A Rank Correlation Based Detection against Distributed Reflection DoS Attacks. Network Securit

Abstract
A Rank Correlation Based Detection against Distributed Reflection DoS Attacks IEEE Projects 2013 | Final year projects | BE Projects | Abstract: This paper proposes a novel temporal knowledge representation and learning framework to perform large-scale temporal signature mining of longitudinal heterogeneous event data. The framework enables the representation, extraction, and mining of high-order latent event structure and relationships within single and multiple event sequences. The proposed knowledge representation maps the heterogeneous event sequences to a geometric image by encoding events as a structured spatial-temporal shape process. We present a doubly constrained convolutional sparse coding framework that learns interpretable and shift-invariant latent temporal event signatures. We show how to cope with the sparsity in the data as well as in the latent factor model by inducing a double sparsity constraint on the β-divergence to learn an overcomplete sparse latent factor model. A novel stochastic optimization scheme performs large-scale incremental learning of group-specific temporal event signatures. We validate the framework on synthetic data and on an electronic health record dataset.

A Rank Correlation Based Detection against Distributed Reflection DoS Attacks. DISTRIBUTED denial of service (DDoS) attack is a serious threat to the Internet, where lots of controlled hosts flood the victim site with massive packets. As a popular form of controlled hosts, botnets are still improving and ready for launching future DDoS [1]. To render it more difficult to defend, in Distributed Reflection DoS (DRDoS), attackers spoof requests to many Internet servers which will send responses back to the victim. Therefore, a lot of connectionless request-response based protocols could be exploited. And the
dilution of locality makes it hard to isolate attacking traffic. Local detection near single reflector may be useless because of low volume of reflected traffic [2]. Though ingress filtering is a hopeful solution, it has not been largely deployed. There have been some packet-level defense methods. Filtering all incoming response packets, which is of low cost, will result in no general access to the remote server. Inspecting
packet content and tracking protocol status maybe helpful, but need a lot of computation which is also vulnerable to attacks. Along with more protocols being exploited to launch DRDoS, countermeasures must consider a list of possible protocols with each one treated specifically, and the list needs to be updated in time. So we urgently expect some protocol independent methods to help detecting most kinds of DRDoS.
This letter concentrates on solving this problem. We investigate the basic traffic pattern introduced near the victim under DRDoS, and propose a general detection method: the Rank Correlation based Detection (RCD). RCD is protocol independent and its computation cost is not affected by network throughput. In RCD, once an attack alarm raises, upstream routers will sample and test rank correlation of suspicious flows and use the correlation value for further detection. Correlation has been successfully used in DDoS detection, e.g., correlation coefficient has been successfully employed to discriminate DDoS attacks from flash crowds.
As we know, it is the first time that DRDoS is analyzed and detected using correlation.


Comments are closed.