An Artificial Intelligence (AI) Framework for Detection of Distributed Reflection Denial of Service Attacks

In the contemporary digital world, cyber space is growing continuously witnessing amalgamation of different technologies associated with telecommunications, networking and sensing to mention few. This has enabled Service Oriented Architecture (SOA) to realize distributed applications that cater to the needs of enterprises in the real world. With the advantages of such environments, there has been increased number of instances of cyber-attacks. Distributed Denial of Service (DDoS) is the large-scale attack targeting critical digital infrastructure to make it useless for certain amount of time. Such attacks have several implications and lead to collapse of businesses unless there are countermeasures to detect it and handle it properly. Distributed Reflection Denial of Service (DRDoS) is a variant of such attacks which is more destructive in nature. It is more so in the presence of Internet of Things (IoT) devices deployed in cyber space in large scale. The existing DDoS countermeasures do not work to solve the problem of DRDoS directly. We propose an Artificial Intelligence (AI) framework for detection of DRDoS attacks. We propose an algorithm known as Machine Learning based DRDoS Attack Detection (ML-DAD) for effective detection of attacks. The prototype service built in Python monitors such attacks and take necessary steps to defeat it. The empirical results revealed that the proposed framework has superior performance improvement over the stat of the art. The research in this paper leads to new ideas in the area of detection and prevention of DRDoS attacks

Defending against Distributed Denial of Service Attack Under Tunnel Based Forwarding

Today, attacks are a harmful element of the computer networks. Distributed Denial of Service (DDoS) attack is one of the most harmful attacks. Many defense mechanisms have been proposed to mitigate the effect of the attacks. 2In this thesis, we study two methods for defending against DDoS attacks. First, we identify the attack packets to detect a DDoS attack by checking the TTL value of incoming packets and monitoring the number of new source IP addresses of incoming packets. Second, we propose an algorithm to traceback the attack traffic to identify the source IP address of origin by deploying a tunneling based protocol. The tunneling based protocol is called the Locator/Identifier Separation Protocol (LISP) and it is deployed in a domain network to encapsulate all outgoing packets decapsulate all incoming packets. As a side-effect the tunneling protocol reveals the ingress point of attack traffic. We also analyzed the approach in a simulation environment and compare the results in the domain network when deploying the tunneling based protocol