Botnet in DDoS Attacks: Trends and Challenges

Hoque, Nazrul; Bhattacharyya, Dhruba K.; Kalita, Jugal

doi:10.1109/comst.2015.2457491

Cited by 214 publications

(118 citation statements)

References 104 publications

(87 reference statements)

Supporting

Mentioning

110

Contrasting

Unclassified

Order By: Relevance

“…We redirect the Reader to [5] for a more comprehensive summary. Statistical methods for DDoS attack identification are proposed in [6], with focus on the detection of anomalies in the characteristics (e.g., entropy, relative frequencies) of selected packet attributes.…”

Section: A Related Workmentioning

confidence: 99%

Botnet identification in multi-clustered DDoS attacks

Matta

Mauro

Longo

2017

2017 25th European Signal Processing Conference (EUSIPCO)

View full text Add to dashboard Cite

Abstract-In a randomized DDoS attack with increasing emulation dictionary, the bots try to hide their malicious activity by disguising their traffic patterns as "normal" traffic patterns. In this work, we extend the DDoS class introduced in [1], [2] to the case of a multi-clustered botnet, whose main feature is that the emulation dictionary is split over the botnet, giving rise to multiple botnet clusters. We propose two strategies to identify the botnet in such challenging scenario, one based on cluster expurgation, the other one on a union rule. Consistency of both algorithms under ideal conditions is ascertained, while their performance is examined over real network traces.

show abstract

Section: A Related Workmentioning

confidence: 99%

Botnet identification in multi-clustered DDoS attacks

Matta

Mauro

Longo

2017

2017 25th European Signal Processing Conference (EUSIPCO)

View full text Add to dashboard Cite

show abstract

“…DDOS attacks launched at the application layer require lower bandwidth to prevent legitimate users from surfing a web server, apart from mimicking traffic close to the authentic traffic [12]. e three factors that make DDOS detection difficult at the application layer are as follows [13]: (1) obscurity, HTTP protocol uses Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) connections to run its operation, hence the intricacy to differentiate legitimate from illegitimate traffic; (2) efficiency, HTTP DDOS attack only requires fewer connections to initiate a DDOS attack; and (3) lethality, the capability of the attack to overwhelm a web server immediately, thus resulting in service breakdown regardless of the type of hardware and its performance.…”

Section: Introductionmentioning

confidence: 99%

Review of Recent Detection Methods for HTTP DDoS Attack

Jaafar

Abdullah

Ismail

2019

Journal of Computer Networks and Communications

View full text Add to dashboard Cite

With increment in dependency on web technology, a commensurate increase has been noted in destructive attempts to disrupt the essential web technologies, hence leading to service failures. Web servers that run on Hypertext Transfer Protocol (HTTP) are exposed to denial-of-service (DoS) attacks. A sophisticated version of this attack known as distributed denial of service (DDOS) is among the most dangerous Internet attacks, with the ability to overwhelm a web server, thereby slowing it down and potentially taking it down completely. This paper reviewed 12 recent detection of DDoS attack at the application layer published between January 2014 and December 2018. A summary of each detection method is summarised in table view, along with in-depth critical analysis, for future studies to conduct research pertaining to detection of HTTP DDoS attack.

show abstract

“…Another form of DoS attack is the Distributed Denial of Service (DDoS). DDoS attacks are usually launched with the aid of botnets [5]. A botnet is a set of compromised hosts controlled by a malicious attacker, which are instructed to perform illegal and malicious actions.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Genetic-FSM Technique for Detection of High-Volume DoS Attack

Nafie¹,

Adel²,

Abounaser³

et al. 2019

IJACSA

View full text Add to dashboard Cite

Insecure networks are vulnerable to cyber-attacks, which may result in catastrophic damages on the local and global scope. Nevertheless, one of the tedious tasks in detecting any type of attack in a network, including DoS attacks, is to determine the thresholds required to discover whether an attack is occurring or not. In this paper, a hybrid system that incorporates different heuristic techniques along with a Finite State Machine is proposed to detect and classify DoS attacks. In the proposed system, a Genetic Programming technique combined with a Genetic Algorithm are designed and implemented to represent the system core that evolves an optimized tree-based detection model. A Hill-Climbing technique is also employed to enhance the system by providing a reference point value for evaluating the optimized model and gaining better performance. Several experiments with different configurations are conducted to test the system performance using a synthetic dataset that mimics real-world network traffic with different features and scenarios. The developed system is compared to many state-of-art techniques with respect to several performance metrics. Additionally, a Mann-Whitney Wilcoxon test is conducted to validate the accuracy of the proposed system. The results show that the developed system succeeds in achieving higher overall performance and prove to be statistically significant.

show abstract

Botnet in DDoS Attacks: Trends and Challenges

Cited by 214 publications

References 104 publications

Botnet identification in multi-clustered DDoS attacks

Botnet identification in multi-clustered DDoS attacks

Review of Recent Detection Methods for HTTP DDoS Attack

Hybrid Genetic-FSM Technique for Detection of High-Volume DoS Attack

Contact Info

Product

Resources

About