.127.

      [9] D. Dagon, G. Gu, C. P. Lee, W. Lee, “A Taxonomy of Botnet Structures,†in Proc. of Annual Computer Security Applications Conference (ACSAC), Dec. 2007. https://doi.org/10.1109/ACSAC.2007.44.

      [10] www.arbornetworks.com.

      [11] T. Peng, C. Leckie, K. Ramamohanarao, “Survey of Network-Based Defense Mechanisms Countering the DoS and DDoS Problems,†ACM Computing Surveys, vol. 39, no. 1, pp. 1-42, Apr. 2007. https://doi.org/10.1145/1216370.1216373.

      [12] S. Kandula, D. Katabi, M. Jacob, A. W. Berger, “Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds,†in Proc. of NSDI, Boston, MA, 2005.

      [13] C. Estan, G. Varghese, “New Directions in Traffic Measurement and Accounting,†in Proc. of ACM SIGCOMM, Aug. 2002.

      [14] R.R. Kompella, S. Singh, G. Varghese, “On Scalable Attack Detection in the Network,†in Proc. of ACM Internet Measurement Conference (IMC), Oct. 2004. https://doi.org/10.1145/1028788.1028812.

      [15] Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P. Roberts, K. Han, “Botnet Research Survey,†in Proc. of IEEE COMPSAC, pp. 967-972, 2008. https://doi.org/10.1109/COMPSAC.2008.205.

      [16] Alomari, Esraa, et al. "Botnet-based distributed denial of service (DDoS) attacks on web servers: classification and art." arXiv preprint arXiv: 1208. 0403 2012, pp. 24-32.

      [17] Gu, Q., & Liu, P. Denial of service attacks. Handbook of Computer Networks: Distributed Networks, Network Planning, Control, Management, and New Trends and Applications, Volume 3, 2007, pp. 454-468.

      [18] Zargar, SamanTaghavi, James Joshi, and David Tipper. "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks." Communications Surveys & Tutorials, IEEE 15.4 2013, pp. 2046-2069. https://doi.org/10.1109/SURV.2013.031413.00127.

      [19] Yau, David KY, et al. "Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles." IEEE/ACM Transactions on Networking (TON) 13.1 2005, pp. 29-42

      [20] J. B. D. Cabrera, L. Lewis, X. Qin, W. Lee, R. K. Prasanth, B. Ravichandran, and R. K. Mehra, “Proactive detection of distributed denial of service attacks using MIB traffic variables a feasibility study,†in Proc. IEEE/IFIP Int. Symp. Integr. Netw. Manag., May 2001, pp. 609–622.

      [21] H.Wang, D. Zhang, and K. G. Shin, “Detecting SYN flooding attacks,†in Proc. IEEE INFOCOM, 2002, vol. 3, pp. 1530–1539.

      [22] S. Noh, C. Lee, K. Choi, and G. Jung, “Detecting Distributed Denial of Service (DDoS) attacks through inductive learning,†Lecture Notes in Computer Science, vol. 2690, pp. 286–295, 2003.https://doi.org/10.1007/978-3-540-45080-1_38.

  • Downloads

  • How to Cite

    V Raghavender, k, & P.Premchand, D. (2018). Network anomaly detection for protecting web services from the application layer bandwidth flooding attack. International Journal of Engineering & Technology, 7(2), 907-912. https://doi.org/10.14419/ijet.v7i2.11154