Professional Documents
Culture Documents
| March 2018
e-ISSN: 2455-5703
Abstract
Distributed Denial-of-Service (DDoS) attacks are usually launched through the botnet, an “army” of compromised nodes hidden
in the network. Inferential tools for DDoS mitigation should accordingly enable an early and reliable discrimination of the normal
users from the compromised ones. Unfortunately, the recent emergence of attacks performed at the application layer has multiplied
the number of possibilities that a botnet can exploit to conceal its malicious activities. New challenges arise, which cannot be
addressed by simply borrowing the tools that have been successfully applied so far to earlier DDoS paradigms. In this work, we
offer basically three contributions: i) we introduce an abstract model for the aforementioned class of attacks, where the botnet
emulates normal traffic by continually learning admissible patterns from the environment; ii) we devise an inference algorithm
that is shown to provide a consistent (i.e., converging to the true solution as time elapses) estimate of the botnet possibly hidden in
the network; and iii) we verify the validity of the proposed inferential strategy on a testbed environment. Our tests show that, for
several scenarios of implementation, the proposed botnet identification algorithm needs an observation time in the order of (or
even less than) one minute to i dentify correctly almost all bots, without affecting the normal users’ activity.
Keyword- Distributed Denial-of-Service, DDoS, Inference Algorithm, Botnet, Botmaster
__________________________________________________________________________________________________
I. INTRODUCTION
It is a strange face up to trackback the basis of Distributed Denial-of-Service (DDoS) attacks in the Internet [1]. In DDoS attacks,
attackers engender a massive sum of requests to fatalities from side to side compromised computers (zombies), in the midst of the
intend of refuse usual examine or corrupting of the excellence of services[2]. It has been a foremost hazard to the Internet since
years, and a current analysis on the prime Internet operators in the world established that DDoS attacks are growing severely, and
individual attacks are stronger and refined.
Additionally, the review moreover set up with the intention of the crest of 40 gigabit DDoS attacks almost doubled in
2008 contrast with the earlier year [3]. The major grounds behind this occurrence is to facilitate the network security community
does not have useful and capable sketch back methods to situate attackers as it is effortless for attackers to masquerade themselves
by taking compensation of the vulnerabilities of the World Wide Web, such as the vibrant, stateless, and unidentified character of
the Internet.
AS advances in networking technology help connect every nook and corner of the globe, the openness and scalability are
giving birth to a large number of innovative, interesting and useful online applications. With the proliferation of these IT enabled
applications, more and more important and valuable information is flowing across public networks. Networks are usually designed
to make efficient use of shared assets among network users [1] and network-based computer systems play a vital role in our
personal as well as professional activities. Today, the Internet interconnects billions of computers, tablets and smart phones,
providing a global communication, storage and computation infrastructure. Furthermore, the integration of mobile and wireless
technologies with the Internet is currently ushering in an impressive array of new devices and applications.
These tremendous technological advances in terms of speed, accuracy, reliability and robustness of the modern Internet
has made significant impacts on our day-to-day activities and people now rely on the Internet to share valuable and confidential
personal as well as business information with other network users. On the other hand, because of the high reliance on the Internet,
some people also make us e of the weaknesses of the Internet to paralyze it.
For example, one of the major weaknesses of the Internet is speed mismatch between edge routers and core routers.
Inappropriate configuration of routers is also another common weakness of the Internet. Due to such weaknesses, networked
systems have often become the targets of various attacks, which are launched in order to unlawfully gain access to important and
confidential information or to damage useful resources of a business competitor using different attack tools [2], [3]. Although, in
the recent past, many significant developments in constructing firewalls and cryptographic systems have taken place, they are not
free from limitations. Defence mechanisms that identify intrusions provide another way to protect networked systems from attacks.
In spite of all these safeguards, almost every day, new and complex attacks are being created. However, denial of service attacks
are still the most frequent and usually the most devastating ones.
A. Architecture
Here we use a simulation tool called Network Animator to illustrate how the attack is being made on a receiver through
the nodes by an attacker and how we are using the algorithm to detect the attack and put an end to the attacking nodes. Although
we are not preventing all types of attacks we are able to prevent a few types of malwares effectively and efficiently in the shortest
possible time.
BotBuster Algorithm
V. MODULES
1) Detection Approaches
In this section, we discuss four deployment points for DDoS defence mechanisms, viz., source end, and victim-end, intermediate
and distributed [56].
a) Source-end
A source-end DDoS defence system is very effective in stopping attacks as close to the source as possible. It reduces network
traffic congestion and saves network resources. Placing a defence system in the source network is better than placing it further
downstream. In this approach, network attack traffic can be stopped before reaching the target network, and it also reduces the
chance of collision by filtering attack traffic before it aggregates with other attack traffic flow in the network
2) Victim-end
Most DDoS defence mechanisms are deployed at the victim-end for effective detection and defence of a system. Victim-end
detection systems detect attacks either in a reactive or proactive manner.
From the given figure we can come to the conclusion that the proposed algorithm functions as a much higher level by reducing the
average end to end delay which is time taken for the packets to reach the receiver by the total time taken for all packets. The
difference between the existing and proposed algorithm is very high and can be easily seen by the user.
Of all the factors which the current algorithm changes this is the only one which produces a large difference compared to
the other factors.
From the given graph we can see that the ratio of packets received by the destination to those generated by the sources
for the existing system is slightly lower than the proposed system which although cannot be seen for a small subset we can see the
change when we user a larger subset of data. The proposed algorithm although not providing a huge difference in the packet
delivery we can see a more stable and steady ratio than the existing system.
The small packets which are used as routing packets usually produce a overhead as time passes and more and more nodes
are present there we can see that the proposed algorithm is more efficient and fast in making routes.
Throughput Ratio
From the graph we can observe that even though initially the proposed algorithm functions poorer when compared to the
existing system in the long run our algorithm beats the existing algorithm comfortably.
We can infer that for a small subset our algorithm will perform poorly where as in a subset of a reasonably large size our
algorithm will function at a higher capacity than the existing one.
VII. CONCLUSION
We start this paper with a discussion of DDoS attacks and present a classification of DDoS attacks and characteristics of each class
of DDoS attacks. We then introduce botnet technology, the primary facilitator of modern DDoS attacks, and recent trends in the
launching of various types of DDoS attacks using botnets. A discussion of mobile botnets and traditional PC based botnets is given,
followed by brief comparison between the two. We provide a detailed discussion of botnet-based DDoS defence approaches and
methods. Though, in the past two decades, a good number of defence solutions have been introduced to counter DDoS attacks with
increasing sophistication, still there are several important issues and research challenges which are open and yet to be addressed.
Some of the prominent issues and research challenges are reported next to push the envelope further.
– Existing methods have been designed to be effective in detecting either low-rate or high-rate DDoS attacks, but usually not
for both. So, developing a robust method that can detect both these types of attacks in real time remains a problem that needs
attention.
– The performance of most methods is dependent on network conditions and their performance is also highly influenced by
multiple user parameters. Hence, developing a defense solution free from these limitations as far as possible should be an
important research initiative.
– Due to lack of unbiased evaluation frameworks, including benchmark datasets, it is difficult to properly evaluate the
performance of the methods being developed. So, creating an unbiased framework for appropriate evaluation of a defense
solution happens to be an important issue for investigation.
REFERENCES
[1] W. Stallings, Cryptography and Network Security: Principles and Prac-tice, 6th ed., Pearson, 2013.
[2] N. Hoque, D. Bhattacharyya, and J. Kalita, “Botnet in DDoS attacks:trends and challenges,” IEEE Commun. Surveys Tuts.,
vol. 17, no. 4, pp. 2242–2270, fourth quarter 2015.
[3] L. Feinstein, D. Schnackenberg, R. Balupari, and D. Kindred, “Statistical approaches to DDoS attack detection and response,”
in Proc. DARPA Information Survivability Conference and Exposition, Washington, DC, USA, Apr. 2003, pp. 303–314.
[4] J. Yuan and K. Mills, “Monitoring the macroscopic effect of DDoS flooding attacks,” IEEE Trans. Depend. Secure Comput.,
vol. 2, no. 4, pp. 324–335, Oct. 2005.
[5] L. Li, J. Zhou, and N. Xiao, “DDoS attack detection algorithms based on entropy computing,” in Proc. ICICS 2007,
Zhengzhou, China, Dec. 2007, pp. 452–466.
[6] Y. Xiang, K. Li, and W. Zhou, “Low-rate DDoS attacks detection and traceback by using new information metrics,” IEEE
Trans. Inf. Forensics and Security, vol. 6, no. 2, pp. 426–437, Jun. 2011.
[7] J. Luo, X. Yang, J. Wang, J. Xu, J. Sun, and K. Long, “On a mathematical model for low-rate shrew DDoS,” IEEE Trans. Inf.
Forensics and Security, vol. 9, no. 7, pp. 1069–1083, Jul. 2014.
[8] “Layer 7 DDoS.” http://blog.sucuri.net/2014/02/layer-7-ddos-blockinghttp- flood-attacks.html.