Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks

DSpace/Manakin Repository

Show simple item record

dc.contributor.author Ivannikova, Elena
dc.contributor.author Zolotukhin, Mikhail
dc.contributor.author Hämäläinen, Timo
dc.date.accessioned 2017-09-13T09:50:37Z
dc.date.issued 2017
dc.identifier.citation Ivannikova, E., Zolotukhin, M., & Hämäläinen, T. (2017). Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks. In Z. Yan, R. Molva, W. Mazurczyk, & R. Kantola (Eds.), <em>Network and System Security : 11th International Conference, NSS 2017 Helsinki, Finland, August 21–23, 2017, Proceedings</em> (pp. 531-543). Lecture Notes in Computer Science, 10394. Springer. <a href="https://doi.org/10.1007/978-3-319-64701-2_40">doi:10.1007/978-3-319-64701-2_40</a>
dc.identifier.isbn 978-3-319-64700-5
dc.identifier.issn 0302-9743
dc.identifier.other TUTKAID_74946
dc.identifier.uri http://hdl.handle.net/123456789/55347
dc.description.abstract With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology, which allows network engineers and administrators to respond quickly to the changing business requirements. In this paper, we propose an approach for detecting application-layer DDoS attacks in cloud environment with SDN. The algorithm is applied to statistics extracted from network flows and, therefore, is suitable for detecting attacks that utilize encrypted protocols. The proposed detection approach is comprised of the extraction of normal user behavior patterns and detection of anomalies that significantly deviate from these patterns. The algorithm is evaluated using DDoS detection system prototype. Simulation results show that intermediate application-layer DDoS attacks can be properly detected, while the number of false alarms remains low.
dc.format.extent 762
dc.language.iso eng
dc.publisher Springer
dc.relation.ispartof Network and System Security : 11th International Conference, NSS 2017 Helsinki, Finland, August 21 23, 2017, Proceedings
dc.relation.ispartofseries Lecture Notes in Computer Science;10394
dc.rights openAccess fi
dc.rights © Springer International Publishing AG 2017. This is a final draft version of an article whose final and definitive form has been published by Springer. Published in this repository with the kind permission of the publisher.
dc.subject.other DDoS attack
dc.subject.other anomaly detection
dc.subject.other SDN
dc.subject.other clustering
dc.subject.other behavior pattern
dc.subject.other probabilistic model
dc.title Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks
dc.type conferenceObject
dc.identifier.urn URN:NBN:fi:jyu-201709113700
dc.subject.kota 213
dc.contributor.laitos Informaatioteknologian tiedekunta fi
dc.contributor.laitos Faculty of Information Technology en
dc.contributor.oppiaine tietotekniikka
dc.date.embargo 2018-07-26
jyx.tutka.pagetopage 531-543
dc.type.uri http://purl.org/eprint/type/ConferencePaper
dc.identifier.doi 10.1007/978-3-319-64701-2_40
dc.date.updated 2017-09-11T12:15:09Z
dc.description.version Final Draft
eprint.status http://purl.org/eprint/type/status/PeerReviewed

Full text delay due to publisher restrictions ("embargo") till 2018-07-26.

Request a copy from the researcher

This item appears in the following Collection(s)

Show simple item record