Detection of Attacks Causing Network Service Denial

Veronika Ďurčeková; Ladislav Schwartz; Vladimír Hottmar; Bohumil Adamec

doi:10.3849/aimt.01220

Authors

Veronika Ďurčeková University of Žilina, Slovak Republic
Ladislav Schwartz University of Žilina, Slovak Republic
Vladimír Hottmar University of Žilina, Slovak Republic
Bohumil Adamec University of Žilina, Slovak Republic

DOI:

https://doi.org/10.3849/aimt.01220

Keywords:

Denial of Service – DoS, Distributed Denial of Service – DDoS, HTTP GET Flood attack, algorithm, simulation, theory of queuing systems

Abstract

This article deals with ICT security and particularly the Denial of Service (DoS) executed on the application layer. The main objective of the article is to describe the original algorithm designed for timely detection of DoS application attacks and, subsequently, on the results of experimental verification of the designed process. This algorithm is focused on the detection of HTTP GET Flood attack, which will cause a crash of the attacked server. Appropriate detection of attack from the analysis of incoming traffic is able to prevent a crash of server from happening. To detect such an attack, an original algorithm designed by our team was used.

References

LIN, D. Network Intrusion Detection and Mitigation Against Denial of Service Attack [Technical Report]. University of Pennsylvania, 2013. [cited 2017-03-04]. Available from: <http://repository.upenn.edu/cgi/viewcontent.cgi?article=2027&context=cis_reports>.

KAUR, P., KUMAR, M. and BHANDARI, A. A Review of Detection Approaches for Distributed Denial of Service Attacks. Systems Science & Control Engineering, 2017, vol. 5, no. 1, p. 301-320. https://doi.org/10.1080/21642583.2017.1331768.

JUNG, J., KRISHNAMURTHY, B. and RABINOVICH, M. Flash Crowds and Denial of Service Attacks: Characterization and Implementations for CDNs and Web Sites. In 11th International Conference on World Wide Web, Honolulu: ACM, 2002, p 293-304. https://doi.org/10.1145/511446.511485.

FERGUSON, P. and SENIE, D. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. Network Working Group, 2000, 10 p. https://doi.org/10.17487/RFC2827.

PATRIKAKIS, CH., KALAMARIS, T. and KAKAVAS, V. Performing Integrated System Test Using Malicious Component Insertion. Electronic Notes in Theoretical Computer Science, 2003, vol. 82, no. 6, p. 11-21. https://doi.org/10.1016/S1571-0661(04)81021-1.

ANKALI, S.B. and ASHOKA, D.V. Detection Architecture of Application Layer DDoS Attack for Internet. International Journal of Advanced Networking and Applications, 2011, vol. 3, no. 1, p. 984-990.

CHEN, C.M., OU, Y.H. and TSAI, Y.C. Web Botnet Detection Based on Flow Information. In IEEE Symposium on Security and Privacy – ISC, Tainan: IEEE, 2010. https://doi.org/10.1109/COMPSYM.2010.5685482.

DAS, D., SHARMA, U. and BBHATTAHCARYYA, D.K. Detection of HTTP Flooding Attacks in Multiple Scenarios. In International Conference on Information Communications and Computing & Security – ICCCS, Rourkela: ACM, 2011, p. 517-523. https://doi.org/10.1145/1947940.1948047.

BHATIA, S., MOHAY, G., TICKLE, A. and AHMED, E. Parametric Differences between a Real-world Distributed Denial of Service Attack and Flash Event. In Sixth International Conference on Availability, Reliability and Security – ARES, Vienna: IEEE, 2011, p. 210-217. https://doi.org/10.1109/ARES.2011.39.

ALMGREN, M. and LINDQVIST, U. Application-integrated Data Collection for Security Monitoring. In International Workshop on Recent Advances in Intrusion Detection – RAID 2011, Menlo Park: Springer, 2011 p. 22-36.

PRABHA, S. and ANITHA, R. Mitigation of Application Traffic DDoS Attacks with Trust and AM Based HMM Models. International Journal of Computer Applications, 2010, vol. 6, no. 9, p. 26-34. https://doi.org/10.5120/1101-1443.

BAKER, F. and SAVOLA, P. Ingress Filtering for Multihomed Networks. Network Working Group, 2004, 16 p. DOI 10.17487/RFC3704.

KEHE, W., TONG, Z., WEI, L. and GANG, M. Security Model Base on Network Business Security. In International Conference on Computer Technology and Development, Kota Kinabalu: IEEE, 2009, vol. 1, p. 577-580. https://doi.org/10.1109/ICCTD.2009.160.

HOLMES, D. 2016 DDoS Attack Trends. Seattle: F5 Networks, 10 p. [cited 2017-03-04]. Available from: <https://f5.com/Portals/1/PDF/security/2016_DDoS_Attack-Trends.pdf>.

DENER, M. and BAY, O.F. Practical Implementation of an Adaptive Detection-Defense Unit against Link Layer DoS Attacks for Wireless Sensor Networks. Security and Communication Networks, 2017, p. 9. https://doi.org/10.1155/2017/1531928.

ĎURČEKOVÁ, V. Detection of Attacks Causing Denial of Services [PhD Thesis]. Žilina: University of Žilina, 2014.

The Apache Software Foundation. Apache HTTP Server Documentation. [cited 2017-03-04]. Available from: <http://httpd.apache.org/docs/2.2/mpm.html 2012>.

ČEPČIANSKY, G. and SCHWARTZ, L. Stochastic Processes with Discrete States. Balti: LAP Lambert Academic Publishing, 2013, 117 p. ISBN 978-3-659-38320-5.

HANULIAK, I. and HANULIAK, P. Performance Evaluation of Iterative Parallel Algorithms. Kybernetes, 2010, vol. 39, no. 1, p. 107-126. https://doi.org/10.1108/03684921011021309.

HANULIAK, M. and HANULIAK, I. To the Correction of Analytical Models for Computer Based Communication Systems. Kybernetes, 2006, vol. 35, no. 9, p. 1492-1504. https://doi.org/10.1108/03684920610688504.

HANULIAK, J. and HANULIAK, I. To Performance Evaluation of Distributed Parallel Algorithms. Kybernetes, 2005, vol. 34, no. 9/10, p. 1633-1650. https://doi.org/10.1108/03684920510614858.

DOLEV, S., KATE, M. and WELCH, J.L. A Competitive Analysis for Retransmission Timeout. In Proceedings of the 15th International Conference on Distributed Computing Systems, 1995, p. 450-455.

PINTER, T. and KULČAR, L. Numerical and Statistical Methods in Astronomy (in Slovak). Hurbanovo: Slovenská ústredná hvezdáreň, 2006.