Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks
Ivannikova, E., Zolotukhin, M., & Hämäläinen, T. (2017). Probabilistic Transition-Based Approach for Detecting Application-Layer DDoS Attacks in Encrypted Software-Defined Networks. In Z. Yan, R. Molva, W. Mazurczyk, & R. Kantola (Eds.), Network and System Security : 11th International Conference, NSS 2017 Helsinki, Finland, August 21–23, 2017, Proceedings (pp. 531-543). Springer. Lecture Notes in Computer Science, 10394. https://doi.org/10.1007/978-3-319-64701-2_40
Published inLecture Notes in Computer Science
© Springer International Publishing AG 2017. This is a final draft version of an article whose final and definitive form has been published by Springer. Published in this repository with the kind permission of the publisher.
With the emergence of cloud computing, many attacks, including Distributed Denial-of-Service (DDoS) attacks, have changed their direction towards cloud environment. In particular, DDoS attacks have changed in scale, methods, and targets and become more complex by using advantages provided by cloud computing. Modern cloud computing environments can benefit from moving towards Software-Defined Networking (SDN) technology, which allows network engineers and administrators to respond quickly to the changing business requirements. In this paper, we propose an approach for detecting application-layer DDoS attacks in cloud environment with SDN. The algorithm is applied to statistics extracted from network flows and, therefore, is suitable for detecting attacks that utilize encrypted protocols. The proposed detection approach is comprised of the extraction of normal user behavior patterns and detection of anomalies that significantly deviate from these patterns. The algorithm is evaluated using DDoS detection system prototype. Simulation results show that intermediate application-layer DDoS attacks can be properly detected, while the number of false alarms remains low. ...
Parent publication ISBN
ConferenceInternational Conference on Network and System Security
Is part of publicationNetwork and System Security : 11th International Conference, NSS 2017 Helsinki, Finland, August 21–23, 2017, Proceedings
Publication in research information system
MetadataShow full item record
Showing items with similar title or keywords.
Zolotukhin, Mikhail; Kokkonen, Tero; Hämäläinen, Timo; Siltanen, Jarmo (Advanced Institute of Convergence IT, 2016)Application-layer denial-of-service attacks have become a serious threat to modern high-speed computer networks and systems. Unlike network-layer attacks, application-layer attacks can be performed by using legitimate ...
Hyvärinen, Mikko (2016)Tausta: Hajautetut palvelunestohyökkäykset ovat jo kaksi vuosikymmentä vanhoja. Useita strategioita on kehitetty taistelemaan niiden kasvavaa määrää vastaan vuosien varrella. Sovelluskerroksen protokollien hyökkäykset ...
Unsupervised network intrusion detection systems for zero-day fast-spreading network attacks and botnets Vahdani Amoli, Payam (University of Jyväskylä, 2015)Today, the occurrence of zero-day and complex attacks in high-speed networks is increasingly common due to the high number vulnerabilities in the cyber world. As a result, intrusions become more sophisticated and fast ...
Patterns of action transitions in online collaborative problem solving : A network analysis approach Li, Shupin; Pöysä-Tarhonen, Johanna; Häkkinen, Päivi (Springer Science and Business Media LLC, 2022)In today’s digital society, computer-supported collaborative learning (CSCL) and collaborative problem solving (CPS) have received increasing attention. CPS studies have often emphasized outcomes such as skill levels of ...
Bodström, Tero; Hämäläinen, Timo (Springer, 2018)Advanced Persistent Threat(APT) attacks are a major concern for the modern societal digital infrastructures due to their highly sophisticated nature. The purpose of these attacks varies from long period espionage in high ...