Implementing Flash Event Discrimination in IP Traceback using Shark Smell Optimisation Algorithm
Corresponding Author(s) : Omoniyi Wale Salami
Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control,
Vol 4, No 3, August 2019
Abstract
Denial of service attack and its variants are the largest ravaging network problems. They are used to cause damage to network by disrupting its services in order to harm a business or organization. Flash event is a network phenomenon that causes surge in normal network flow due to sudden increase in number of network users, To curtail the menace of the Denial of service attack it is pertinent to expose the perpetrator and take appropriate action against it. Internet protocol traceback is a network forensic tool that is used to identify source of an Internet protocol packet. Most of presently available Internet protocol traceback tools that are based on bio-inspired algorithm employ flow-based search method for tracing source of a Denial of service attack without facility to differentiate flash event from the attack. Surge in network due to flash event can mislead such a traceback tool that uses flow-based search. This work present a solution that uses hop-by-hop search with an incorporated discrimination policy implemented by shark smell optimization algorithm to differentiate the attack traffic from other traffics. It was tested on performance and convergence against an existing bio-inspired traceback tool that uses flow-base method and yielded outstanding results in all the tests
Keywords
Download Citation
Endnote/Zotero/Mendeley (RIS)BibTeX
- ISO/IEC., "Information technology — Security techniques — Information security management systems — Overview and vocabulary.," ISO/IEC, Switzerland, 2009.
- D. S. N. Mary and A. T. Begum, "An Algorithm for Moderating DoS Attack in Web Based Application," in 2017 International Conference on Technical Advancements in Computers and Communications (ICTACC), Melmaurvathur, India, 2017.
- S. Saurabh and A. S. Sairam, "Increasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition," International Journal of Network Security, Vol. 18, No. 2, Pp. 224-234, 2016.
- Data Protection Act 1998, "Data Protection Act 1998," Data Protection Act 1998 website, 1998. [Online]. Available: http://www.legislation.gov.uk/ukpga/1998/29/contents. [Accessed 22 September 2018].
- Cybercrime Act 2015, "Cybercrimes (Prohibition, Prevention, Etc) ACT, 2015,"Centre For Laws Of The Federation Of Nigeria, 2015. [Online]. Available: http://lawnigeria.com/LawsoftheFederation/Cyber-Crime-Act,-2015.html. [Accessed 3 May 2018].
- A. Bhandari, A. L. Sangal and K. Kumar, "Characterizing flash events and distributed denial‐of‐service attacks," Security and Communication Networks, Vol. 9, No. 13, Pp. 2222-2239, September 2016.
- A. Dhingra and M. Sachdeva, "Recent Flash Events: A Study," in International Conference on Communication, Computing & Systems (ICCCS-2014), Chennai, India, 2014.
- R. Linnie and H. Nick, "Cable News Network," Cable Network News, 26 June 2009. [Online]. Available: http://edition.cnn.com/2009/TECH/06/26/michael.jackson.internet/. [Accessed 26 December 2018].
- S. Chawla, M. Sachdeva and S. Behal, "Discrimination of DDoS attacks and Flash Events using Pearson's Product Moment Correlation Method," International Journal of Computer Science and Information Security, Vol. 14, No. 10, Pp. 382-389, 2016.
- M. A. Mohamed, N. Jamil, A. F. Abidin, M. M. Din, W. W. N. S. Nik and R. A. Mamat, "Entity-based parameterization for distinguishing distributed denial of service from flash events," International Journal of Engineering & Technology, Vol. 7, No. 2.14, Pp. 5-8, 2018.
- M. S. a. K. Kumar, "A traffic cluster entropy based approach to distinguish DDoS Attacks from flash event using DETER testbed," ISRN Communications and Networking, Pp. 15, 2014.
- Y. Bhavani, V. Janaki and R. Sridevi, "IP traceback through modified probabilistic packet marking algorithm using Chinese remainder theorem," Ain Shams Engineering Journal, Vol. 6, No. 2, Pp. 715-722, 2015.
- Kamaldeep, M. Malik and M. Dutta, "Implementation of single-packet hybrid IP traceback for IPv4 and IPv6 networks," IET Information Security, Vol. 12, No. 1, Pp. 1-6, 01 February, 2018.
- M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric," Security and Communication Networks, vol. 9, no. 16, pp. 3251-3270, 2016.
- V. Murugesan, M. Shalinie and N. Neethimani, "Brief Survey of IP Traceback Methodologies," Acta Polytechnica Hungarica, Vol. 11, No. 9, Pp. 197-216, 2014.
- R. Latif, H. Abbas, S. Latif and A. Masood, "Distributed denial of service attack source detection using efficient traceback technique (ETT) in cloud-assisted healthcare environment," Journal of Medical Systems, Vol. 40, No. 161, Pp. 1-3, 2016.
- S. Saurabh and A. S. Sairam, "A more accurate completion condition for attack-graph reconstruction in Probabilistic Packet Marking algorithm," in 2013 National Conference on Communications (NCC), New Delhi, India, India, 2013.
- N. Siddique and H. Adeli, "Nature Inspired Computing: An Overview and Some Future Directions," Cognitive Computation, Vol. 7, No. 6, Pp. 706-714, 2015.
- P. Wang, H.-T. Lin and T.-S. Wang, "An improved ant colony system algorithm for solving the IP traceback problem," Information Sciences, Vol. 326, Pp. 172-187, 2016.
- O. Abedinia, N. Amjady and A. Ghasemi, "A new metaheuristic algorithm based on shark smell optimization. Complexity," Complexity, Vol. 21, No. 5, Pp. 97-116, 2016.
- M. Hamedi-Hamzehkolaie, R. Sanei, C. Chen, X. Tian and M. K. Nezhad, "Bee-based IP traceback," in 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), Xiamen, China, 2014.
- R. Chen, J.-M. (. Park and R. C. Marchany, "TRACK: A Novel Approach for Defending Against Distributed Denial-of-Service Attacks," Technical Report TR ECE-06-02.Dept.of Electrical and Computer Engineering, Vol. 14, No. 10, Pp. 382-389, 2006.
- R. D. F. Overview, "Router Data Flow Overview.Flow of Routing Information; Juniper networks," Juniper, 31 August 2017. [Online]. Available: https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-router-data-flow-overview.html. [Accessed 06 May 2018].
- B. Claise, V. Valluri, D. Martin and S. Ganesh, "Request for Comments: 3954.," Network Working Group, Internet Engineering Task Force (IETF), 2004. [Online]. Available: https://www.ietf.org/rfc/rfc3954.txt. [Accessed 06 May 2018].
- N. Commands, "Cisco IOS NetFlow Command Reference (Release 12.3 T ed.)," CISCO, 2009.
References
ISO/IEC., "Information technology — Security techniques — Information security management systems — Overview and vocabulary.," ISO/IEC, Switzerland, 2009.
D. S. N. Mary and A. T. Begum, "An Algorithm for Moderating DoS Attack in Web Based Application," in 2017 International Conference on Technical Advancements in Computers and Communications (ICTACC), Melmaurvathur, India, 2017.
S. Saurabh and A. S. Sairam, "Increasing Accuracy and Reliability of IP Traceback for DDoS Attack Using Completion Condition," International Journal of Network Security, Vol. 18, No. 2, Pp. 224-234, 2016.
Data Protection Act 1998, "Data Protection Act 1998," Data Protection Act 1998 website, 1998. [Online]. Available: http://www.legislation.gov.uk/ukpga/1998/29/contents. [Accessed 22 September 2018].
Cybercrime Act 2015, "Cybercrimes (Prohibition, Prevention, Etc) ACT, 2015,"Centre For Laws Of The Federation Of Nigeria, 2015. [Online]. Available: http://lawnigeria.com/LawsoftheFederation/Cyber-Crime-Act,-2015.html. [Accessed 3 May 2018].
A. Bhandari, A. L. Sangal and K. Kumar, "Characterizing flash events and distributed denial‐of‐service attacks," Security and Communication Networks, Vol. 9, No. 13, Pp. 2222-2239, September 2016.
A. Dhingra and M. Sachdeva, "Recent Flash Events: A Study," in International Conference on Communication, Computing & Systems (ICCCS-2014), Chennai, India, 2014.
R. Linnie and H. Nick, "Cable News Network," Cable Network News, 26 June 2009. [Online]. Available: http://edition.cnn.com/2009/TECH/06/26/michael.jackson.internet/. [Accessed 26 December 2018].
S. Chawla, M. Sachdeva and S. Behal, "Discrimination of DDoS attacks and Flash Events using Pearson's Product Moment Correlation Method," International Journal of Computer Science and Information Security, Vol. 14, No. 10, Pp. 382-389, 2016.
M. A. Mohamed, N. Jamil, A. F. Abidin, M. M. Din, W. W. N. S. Nik and R. A. Mamat, "Entity-based parameterization for distinguishing distributed denial of service from flash events," International Journal of Engineering & Technology, Vol. 7, No. 2.14, Pp. 5-8, 2018.
M. S. a. K. Kumar, "A traffic cluster entropy based approach to distinguish DDoS Attacks from flash event using DETER testbed," ISRN Communications and Networking, Pp. 15, 2014.
Y. Bhavani, V. Janaki and R. Sridevi, "IP traceback through modified probabilistic packet marking algorithm using Chinese remainder theorem," Ain Shams Engineering Journal, Vol. 6, No. 2, Pp. 715-722, 2015.
Kamaldeep, M. Malik and M. Dutta, "Implementation of single-packet hybrid IP traceback for IPv4 and IPv6 networks," IET Information Security, Vol. 12, No. 1, Pp. 1-6, 01 February, 2018.
M. H. Bhuyan, D. K. Bhattacharyya and J. K. Kalita, "E-LDAT: a lightweight system for DDoS flooding attack detection and IP traceback using extended entropy metric," Security and Communication Networks, vol. 9, no. 16, pp. 3251-3270, 2016.
V. Murugesan, M. Shalinie and N. Neethimani, "Brief Survey of IP Traceback Methodologies," Acta Polytechnica Hungarica, Vol. 11, No. 9, Pp. 197-216, 2014.
R. Latif, H. Abbas, S. Latif and A. Masood, "Distributed denial of service attack source detection using efficient traceback technique (ETT) in cloud-assisted healthcare environment," Journal of Medical Systems, Vol. 40, No. 161, Pp. 1-3, 2016.
S. Saurabh and A. S. Sairam, "A more accurate completion condition for attack-graph reconstruction in Probabilistic Packet Marking algorithm," in 2013 National Conference on Communications (NCC), New Delhi, India, India, 2013.
N. Siddique and H. Adeli, "Nature Inspired Computing: An Overview and Some Future Directions," Cognitive Computation, Vol. 7, No. 6, Pp. 706-714, 2015.
P. Wang, H.-T. Lin and T.-S. Wang, "An improved ant colony system algorithm for solving the IP traceback problem," Information Sciences, Vol. 326, Pp. 172-187, 2016.
O. Abedinia, N. Amjady and A. Ghasemi, "A new metaheuristic algorithm based on shark smell optimization. Complexity," Complexity, Vol. 21, No. 5, Pp. 97-116, 2016.
M. Hamedi-Hamzehkolaie, R. Sanei, C. Chen, X. Tian and M. K. Nezhad, "Bee-based IP traceback," in 2014 11th International Conference on Fuzzy Systems and Knowledge Discovery (FSKD), Xiamen, China, 2014.
R. Chen, J.-M. (. Park and R. C. Marchany, "TRACK: A Novel Approach for Defending Against Distributed Denial-of-Service Attacks," Technical Report TR ECE-06-02.Dept.of Electrical and Computer Engineering, Vol. 14, No. 10, Pp. 382-389, 2006.
R. D. F. Overview, "Router Data Flow Overview.Flow of Routing Information; Juniper networks," Juniper, 31 August 2017. [Online]. Available: https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-filter-router-data-flow-overview.html. [Accessed 06 May 2018].
B. Claise, V. Valluri, D. Martin and S. Ganesh, "Request for Comments: 3954.," Network Working Group, Internet Engineering Task Force (IETF), 2004. [Online]. Available: https://www.ietf.org/rfc/rfc3954.txt. [Accessed 06 May 2018].
N. Commands, "Cisco IOS NetFlow Command Reference (Release 12.3 T ed.)," CISCO, 2009.