ETRI Journal

Electronics and Telecommunications Research Institute (한국전자통신연구원)
권호 표지
DOI QR코드

DOI QR Code

Unsupervised learning with hierarchical feature selection for DDoS mitigation within the ISP domain

  • Received : 2019.03.08
  • Accepted : 2019.08.28
  • Published : 2019.10.01
Download PDF
⟨ Previous Next ⟩

Abstract

A new Mirai variant found recently was equipped with a dynamic update ability, which increases the level of difficulty for DDoS mitigation. Continuous development of 5G technology and an increasing number of Internet of Things (IoT) devices connected to the network pose serious threats to cyber security. Therefore, researchers have tried to develop better DDoS mitigation systems. However, the majority of the existing models provide centralized solutions either by deploying the system with additional servers at the host site, on the cloud, or at third party locations, which may cause latency. Since Internet service providers (ISP) are links between the internet and users, deploying the defense system within the ISP domain is the panacea for delivering an efficient solution. To cope with the dynamic nature of the new DDoS attacks, we utilized an unsupervised artificial neural network to develop a hierarchical two-layered self-organizing map equipped with a twofold feature selection for DDoS mitigation within the ISP domain.

Keywords

References

  1. Gartner says 8.4 billion connected "things" will be in use in 2017, up 31 percent from 2016, Available from: https://www.gartner.com/en/newsroom/press-releases/2017-02-07-gartner-says-8-billionconnected-things-will-be-in-use-in-2017-up-31-percent-from-20.
  2. C. Kolias, G. Kambourakis, A. Stavrou, and J. Voas, Ddos in the iot: Mirai and other botnets, Computer 50 (2017), no. 7, 80-84. https://doi.org/10.1109/MC.2017.201
  3. R. Vadehra, N. Chowdhary, and J. Malhotra, Impact evaluation of distributed denial of service attacks using ns2, International Journal of Security and Its Applications 9 (2015), no. 8, 303-316. https://doi.org/10.14257/ijsia.2015.9.8.27
  4. N. Hoque, D. K. Bhattacharyya, and J. K. Kalita, Botnet in ddos attacks: trends and challenges, IEEE Communications Surveys Tutorials 17 (2015), no. 4, 2242-2270. https://doi.org/10.1109/COMST.2015.2457491
  5. Mirai botnet, njccic, 2018, Available from: https://www.cyber.nj.gov/threat-profi les/botnet-variants/mirai-botnet [last accessed April 2018].
  6. Quarterly security reports, glogal state of the internet security and ddos attack reports, 2018, Available from: https://www.akamai.com/uk/en/about/our-thinking/state-of-the-internet-report/globalstate-of-the-internet-security-ddos-attack-reports.jsp [last accessed April 2018].
  7. Imperva, DDoS Attacks, Available from: https://www.incapsula.com/ddos/ddos-attacks/ [last accessed Feb 2019].
  8. Z. T. Fernando, I. S. Thaseen, and C. A. Kumar, Network attacks identification using consistency based feature selection and self organizing maps, 2014 First International Conference on Networks Soft Computing (ICNSC2014), Aug 2014, pp. 162-166.
  9. S. Kumar. Survey of current network intrusion detection techniques, Available from: https://www.cse.wustl.edu/jain/cse571-07/ftp/ids.pdf [last accessed March 2018].
  10. N. Sultana et al, Survey on sdn based network intrusion detection system using machine learning approaches, Peer-to-Peer Networking and Applications 12 (2019), 493-501. https://doi.org/10.1007/s12083-017-0630-0
  11. B. Rodrigues et al, A blockchain-based architecture for collaborative ddos mitigation with smart contracts, Lecture Notes in Computer Science Security of Networks and Services in an All-Connected World (2017), 16-29.
  12. N.-N. Dao et al, Securing heterogeneous iot with intelligent ddos attack behavior learning, CoRR abs/1711.06041 (2017).
  13. L. Wang and R. Hones, Big data analytics for network intrusion detection: a survey, International Journal of Networks and Communications (2017).
  14. E. Hodo et al, Shallow and deep networks intrusion detection system: a taxonomy and survey, CoRR abs/1701.02145 (2017).
  15. S. Fitriani, S. Mandala, and M. A. Murti, Review of semi-supervised method for intrusion detection system, 2016 Asia Pacific Conference on Multimedia and Broadcasting (APMediaCast), Nov 2016, pp. 36-41.
  16. A. A. Aburomman and M. Bin Ibne Reaz, Survey of learning methods in intrusion detection systems, 2016 International Conference on Advances in Electrical, Electronic and Systems Engineering (ICAEES), Nov 2016, pp. 362-365.
  17. K. Lu et al, Robust and efficient detection of ddos attacks for largescale internet, Comput Netw 51 (2007), 5036-5056. https://doi.org/10.1016/j.comnet.2007.08.008
  18. M. Sachdeva, S. Gurvinder, and K. Saluja, Deployment of distributed defense against ddos attacks in ISP domain, International Journal of Computer Applications 15 (2011), 25-31.
  19. Z. Liu et al, Umbrella: Enabling isps to offer readily deployable and privacy-preserving ddos prevention services, IEEE Trans Inf Forensics Secur 14 (2019), no. 4, 1098-1108. https://doi.org/10.1109/TIFS.2018.2870828
  20. I. Ko, D. Chambers, and E. Barrett, A lightweight ddos attack mitigation system within the ISP domain utilising self-organizing map: Volume 2, 01, 2019.
  21. K. Choksi, P. B. Shah, and O. Kale, Intrusion detection system using self organizing map: a survey, 2014.
  22. T. Kohonen, The self-organizing map, Proc IEEE 78 (1990), no. 9, 1464-1480. https://doi.org/10.1109/5.58325
  23. J. McHugh, Testing intrusion detection systems: A critique of the 1998 and 1999 darpa intrusion detection system evaluations as performed by lincoln laboratory, ACM Trans. Inf. Syst. Secur. 3 (2000), 262-294. https://doi.org/10.1145/382912.382923
  24. P. Lichodzijewski, A. Zincir-Heywood, M. I. Heywood, Dynamic intrusion detection using self-organizing maps, (2019).
  25. V. K. Pachghare, P. Kulkarni, and D. M. Nikam, Intrusion detection system using self organizing maps, 2009 International Conference on Intelligent Agent Multi-Agent Systems, July 2009, pp. 1-5.
  26. M. Fahad Umer, M. Sher, and Y. Bi, A twostage flow-based intrusion detection model for next-generation networks, PLoS ONE 13, (2018), no. e0180945, 1-20.
  27. Z. Yong-xiong, W. Liang-ming, and Y. Lu-xia, A network attack discovery algorithm based on unbalanced sampling vehicle evolution strategy for intrusion detection, Int J Comput Appl (2017), 1-9. https://doi.org/10.1080/1206212X.2017.1397387
  28. A. Midzic, Z. Avdagic, and S. Omanovic, Intrusion detection system modeling based on neural networks and fuzzy logic, 2016 IEEE 20th Jubilee International Conference on Intelligent Engineering Systems (INES), June 2016, pp. 189-194.
  29. S. Zhang et al, Psom: Periodic self-organizing maps for unsupervised anomaly detection in periodic time series, 2017 IEEE/ACM 25th International Symposium on Quality of Service (IWQoS), June 2017, pp. 1-6.
  30. Anomaly detection dataset, version 1.0, Available from: https://webscope.sandbox.yahoo.com/catalog.php?datatype=s.
  31. M. Jenkins, Time series analysis, forecasting and control, holden-day, Journal of the Royal Statistical Society 134 (1976), no 3.
  32. R. J. Hyndman and G. Athanasopoulos, Forecasting principles and practice, London: Bowker-Saur, Pharo, 1990.
  33. E. S. Gardner, Exponential smoothing: the state of the art part ii, Int J Forecast 22 (2006), no. 4, 637-666. https://doi.org/10.1016/j.ijforecast.2006.03.005
  34. P. Goodwin, The holt-winters approach to exponential smoothing: 50 years old and going strong, Foresight: The International Journal of Applied Forecasting (2010), no. 19, 30-33.
  35. Y. Shu et al, Wireless traffic modeling and prediction using seasonal arima models, IEEE International Conference on Communications, 2003. ICC '03, vol 3, May 2003, pp. 1675-1679 vol. 3.
  36. D. Joseph Dean, H. Nguyen, and X. Gu, UBL: unsupervised behavior learning for predicting performance anomalies in virtualized cloud systems, ICAC (2012).
  37. H. Gunes Kayacik, A. Nur Zincir-Heywood, and M.I. Heywood, A hierarchical som-based intrusion detection system, Eng Appl Artif Intell 20 (2007), no. 4, 439-451. https://doi.org/10.1016/j.engappai.2006.09.005
  38. T. V. Phan and M. Park, Efficient distributed denial-of-service attack defense in sdn-based cloud, IEEE Access (2019), 1-1.
  39. Minisom, Available from: https://github.com/JustGlowing/minisom.
  40. Bonesi, Available from: https://github.com/Markus-Go/bonesi/.

Cited by

  1. Effective mitigation against IoTs using super materials for distributed denial of service attacks in cloud computing vol.28, pp.p3, 2019, https://doi.org/10.1016/j.matpr.2020.04.800
  2. Cooperative co-evolution for feature selection in Big Data with random feature grouping vol.7, pp.1, 2019, https://doi.org/10.1186/s40537-020-00381-y
  3. Distributed Denial of Service (DDoS) Mitigation Using Blockchain-A Comprehensive Insight vol.13, pp.2, 2021, https://doi.org/10.3390/sym13020227
  4. Evaluations of AI-based malicious PowerShell detection with feature optimizations vol.43, pp.3, 2019, https://doi.org/10.4218/etrij.2020-0215
  5. Recurrent autonomous autoencoder for intelligent DDoS attack mitigation within the ISP domain vol.12, pp.11, 2019, https://doi.org/10.1007/s13042-021-01306-8