Documente Academic
Documente Profesional
Documente Cultură
Presented By
R.Manjula
SSE Project Team
PSG College of Technology
10/24/16
CDBR - SSE
Agenda
Problem
Introduction
Existing Methods
Proposed Solution
Experimental Results
Conclusion
References
10/24/16
CDBR - SSE
Problem
Proactive Detection of DDoS
Attacks
10/24/16
CDBR - SSE
Introduction
Status of a network can be classified into 3 classes
namely
Pre-attack ( Proactive stage)
Phase-1 : selection of handlers and agents
Phase-2 : communication and compromise
Attack
Phase-3 : launch of DDoS attack
Normal
- normal status of the network
10/24/16
CDBR - SSE
Existing Methods
Papers Published
Authors
Year
Methods Used
Proactive Detection of
Distributed Denial of Service
Attacks using MIB Traffic
Variables - A Feasibility
Study
Joao B.D.Cabrera
et al
2001
An Experimental Analysis
of Proactive Detection of
Distributed Denial of Service
Attacks
Cobra
Rahmani,
Mohsen
Sharifi
and Tala Tafazzoli
2003
Proactive Detection of
DDOS Attacks Utilizing K-NN
classifier in an Anti-DDoS
framework
Hoai-VuNguyen
and Yongsun choi,
Inje
University,
South Korea
2009
10/24/16
CDBR-SSE
Proposed Solution
Management Information Base(MIB)
is a logical database that would be useful to know
information stored at each device.
Flexible
Extendible
Standardized
10/24/16
CDBR - SSE
Proposed Solution
Block Diagram
10/24/16
CDBR - SSE
10/24/16
CDBR - SSE
10/24/16
CDBR - SSE
Experimental Results
Experimental setup :
1. Training :
a) Dataset :
- Normal , Attack and Pre-attack data
are collected from PSG College of
Technology ( Bandwidth rate 1Gbps)
b) 2 Windows XP Machine
c) Back Orifice XP (Trojan) for Pre-attack.
d) Konstanz Data Miner tool (open source) is used
to create a training model based on fuzzy cmeans clustering.
2. Testing :
- Normal , Attack and Pre-attack data.
10/24/16
CDBR - SSE
10
10/24/16
tcpInSegs
Class
3776
3908
3724
3854
Attack
3457
3622
3405
3568
Attack
3412
3615
3360
3561
Attack
53
132
Normal
53
138
10
Normal
43
145
Normal
337
469
264
317
Preattack
274
243
230
120
Preattack
238
309
192
213
Preattack
CDBR - SSE
11
MIB Count
ipOutRequests
MIB Count
Time Interval
ipInReceives
Time Interval
10/24/16
CDBR - SSE
12
MIB Count
tcpInSegs
MIB Count
Time Interval
tcpOutSegs
Time Interval
10/24/16
CDBR - SSE
13
10/24/16
Samples
Correct
classification
%
Incorrect
classification
%
Normal
1440
90.1
9.9
Pre-attack
300
91.9
8.1
Attack
1180
94.1
5.9
CDBR - SSE
14
Correct
classification
%
Incorrect
classification
%
500
93.4
6.6
UDP Flood
Attack
380
97.1
2.9
ICMP Flood
Attack
300
91.7
8.3
TCP-SYN
Flood
Attack
10/24/16
CDBR- SSE
15
10/24/16
Method
Used
Correct Classification
%
K Nearest Neighbour
91.8
92.1
CDBR - SSE
16
Conclusion
The proposed method uses MIB variables.
Detailed classification of various types of
DDoS attacks.
Increased number of MIB variables to improve
efficiency.
Defense mechanism.
10/24/16
CDBR SSE
17
References
Dr. Sidnie Feit, Jay Ranade, Series Advisor, SNMP A GUIDE TO NETWORK
MANAGEMENT, McGraw-Hill, 1995.
Joao B.D.Cabrera, Lundy Lewis, Xinzhou Qin, Wenke Lee, Ravi K.Prasanth,
B.Ravichandran and Raman K.Mehra, Proactive Detection of Distributed
Denial of Service Attacks using MIB Traffic Variables - A Feasibility Study,
Proceedings of the 7th IFIP/IEEE International Symposium on Integrated
Network Management, Seattle, WA - May 14-18, 2001. In Press.
10/24/16
CDBR - SSE
18
SUGGESTIONS
THANK YOU!
10/24/16
CDBR-SSE
19