Please use this identifier to cite or link to this item:
A Study of DDoS and Detection of SYN Flood
|引用:|| Kotikalapudi, R. and Sriram, C., "Associating Internet Usage with Depressive Behavior Among College Students", IEEE Technology and Society Magazine, 2012, vol.31, pp.73-80  Joerg, K., Andrea and G. K., "Consumer acceptance of the mobile Internet", MARKETING LETTERS, 2012, vol. 23, pp. 917-928  Feily, M., "A Survey of Botnet and Botnet Detection", Third Internaiotnal Conference On Emerging Security Information, Systems and Technologies, 2009, pp. 268-273  Baker, W.H., "Is Information Security Under Control?: Investigating Quality in Information Security Management", Security & Privacy, 2007, vol.5, pp. 36-44  Hwang, S.Y. and Lee,C.H., "Reliable Web service selection in choreographed environments", Decision Support Systems, 2013, vol.54, pp. 4796-1476  Plohmann, D. and Elmar, G. P., "Case Study of the Miner Botnet", International Conference on Cyber Conflict, 2012, pp. 1-16  Sun, W., "The Botnet Defense and Control", 2011 International Conference on Information Technology, Computer Engineering and Management Sciences, 2011, vol.4, pp. 339-342  Zang, L., "A Survey on Latest Botnet Attack and Defense", 2011 IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications, 2011, pp. 53-60  Zargar, S., "A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks", Communications Surveys & Tutorials, pp. 1-24  Ma, X. and Guan, X.,"A Novel IRC Botnet Detection Method Based on Packet Size Sequence", 2010 IEEE International Conference on Communications, 2010, pp. 1-5  Wang, Z. and Li, F., "The Research of Detecting IRC Botnet Based on K- means Algorithms", 2010 Second International Conference on Communication Systems, Networks and Applications, 2010, vol. 1, pp. 208-210  Wang, Z., "The Detection of IRC Botnet Based on Abnormal Behavior", 2010 Second International Conference on Multimedia and Information Technology, 2010, vol.2, pp. 146-149  Mazzariello, C., "IRC Traffic Analysis for Botnet Detection", Fourth International Conference on Information Assurance and Security, 2008, pp. 318-323  Wang, Y., Jin, Z. and Zhang, W., "Analysis of Botnet Attack and Defense Technology", 2011 International Conference on Computer Science and Service System, 2011, pp. 3021-3023  Zhu, Z., Lu, G., Chen, Y., Roberts, P. and Han, K., "Botnet Research Survey", 32nd Annual IEEE International Conference on Computer Software and Applications, 2008, pp. 967-972  Dittrich, D., "P2P as botnet command and control: A deeper insight", 3rd International Conference on Malicious and Unwanted Software, 2008, pp. 41-48  Wei, W., Chen, F., Xia, Y. and Jin, G., "A Rank Correlation Based Detection against Distributed Reﬂection DoS Attacks", Communications Letters, 2013, vol.17, pp. 173-175  Zhang, C. W., Cai, C. P., Chen, W. F., Luo, X. and Yin, J., "Flow level detection and filtering of low-rate DDoS", COMPUTER NETWORKS, 2012, vol.56, pp. 3417-3431  Yu, S., Zhou, W., Doss, R. amd Jia, W., "Traceback of DDoS Attacks Using Entropy Variations", IEEE Transactions on Parallel and Distributed Systems, 2011, vol. 22, pp. 412-425  Haris, S.H.C., "TCP SYN flood detection based on payload analysis", IEEE Student Conference on Research and Development, 2010, pp. 149-153  Lau, F., Rubin, S. H., Smith, M. H. and Trajkovic, L., "Distributed denial of service attacks", 2000 IEEE International Conference on Systems, Man, and Cybernetics, 2000, vol. 3, pp. 2275-2280  Dhinakaran, C. and Lee, J. K., "An Empirical Study of Spam and Spam Vulnerable email Accounts", Future Generation Communication and Networking, 2007, vol. 1, pp. 408-413  Xia, H., Fu, Y., Zhou, J. and Xia, Q., "Intelligent spam filtering for massive short message stream", The International Journal for Computation and Mathematics in Electrical and Electronic Engineering, 2013, vol. 32, pp. 586-596  Rahmani, H., Sahli, N. and Kamoun, F., "DDoS flooding attack detection scheme based on F-divergence", Computer Communications, vol.35, pp. 1380-1391  Casas, P., Mazel, J. and Owezarski, P., "Unsupervised Network Intrusion Detection Systems: Detecting the Unknown without Knowledge", Computer Communications, 2012, vol.35, pp. 772-783  Li, M. H. and Li, M., "An Adaptive Approach for Defending against DDoS Attacks", MATHEMATICAL PROBLEMS IN ENGINEERING, 2010, vol. 2010, pp. 1-15  Stevanovic, D., Vlajic, N. and An, A. J., "Detection of malicious and non-malicious website visitors using unsupervised neural network learning", APPLIED SOFT COMPUTING, vol. 13, pp. 698-708  Modi, C., Patel, D., Borisaniya, B., Patel, H., Pater, A. and Rajarajan, M., "A survey of intrusion detection techniques in Cloud", Journal of Network and Computer Applications, 2013, vol.36, pp.42-57  Zaman, S. and Karray, F., "Lightweight IDS Based on Features Selection and IDS Classification Scheme", International Conference on Computational Science and Engineering, 2009, vol. 3, pp. 365-370  Antonio, A., Aznarteb, J. L., and Bemitezc, J. M., “Empirical study of feature selection methods based on individual feature evaluation for classification problems”, Expert Systems with Applications, 2010, Vol.38, pp.8170-8177.  Guyon, I., and Elisseeff, A., “An introduction to variable and feature selection”, The Journal of Machine Learning Research, 2003, Vol.3, pp.1157-1182.  Sachdeva, M., Singh, G., Kmar, K., and Singh, K, “DDoS Incidents and their Impact: A Review”, The Inrernation Arab Journal of Information Technology, 2010, Vol.7, pp.14-21..  Pachghare, V. K., Kulkarni, P., and Nikam, D. M, “Intrusion Detection System Using Self Organising Maps”, International Conference on Intelligent Agent and Multi-Agent Systems, 2006, pp.22-24.  Sangkatsanee, P., Wattanapongsakorn, N., and Charnsripinyo, C., “Practical real-time intrusion detection using machine learning approaches”, Computer Communications, 2011, Vol.34, pp.2227-2235.  Su, M. Y., “Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers”, Expert Systems with Applications, 2011, Vol.38, pp.3492-349.  Kim. M., Na, H., Chae, K. Bang, H., and Na, J., “A Combined Data Mining Approach for DDoS Attack Detection”, Information Networking , 2004, Vol.3090, pp.943-950.  Wuu, L. C., “A practice of the intrusion prevention system”, IEEE Region 10 Conference, 2007, pp.1-4.  Ohsita, Y., Ata, S. and Murata, M., "Deployable Overlay Network for Defense against Distributed SYN Flood Attacks", 14th International Conference on Computer Communications and Networks, 2005, pp. 407-412  Lee, K., Kim, J., Han, Y. and Kim, S., "DDoS attack detection method using cluster analysis", Expert Systems with Applications, 2008, Vol.34, pp. 1659-1665  Xiao, B., "An active detecting method against SYN flooding attack", 11th International Conference on Parallel and Distributed Systems, 2005, Vol. 5, pp. 709-715  Modi, C., Patel, D., Borisaniya, B., Patel, H., Patel, A. and Rajarajan, M., "A survey of intrusion detection techniques in Cloud", Journal of Network and Computer Applications, 2013, Vol.36, pp. 45-57  Liao, H. J., Lin, C. R., Lin, Y. C. and Tung, K. Y., "Intrusion detection system: A comprehensive review", Journal of Network and Computer Applications, 2013, Vol. 36, pp. 16-24  Tsai, C. H. and Lin, C. Y., "A triangle area based nearest neighbors approach to intrusion detection", Pattern Recognition, 2009, vol. 43, pp. 222-229  Li, Y., Guo, L., Tian, Z. H. and Lu, T. B., "A lightweight web server anomaly detection method based on transductive scheme and genetic algorithms", Computer Communications, 2008, vol. 31, pp. 4018-4025  Tjhai G. C., Furnell S. M., Papadaki, M. and Glarke, N. L., "A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm", Computers & Security, 2010, Vol.29, pp. 712-723  Law, K. H. and Kwok, L. F., "IDS False Alarm Filtering Using KNN Classifier", Information Security Applications, 2005, Vol. 3325, pp. 114-121  Kim, M., Na, H., Chae, K., Bang, H. and Na, J., "A Combined Data Mining Approach for DDoS Attack Detection", Information Networking. Networking Technologies for Broadband and Mobile Networks, 2004, Vol.3090, pp. 943-950|
|摘要:||然網路帶來許多便利性，但也潛藏著許多攻擊。隨著殭屍網路的發展，這些攻擊的規模也持續成長中。分散式阻斷服務攻擊是殭屍網路造成的攻擊之一，而在眾多的分散式阻斷服務攻擊中，SYN flood 較為普遍而且也嚴重造成可用性的大大降低。為了提升資訊安全，入侵偵測系統被提出來作為偵測攻擊的工具，而一個完善的入侵偵測系統則包含了特徵選取和偵測等部分。此研究的目的在於提出一個可以偵測SYN flood 的架構，首先對殭屍網路的現況作描述，接下來六個特徵值被選取當作偵測SYN flood 特徵值，並使用相關分析對每個特徵值作分析。最後，一個可以偵測SYN flood 的架構被提出，這個架構使用植基於質心的分類器來對封包資料作分群。此架構整體而言有高的效能，擁有97.6% 的偵測率，97.2%的準確率和2.3% 的誤判率。|
With the rapid growth of technology, Internet has become a tool that can solve many problems in life. Although the usage of Internet is practical and it can also enhance overall efficiency, it exists several kinds of attacks in Internet. Distributed denial of service is one of the attacks that are caused by botnet. In several kinds of Distributed denial of service, SYN flood happens more often and reduces availability. To enhance information security, intrusion detection system is proposed to detect attacks from Internet. In a complete intrusion detection system, feature selection and detection are two topics that will influence overall performance. The goal of this study is to propose a framework that can detect SYN flood effectively. To design a complete framework, the information of current botnet is needed, which includes the architecture of botnet, attacks, the methodology of detecting botnet and the technique. Before designing an intrusion detection system, feature selection is needed, and it is completed in a statistic method called correlation analysis. Finally, a framework that is used to detect SYN flood is proposed, which centroid-based classification is applied in detection phase. With the proposed framework, it can detect SYN flood with high performance, which the detection rate is 97.6 percent, the accuracy rate is 97.2 percent and the false alarm rate is 2.3 percent.
|Appears in Collections:||資訊管理學系|
Show full item record
TAIR Related Article
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.