Skip to main content
SpringerLink
Log in

Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol

  • Conference paper
  • First Online:
Internet of Things, Smart Spaces, and Next Generation Networks and Systems (ruSMART 2015, NEW2AN 2015)

Part of the book series: Lecture Notes in Computer Science ((LNCCN,volume 9247))

Abstract

Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained with the help of a realistic cyber environment that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Durcekova, V., Schwartz, L., Shahmehri, N.: Sophisticated denial of service attacks aimed at application layer. In: ELEKTRO, pp. 55–60 (2012)

    Google Scholar 

  2. Gu, Q., Liu, P.: Denial of Service Attacks. Handbook of Computer Networks: Distributed Networks, Network Planning, Control, Management, and New Trends and Applications, vol. 3. John Wiley & Sons (2008)

    Google Scholar 

  3. Peng, T., Leckie, K.R.M.C.: Protection from distributed denial of service attacks using history-based IP filtering. In: Proc. of IEEE International Conference on Communications, vol. 1, pp. 482–486 (2003)

    Google Scholar 

  4. Limwiwatkul, L., Rungsawangr, A.: Distributed denial of service detection using TCP/IP header and traffic measurement analysis. In: Proc. of IEEE International Symposium on Communications and Information Technology, vol. 1, pp. 605–610 (2004)

    Google Scholar 

  5. Yuan, J., Mills, K.: Monitoring the macroscopic effect of DDoS flooding attacks. IEEE Tran. Dependable and Secure Computing 2(4), 324–335 (2005)

    Article  Google Scholar 

  6. Chen, R., Wei, J.-Y., Yu, H.: An improved grey self-organizing map based dos detection. In: Proc. of IEEE Conference on Cybernetics and Intelligent Systems, pp. 497–502 (2008)

    Google Scholar 

  7. Ke-Xin, Y., Jian-Qi, Z.: A novel DoS detection mechanism. In: Proc. of International Conference on Mechatronic Science, Electric Engineering and Computer (MEC), pp. 296–298 (2011)

    Google Scholar 

  8. Xie, Y., Yu, S.-Z.: Monitoring the Application-Layer DDoS Attacks for Popular Websites. IEEE/ACM Transactions on Networking 17(1), 15–25 (2008)

    Article  Google Scholar 

  9. Zhang, J., Qin, Z., Ou, L., Jiang, P., Liu, J., Liu, A.: An advanced entropy-based DDOS detection scheme. In: Proc. of International Conference on Information Networking and Automation (ICINA), vol. 2, pp. 67–71 (2010)

    Google Scholar 

  10. Aiello, M., Cambiaso, E., Mongelli, M., Papaleo, G.: An on-line intrusion detection approach to identify low-rate DoS attacks. In: Proc. of International Carnahan Conference on Security Technology (ICCST), pp. 1–6 (2014)

    Google Scholar 

  11. Xu, C., Zhao, G., Xie, G., Yu, S.: Detection on application layer DDoS using random walk model. In: Proc. of IEEE International Conference on Communications (ICC), pp. 707–712 (2014)

    Google Scholar 

  12. Chwalinski, P., Belavkin, R., Cheng, X.: Detection of application layer DDoS Attacks with clustering and bayes factors. In: Proc. of IEEE International Conference on Systems, Man, and Cybernetics (SMC), pp. 156–161 (2013)

    Google Scholar 

  13. Dierks, T., Rescorla, E.: The transport layer security (TLS) protocol. IETF RFC 4346 (2006)

    Google Scholar 

  14. Gollmann, D.: Computer Security, 2nd edn. Wiley (2006)

    Google Scholar 

  15. Ye, N., Borror, C.M., Parmar, D.: Scalable Chi-Squae Distance versus Conventional Statistical Distance for Process Monotoring with Uncorrelated Data Variables. Quality and Reliability Engineering International 19(6), 505–515 (2003)

    Article  Google Scholar 

  16. Muraleedharan, N., Parmar, A., Kumar, M.: A flow based anomaly detection system using chi-square technique. In: Proc. of the 2nd IEEE International Advance Computing Conference (IACC), pp. 285–289 (2010)

    Google Scholar 

  17. Corona, I., Giacinto, G.: Detection of server-side web attacks. In: Proc of JMLR: Workshop on Applications of Pattern Analysis, pp. 160–166 (2010)

    Google Scholar 

  18. Johnson, R., Wichern, D.: Applied Multivariate Statistical Analysis. Prentice-Hall, Upper Saddle River (1998)

    Google Scholar 

  19. Saranya, C., Manikandan, G.: A Study on Normalization Techniques for Privacy Preserving Data Mining. International Journal of Engineering and Technology (IJET) 5(3), 2701–2704 (2013)

    Google Scholar 

  20. Ester, M., Kriegel, H., Jörg, S., Xu, X.: A density-based algorithm for discovering clusters in large spatial databases with noise, pp. 226–231. AAAI Press (1996)

    Google Scholar 

  21. Kim, J.: The anomaly detection by using DBSCAN clustering with multiple parameters. In: Proc. of the ICISA, pp. 1–5 (2011)

    Google Scholar 

  22. Smiti, A.: DBSCAN-GM: an improved clustering method based on gaussian means and DBSCAN techniques. In: Proc. of the IEEE 16th International Conference on Intelligent Engineering Systems (INES), pp. 573–578 (2012)

    Google Scholar 

  23. Jyvsectec-rgce - homepage. http://www.jyvsectec.fi/en/rgce/

  24. Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Siltanen, J.: Analysis, of http requests for anomaly detection of web attacks. In: Proc. of the 12th IEEE International Conference on Dependable, Autonomic and Secure Computing, pp. 406–411 (2014)

    Google Scholar 

  25. WireShark Wiki, Libpcap File Format. http://wiki.wireshark.org/Development/LibpcapFileFormat/

Download references

Author information

Authors and Affiliations

  1. Department of Mathematical Information Technology, University of Jyväskylä, Jyväskylä, Finland

    Mikhail Zolotukhin & Timo Hämäläinen

  2. JAMK University of Applied Sciences, Jyväskylä, Finland

    Tero Kokkonen, Antti Niemelä & Jarmo Siltanen

Authors
  1. Mikhail Zolotukhin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Timo Hämäläinen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tero Kokkonen
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Antti Niemelä
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jarmo Siltanen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mikhail Zolotukhin .

Editor information

Editors and Affiliations

  1. FRUCT Oy, Helsinki, Finland

    Sergey Balandin

  2. Tampere University of Technology, Tampere, Finland

    Sergey Andreev

  3. Tampere University of Technology, Tampere, Finland

    Yevgeni Koucheryavy

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Zolotukhin, M., Hämäläinen, T., Kokkonen, T., Niemelä, A., Siltanen, J. (2015). Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol. In: Balandin, S., Andreev, S., Koucheryavy, Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART NEW2AN 2015 2015. Lecture Notes in Computer Science(), vol 9247. Springer, Cham. https://doi.org/10.1007/978-3-319-23126-6_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-23126-6_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-23125-9

  • Online ISBN: 978-3-319-23126-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation