Detection of Attacks Causing Network Service Denial
Keywords:Denial of Service – DoS, Distributed Denial of Service – DDoS, HTTP GET Flood attack, algorithm, simulation, theory of queuing systems
This article deals with ICT security and particularly the Denial of Service (DoS) executed on the application layer. The main objective of the article is to describe the original algorithm designed for timely detection of DoS application attacks and, subsequently, on the results of experimental verification of the designed process. This algorithm is focused on the detection of HTTP GET Flood attack, which will cause a crash of the attacked server. Appropriate detection of attack from the analysis of incoming traffic is able to prevent a crash of server from happening. To detect such an attack, an original algorithm designed by our team was used.
LIN, D. Network Intrusion Detection and Mitigation Against Denial of Service Attack [Technical Report]. University of Pennsylvania, 2013. [cited 2017-03-04]. Available from: <http://repository.upenn.edu/cgi/viewcontent.cgi?article=2027&context=cis_reports>.
KAUR, P., KUMAR, M. and BHANDARI, A. A Review of Detection Approaches for Distributed Denial of Service Attacks. Systems Science & Control Engineering, 2017, vol. 5, no. 1, p. 301-320. https://doi.org/10.1080/21642583.2017.1331768.
JUNG, J., KRISHNAMURTHY, B. and RABINOVICH, M. Flash Crowds and Denial of Service Attacks: Characterization and Implementations for CDNs and Web Sites. In 11th International Conference on World Wide Web, Honolulu: ACM, 2002, p 293-304. https://doi.org/10.1145/511446.511485.
FERGUSON, P. and SENIE, D. Network Ingress Filtering: Defeating Denial of Service Attacks which Employ IP Source Address Spoofing. Network Working Group, 2000, 10 p. https://doi.org/10.17487/RFC2827.
PATRIKAKIS, CH., KALAMARIS, T. and KAKAVAS, V. Performing Integrated System Test Using Malicious Component Insertion. Electronic Notes in Theoretical Computer Science, 2003, vol. 82, no. 6, p. 11-21. https://doi.org/10.1016/S1571-0661(04)81021-1.
ANKALI, S.B. and ASHOKA, D.V. Detection Architecture of Application Layer DDoS Attack for Internet. International Journal of Advanced Networking and Applications, 2011, vol. 3, no. 1, p. 984-990.
CHEN, C.M., OU, Y.H. and TSAI, Y.C. Web Botnet Detection Based on Flow Information. In IEEE Symposium on Security and Privacy – ISC, Tainan: IEEE, 2010. https://doi.org/10.1109/COMPSYM.2010.5685482.
DAS, D., SHARMA, U. and BBHATTAHCARYYA, D.K. Detection of HTTP Flooding Attacks in Multiple Scenarios. In International Conference on Information Communications and Computing & Security – ICCCS, Rourkela: ACM, 2011, p. 517-523. https://doi.org/10.1145/1947940.1948047.
BHATIA, S., MOHAY, G., TICKLE, A. and AHMED, E. Parametric Differences between a Real-world Distributed Denial of Service Attack and Flash Event. In Sixth International Conference on Availability, Reliability and Security – ARES, Vienna: IEEE, 2011, p. 210-217. https://doi.org/10.1109/ARES.2011.39.
ALMGREN, M. and LINDQVIST, U. Application-integrated Data Collection for Security Monitoring. In International Workshop on Recent Advances in Intrusion Detection – RAID 2011, Menlo Park: Springer, 2011 p. 22-36.
PRABHA, S. and ANITHA, R. Mitigation of Application Traffic DDoS Attacks with Trust and AM Based HMM Models. International Journal of Computer Applications, 2010, vol. 6, no. 9, p. 26-34. https://doi.org/10.5120/1101-1443.
BAKER, F. and SAVOLA, P. Ingress Filtering for Multihomed Networks. Network Working Group, 2004, 16 p. DOI 10.17487/RFC3704.
KEHE, W., TONG, Z., WEI, L. and GANG, M. Security Model Base on Network Business Security. In International Conference on Computer Technology and Development, Kota Kinabalu: IEEE, 2009, vol. 1, p. 577-580. https://doi.org/10.1109/ICCTD.2009.160.
HOLMES, D. 2016 DDoS Attack Trends. Seattle: F5 Networks, 10 p. [cited 2017-03-04]. Available from: <https://f5.com/Portals/1/PDF/security/2016_DDoS_Attack-Trends.pdf>.
DENER, M. and BAY, O.F. Practical Implementation of an Adaptive Detection-Defense Unit against Link Layer DoS Attacks for Wireless Sensor Networks. Security and Communication Networks, 2017, p. 9. https://doi.org/10.1155/2017/1531928.
ĎURČEKOVÁ, V. Detection of Attacks Causing Denial of Services [PhD Thesis]. Žilina: University of Žilina, 2014.
The Apache Software Foundation. Apache HTTP Server Documentation. [cited 2017-03-04]. Available from: <http://httpd.apache.org/docs/2.2/mpm.html 2012>.
ČEPČIANSKY, G. and SCHWARTZ, L. Stochastic Processes with Discrete States. Balti: LAP Lambert Academic Publishing, 2013, 117 p. ISBN 978-3-659-38320-5.
HANULIAK, I. and HANULIAK, P. Performance Evaluation of Iterative Parallel Algorithms. Kybernetes, 2010, vol. 39, no. 1, p. 107-126. https://doi.org/10.1108/03684921011021309.
HANULIAK, M. and HANULIAK, I. To the Correction of Analytical Models for Computer Based Communication Systems. Kybernetes, 2006, vol. 35, no. 9, p. 1492-1504. https://doi.org/10.1108/03684920610688504.
HANULIAK, J. and HANULIAK, I. To Performance Evaluation of Distributed Parallel Algorithms. Kybernetes, 2005, vol. 34, no. 9/10, p. 1633-1650. https://doi.org/10.1108/03684920510614858.
DOLEV, S., KATE, M. and WELCH, J.L. A Competitive Analysis for Retransmission Timeout. In Proceedings of the 15th International Conference on Distributed Computing Systems, 1995, p. 450-455.
PINTER, T. and KULČAR, L. Numerical and Statistical Methods in Astronomy (in Slovak). Hurbanovo: Slovenská ústredná hvezdáreň, 2006.
How to Cite
Copyright (c) 2018 Advances in Military Technology
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
Users can use, reuse and build upon the material published in the journal for any purpose, even commercially.