On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks
Zolotukhin, M., Kokkonen, T., Hämäläinen, T., & Siltanen, J. (2016). On Application-Layer DDoS Attack Detection in High-Speed Encrypted Networks. International Journal of Digital Content Technology and its Applications, 10(5), 14-33. http://www.globalcis.org/dl/stamp.asp?file=http://www.globalcis.org/jdcta/ppl/JDCTA3787PPL.pdf
© the Authors & Advanced Institute of Convergence IT, 2016. This is an open access article published by Convergence Information Society.
Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate requests from legitimately connected network machines which makes these attacks undetectable for signature-based intrusion detection systems. Moreover, the attacks may utilize protocols that encrypt the data of network connections in the application layer making it even harder to detect attacker’s activity without decrypting users network traffic and violating their privacy. In this paper, we present a method which allows us to timely detect various applicationlayer attacks against a computer network. We focus on detection of the attacks that utilize encrypted protocols by applying an anomaly-detection-based approach to statistics extracted from network packets. Since network traffic decryption can violate ethical norms and regulations on privacy, the detection method proposed analyzes network traffic without decryption. The method involves construction of a model of normal user behavior by analyzing conversations between a server and clients. The algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available. Once the model has been built, it can be applied to detect various types of application-layer denial-of- service attacks. The proposed technique is evaluated with realistic end user network traffic generated in our virtual network environment. Evaluation results show that these attacks can be properly detected, while the number of false alarms remains very low. ...
PublisherAdvanced Institute of Convergence IT
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Hyvärinen, Mikko (2016)Tausta: Hajautetut palvelunestohyökkäykset ovat jo kaksi vuosikymmentä vanhoja. Useita strategioita on kehitetty taistelemaan niiden kasvavaa määrää vastaan vuosien varrella. Sovelluskerroksen protokollien hyökkäykset ...
Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks Ivannikova, Elena; Zolotukhin, Mikhail; Hämäläinen, Timo (Springer, 2017)With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, ...
Adaptive framework for network traffic classification using dimensionality reduction and clustering Juvonen, Antti; Sipola, Tuomo (IEEE, 2012)Information security has become a very important topic especially during the last years. Web services are becoming more complex and dynamic. This offers new possibilities for attackers to exploit vulnerabilities by inputting ...
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
Penttinen, Tuomo (2005)