Change-point cloud DDoS detection using packet inter-arrival time

2016 8th Computer Science and Electronic Engineering Conference, CEEC 2016 - Conference Proceedings

Volumn , Issue , 2017, Pages 204-209

  Osanaiye, Opeyemi ^a   Choo, Kim Kwang Raymond ^b   Dlodlo, Mqhele ^a  

^a UNIVERSITY OF CAPE TOWN   (South Africa)

^b UNIVERSITY OF SOUTH AUSTRALIA   (Australia)

Author keywords

Change point; Cloud DDoS; CUSUM; DDoS attacks; Inter arrival time; Traffic flow

Indexed keywords

NETWORK SECURITY;

CHANGE-POINTS; CUSUM; DDOS ATTACK; INTER-ARRIVAL TIME; TRAFFIC FLOW;

DENIAL-OF-SERVICE ATTACK;

EID: 85015266091     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CEEC.2016.7835914     Document Type: Conference Paper

References (30)

1. K.-K. R. Choo, "Cloud computing: challenges and future directions," Trends and Issues in Crime and Criminal justice, no. 400, p. 1, 2010.
2. B. Martini and K.-K. R. Choo, "Cloud storage forensics: owncloud as a case study," Digital Investigation, vol. 10, no. 4, pp. 287-299, 2013. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1742287613000911
3. O. Osanaiye, K.-K. R. Choo, and M. Dlodlo, "Distributed denial of service (ddos) resilience in cloud: Review and conceptual cloud {DDoS} mitigation framework," Journal of Network and Computer Applications, vol. 67, pp. 147-165, 2016. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1084804516000023
4. J. Arshad, P. Townend, and J. Xu, "A novel intrusion severity analysis approach for clouds," Future Generation Computer Systems, vol. 29, no. 1, pp. 416-428, 2013, including Special section: AIRCC-NetCoM 2009 and Special section: Clouds and Service-Oriented Architectures. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S0167739X11001488
5. M. H. Bhuyan, H. J. Kashyap, D. K. Bhattacharyya, and J. K. Kalita, "Detecting distributed denial of service attacks: methods, tools and future directions," The Computer Journal, p. bxt031, 2013.
6. Z. Zhou, X. Chen, J. Wang, and X. Li, "A distributed detection scheme based on adaptive cusum and weighted cat against ddos attacks," in Proceedings of the 3rd International Conference on Multimedia Technology (ICMT 2013). Springer, 2014, pp. 97-105.
7. K.-K. R. Choo, "The cyber threat landscape: Challenges and future research directions," Computers & Security, vol. 30, no. 8, pp. 719-731, 2011.
8. V. Gulisano, M. Callau-Zori, Z. Fu, R. Jimnez-Peris, M. Papatriantafilou, and M. Patio-Martnez, "Stone: A streaming {DDoS} defense framework," Expert Systems with Applications, vol. 42, no. 24, pp. 9620-9633, 2015. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S095741741500487X
9. B. Wang, Y. Zheng, W. Lou, and Y. T. Hou, "{DDoS} attack protection in the era of cloud computing and software-defined networking," Computer Networks, vol. 81, pp. 308-319, 2015. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S1389128615000742
10. O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, "Ensemble-based multi-filter feature selection method for ddos detection in cloud computing," EURASIP Journal on Wireless Communications and Networking, vol. 2016, no. 1, p. 1, 2016.
11. T. Thapngam, S. Yu, W. Zhou, and G. Beliakov, "Discriminating ddos attack traffic from flash crowd through packet arrival patterns," in Computer Communications Workshops (INFOCOM WKSHPS), 2011 IEEE Conference on. IEEE, 2011, pp. 952-957.
12. M. Sachdeva, K. Kumar, and G. Singh, "A comprehensive approach to discriminate {DDoS} attacks from flash events," Journal of Information Security and Applications, vol. 26, pp. 8-22, 2016. [Online]. Available: http://www.sciencedirect.com/science/article/pii/S2214212615000472
13. Á. MacDermott, Q. Shi, M. Merabti, and K. Kifayat, "Security as a service for a cloud federation," in The 15th Post Graduate Symposium on the Convergence of Telecommunications, Networking and Broadcasting (PGNet2014), 2014, pp. 77-82.
14. A. G. Fragkiadakis, V. A. Siris, N. E. Petroulakis, and A. P. Traganitis, "Anomaly-based intrusion detection of jamming attacks, local versus collaborative detection," Wireless Communications and Mobile Computing, vol. 15, no. 2, pp. 276-294, 2015.
15. A. G. Tartakovsky, A. S. Polunchenko, and G. Sokolov, "Efficient computer network anomaly detection by changepoint detection methods," IEEE Journal of Selected Topics in Signal Processing, vol. 7, no. 1, pp. 4-11, 2013.
16. T. Peng, C. Leckie, and K. Ramamohanarao, "Proactively detecting distributed denial of service attacks using source ip address monitoring," in International Conference on Research in Networking. Springer, 2004, pp. 771-782.
17. H. H. Takada and U. Hofmann, "Application and analyses of cumulative sum to detect highly distributed denial of service attacks using different attack traffic patterns," 2004.
18. T. T. Nguyen and G. Armitage, "A survey of techniques for internet traffic classification using machine learning," IEEE Communications Surveys & Tutorials, vol. 10, no. 4, pp. 56-76, 2008.
19. E. Garsva, N. Paulauskas, G. Grazulevicius, and L. Gulbinovic, "Packet inter-arrival time distribution in academic computer network," Elektronika ir Elektrotechnika, vol. 20, no. 3, pp. 87-90, 2014.
20. M. Jaber, R. G. Cascella, and C. Barakat, "Can we trust the inter-packet time for traffic classification?" in 2011 IEEE International Conference on Communications (ICC). IEEE, 2011, pp. 1-5.
21. L. Arshadi and A. H. Jahangir, "On the tcp flow inter-arrival times dsitribution," in Computer Modeling and Simulation (EMS), 2011 Fifth UKSim European Symposium on. IEEE, 2011, pp. 360-365.
22. V. M. De Oca, D. R. Jeske, Q. Zhang, C. Rendon, and M. Marvasti, "A cusum change-point detection algorithm for non-stationary sequences with application to data network surveillance," Journal of Systems and Software, vol. 83, no. 7, pp. 1288-1297, 2010.
23. A. S. Polunchenko and A. G. Tartakovsky, "State-of-the-art in sequential change-point detection," Methodology and computing in applied probability, vol. 14, no. 3, pp. 649-684, 2012.
24. W. Schmid, "On the run length of a shewhart chart for correlated data," Statistical Papers, vol. 36, no. 1, pp. 111-130, 1995.
25. A. Wald, "Sequential tests of statistical hypotheses," in Breakthroughs in Statistics. Springer, 1992, pp. 256-298.
26. D. Martínez-Rego, D. Fernández-Francos, O. Fontenla-Romero, and A. Alonso-Betanzos, "Stream change detection via passive-aggressive classification and bernoulli cusum," Information Sciences, vol. 305, pp. 130-145, 2015.
27. S. Gavaskar, R. Surendiran, and D. E. Ramaraj, "Three counter defense mechanism for tcp syn flooding attacks," International Journal of Computer Applications, vol. 6, no. 6, pp. 0975-8887, 2010.
28. CAIDA. (2000) DDoS Attack 2007 Dataset. [Online]. Available: http://www.caida.org/data/passive/ddos-20070804-dataset.xml
29. WITS. (2003) Waikato Internet Traffic Storage: Auckland VIII trace. [Online]. Available: http://www.wand.net.nz/wits/auck/8/auckland-viii.php
30. W. Taylor. (2000) Change-point analyzer 2.0 shareware program. [Online]. Available: http://www.variation.com/cpa