Abstract
Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained with the help of a realistic cyber environment that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Durcekova, V., Schwartz, L., Shahmehri, N.: Sophisticated denial of service attacks aimed at application layer. In: ELEKTRO, pp. 55–60 (2012)
Gu, Q., Liu, P.: Denial of Service Attacks. Handbook of Computer Networks: Distributed Networks, Network Planning, Control, Management, and New Trends and Applications, vol. 3. John Wiley & Sons (2008)
Peng, T., Leckie, K.R.M.C.: Protection from distributed denial of service attacks using history-based IP filtering. In: Proc. of IEEE International Conference on Communications, vol. 1, pp. 482–486 (2003)
Limwiwatkul, L., Rungsawangr, A.: Distributed denial of service detection using TCP/IP header and traffic measurement analysis. In: Proc. of IEEE International Symposium on Communications and Information Technology, vol. 1, pp. 605–610 (2004)
Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Tran. Dependable and Secure Computing 2(4), 324–335 (2005)
Chen, R., Wei, J.-Y., Yu, H.: An improved grey self-organizing map based dos detection. In: Proc. of IEEE Conference on Cybernetics and Intelligent Systems, pp. 497–502 (2008)
Ke-Xin, Y., Jian-Qi, Z.: A novel DoS detection mechanism. In: Proc. of International Conference on Mechatronic Science, Electric Engineering and Computer (MEC), pp. 296–298 (2011)
Xie, Y., Yu, S.-Z.: Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking 17(1), 15–25 (2008)
Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.: An advanced entropy-based DDOS detection scheme. In: Proc. of International Conference on Information Networking and Automation (ICINA), vol. 2, pp. 67–71 (2010)
Aiello, M., Cambiaso, E., Mongelli, M., Papaleo, G.: An on-line intrusion detection approach to identify low-rate DoS attacks. In: Proc. of International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2014)
Xu, C., Zhao, G., Xie, G., Yu, S.: Detection on application layer DDoS using random walk model. In: Proc. of IEEE International Conference on Communications (ICC), pp. 707–712 (2014)
Chwalinski, P., Belavkin, R., Cheng, X.: Detection of application layer DDoS Attacks with clustering and bayes factors. In: Proc. of IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 156–161 (2013)
Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol. IETF RFC 4346 (2006)
Gollmann, D.: Computer Security, 2nd edn. Wiley (2006)
Ye, N., Borror, C.M., Parmar, D.: Scalable Chi-Squae Distance versus Conventional Statistical Distance for Process Monotoring with Uncorrelated Data Variables. Quality and Reliability Engineering International 19(6), 505–515 (2003)
Muraleedharan, N., Parmar, A., Kumar, M.: A flow based anomaly detection system using chi-square technique. In: Proc. of the 2nd IEEE International Advance Computing Conference (IACC), pp. 285–289 (2010)
Corona, I., Giacinto, G.: Detection of server-side web attacks. In: Proc of JMLR: Workshop on Applications of Pattern Analysis, pp. 160–166 (2010)
Johnson, R., Wichern, D.: Applied Multivariate Statistical Analysis. Prentice-Hall, Upper Saddle River (1998)
Saranya, C., Manikandan, G.: A Study on Normalization Techniques for Privacy Preserving Data Mining. International Journal of Engineering and Technology (IJET) 5(3), 2701–2704 (2013)
Ester, M., Kriegel, H., Jörg, S., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise, pp. 226–231. AAAI Press (1996)
Kim, J.: The anomaly detection by using DBSCAN clustering with multiple parameters. In: Proc. of the ICISA, pp. 1–5 (2011)
Smiti, A.: DBSCAN-GM: an improved clustering method based on gaussian means and DBSCAN techniques. In: Proc. of the IEEE 16th International Conference on Intelligent Engineering Systems (INES), pp. 573–578 (2012)
Jyvsectec-rgce - homepage. http://www.jyvsectec.fi/en/rgce/
Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Siltanen, J.: Analysis, of http requests for anomaly detection of web attacks. In: Proc. of the 12th IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 406–411 (2014)
WireShark Wiki, Libpcap File Format. http://wiki.wireshark.org/Development/LibpcapFileFormat/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer International Publishing Switzerland
About this paper
Cite this paper
Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Niemelä, A., Siltanen, J. (2015). Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART NEW2AN 2015 2015. Lecture Notes in Computer Science(), vol 9247. Springer, Cham. https://doi.org/10.1007/978-3-319-23126-6_25
Download citation
DOI: https://doi.org/10.1007/978-3-319-23126-6_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-23125-9
Online ISBN: 978-3-319-23126-6
eBook Packages: Computer ScienceComputer Science (R0)