An Adaptive Protection of Flooding Attacks Model for Complex Network Environments-Reference-Cited by-同舟云学术

An Adaptive Protection of Flooding Attacks Model for Complex Network Environments

Published:2021-04-22 Issue: Volume:2021 Page:1-17
ISSN:1939-0122
Container-title:Security and Communication Networks
language:en
Short-container-title:Security and Communication Networks

Author:

Khalaf Bashar Ahmad¹²,Mostafa Salama A.¹^ORCID,Mustapha Aida¹,Mohammed Mazin Abed³^ORCID,Mahmoud Moamin A.⁴,Al-Rimy Bander Ali Saleh⁵,Abd Razak Shukor⁵^ORCID,Elhoseny Mohamed⁶,Marks Adam⁷

Affiliation:

1. Faculty of Computer Science and Information Technology, Universiti Tun Hussein Onn Malaysia, Johor 86400, Malaysia

2. Bilad Alrafidain University College, Ba’aqubah 32001, Diyala, Iraq

3. College of Computer Science and Information Technology, University of Anbar, Ramadi 31001, Iraq

4. College of Computer Science and Informatics, Universiti Tenaga Nasional, Kajang, Selangor 43000, Malaysia

5. Faculty of Engineering, Universiti Teknologi Malaysia, Johor 81310, Malaysia

6. Department of Computer Science, College of Computer Information Technology, American University in the Emirates, Dubai 503000, UAE

7. Zayed University, Dubai, UAE

Abstract

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios’ changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model.

Funder

Universiti Tun Hussein Onn Malaysia

Publisher

Hindawi Limited

Subject

Computer Networks and Communications,Information Systems

Link

http://downloads.hindawi.com/journals/scn/2021/5542919.pdf

Reference40 articles.

1. A survey of distributed denial-of-service (DDoS) defence techniques in ISP domains;N. S. Rao,2019

2. Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset

3. Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods