Dalia Nashat1,*, Fatma A. Hussain1, and Xiaohong Jiang2
Dalia Nashat
1 Faculty of Computers and Information, Assiut University, Assiut, Egypt
2 School of Systems Information Science, Future University Hakodate, 116-2 Kamedanakano-cho, Hakodate, Hokkaido, 041-8655, Japan
* Corresponding author
Computer networks are vulnerable to many types of attacks while the Distributed Denial of Service attack (DDoS) serves as one of the top concerns for security professionals. The DDoS flooding attack denies the services by consuming the server resources to prevent the legitimate users from using their desired services. The hardness of detecting this attack lies in sending a stream of packets to the server with spoofed IP addresses, so that the internet routing infrastructure cannot distinguish the spoofed packets. Based on the odds ratio (OR) statistical measurement, in this work we propose a new detection method for the DDoS flooding attacks. By exploring the odds ratio to determine the risk factor of any incoming traffic to the server, the legitimate and attack traffic packets can be easily differentiated. Experimental results demonstrate the efficiency of the presented detection method in terms of its detection probability and detection time.
DDoS Attack, TCP Protocol, TCP SYN Flooding Attack, Case-Control Studies, Odds Ratio
Dalia Nashat, Fatma A. Hussain, and Xiaohong Jiang (2021). Detection of Distributed Denial of Service Flooding Attack Using Odds Ratio. Journal of Networking and Network Applications, Volume 1, Issue 2, pp. 67–74. https://doi.org/10.33969/J-NaNA.2021.010204.
[1] Al-Hawawreh, Muna Sulieman. ”SYN flood attack detection in cloud environment based on TCP/IP header statistical features.” 2017 8th International Conference on Information Technology (ICIT). IEEE, 2017.
[2] Chakrabarti, Anirban, and Govindarasu Manimaran. ”Internet infrastruc-ture security: A taxonomy.” IEEE network 16.6 (2002): 13-21.
[3] https://www.a10networks.com/resources/articles/5-most-famous-ddos-attacks
[4] https://www.thesslstore.com/blog/largest-ddos-attack-in-history/
[5] Moore, David, et al. ”Inferring internet denial-of-service activity.” ACM Transactions on Computer Systems (TOCS) 24.2 (2006): 115-139.
[6] Mao, Z. Morley, et al. ”Analyzing large DDoS attacks using multiple data sources.” Proceedings of the 2006 SIGCOMM workshop on Large-scale attack defense. 2006.
[7] Blenn, Norbert, Vincent Ghitte, and Christian Doerr. ”Quantifying the spectrum of denial-of-service attacks through internet backscatter.” Pro-ceedings of the 12th International Conference on Availability, Reliability and Security. 2017.
[8] ”DDoS attacks in Q1 2020” https://securelist.com/ddos-attacks-in-q1-2020/96837/
[9] D. J. Bernstein and E. Schenk, ”Linux Kernal SYN Cookies Firewall Project.” [Online]. Available: http://cr.yp.to/syncookies.html
[10] Lemon, Jonathan. ”Resisting SYN Flood DoS Attacks with a SYN Cache.” BSDCon. Vol. 2002. 2002.
[11] Schuba, Christoph L., et al. ”Analysis of a denial of service attack on TCP.” Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No. 97CB36097). IEEE, 1997.
[12] Netscreen 100 Firewall Appliance, http://www.netscreen.com/.
[13] Balyk, Anatolii, et al. ”A survey of modern IP traceback methodologies.” 2015 IEEE 8th International Conference on Intelligent Data Acquisi-tion and Advanced Computing Systems: Technology and Applications (IDAACS). Vol. 1. IEEE, 2015.
[14] Zhou, Yuyang, et al. ”Cost-effective moving target defense against DDoS attacks using trilateral game and multi-objective Markov decision processes.” Computers & Security 97 (2020): 101976.
[15] Elsayed, Mahmoud Said, et al. ”Ddosnet: A deep-learning model for detecting network attacks.” 2020 IEEE 21st International Symposium on” A World of Wireless, Mobile and Multimedia Networks”(WoWMoM). IEEE, 2020.
[16] Lucky, Godswill, Fred Jjunju, and Alan Marshall. ”A lightweight decision-tree algorithm for detecting DDoS flooding attacks.” 2020 IEEE 20th International Conference on Software Quality, Reliability and Secu-rity Companion (QRS-C). IEEE, 2020.
[17] Salahuddin, Mohammad A., et al. ”Time-based anomaly detection using autoencoder.” 2020 16th International Conference on Network and Service Management (CNSM). IEEE, 2020.
[18] Maranho, Joo Paulo A., et al. ”Tensor based framework for Distributed Denial of Service attack detection.” Journal of Network and Computer Applications 174 (2021): 102894.
[19] Limthong, Kriangkrai, Pirawat Watanapongse, and Fukuda Kensuke. ”A wavelet-based anomaly detection for outbound network traffic.” 8th Asia-Pacific Symposium on Information and Telecommunication Technologies. IEEE, 2010.
[20] Zhang, Daxiu, Xiaojuan Zhu, and Lu Wang. ”A SYN Flood Detec-tion Method Based on Selfsimilarity in Network Traffic.” International Conference on Security, Privacy and Anonymity in Computation, Com-munication and Storage. Springer, Cham, 2017.
[21] Nashat, Dalia, and Fatma A. Hussain. ”Multifractal detrended fluctuation analysis based detection for SYN flooding attack.” Computers & Security 107 (2021): 102315.
[22] McHugh, Mary L. ”The odds ratio: calculation, usage, and interpreta-tion.” Biochemia medica 19.2 (2009): 120-126.
[23] Kalra, Aakshi. ”The odds ratio: Principles and applications.” Journal of the Practice of Cardiovascular Sciences 2.1 (2016): 49-49.
[24] Friese, Christopher R., et al. ”Breast biopsy patterns and outcomes in surveillance, epidemiology, and end resultsMedicare data.” Cancer: Interdisciplinary International Journal of the American Cancer Society 115.4 (2009): 716-724.
[25] Levangie, Pamela K. ”Association of low back pain with self-reported risk factors among patients seeking physical therapy services.” Physical therapy 79.8 (1999): 757-766.
[26] Glas, Afina S., et al. ”The diagnostic odds ratio: a single indicator of test performance.” Journal of clinical epidemiology 56.11 (2003): 1129-1135.
[27] Levangie, Pamela K. ”Application and interpretation of simple odds ratios in physical therapy-related research.” Journal of Orthopaedic & Sports Physical Therapy 31.9 (2001): 496-503.
[28] Pesch, Beate, et al. ”Cigarette smoking and lung cancerrelative risk estimates for the major histological types from a pooled analysis of casecontrol studies.” International journal of cancer 131.5 (2012): 1210-1219.
[29] Gil, Santiago, Alexander Kott, and Albert-Lszl Barabsi. ”A genetic epidemiology approach to cyber-security.” Scientific reports 4.1 (2014):
1- 7.
[30] Lvesque, Fanny Lalonde, et al. ”Technological and human factors of malware attacks: A computer security clinical trial approach.” ACM Transactions on Privacy and Security (TOPS) 21.4 (2018): 1-30.
[31] Santanna, Jos Jair, et al. ”Booter list generation: The basis for in-vestigating DDoS-for-hire websites.” International journal of network management 28.1 (2018): e2008.
[32] Lewallen, Susan, and Paul Courtright. ”Epidemiology in practice: case-control studies.” Community eye health 11.28 (1998): 57.
[33] Mann, C. J. ”Observational research methods. Research design II: cohort, cross sectional, and case-control studies.” Emergency medicine journal 20.1 (2003): 54-60.
[34] Szumilas, Magdalena. ”Explaining odds ratios.” Journal of the Canadian academy of child and adolescent psychiatry 19.3 (2010): 227.
[35] Nashat, Dalia, Xiaohong Jiang, and Susumu Horiguchi. ”Router based detection for low-rate agents of DDoS attack.” 2008 International Con-ference on High Performance Switching and Routing. IEEE, 2008.
[36] Nashat, Dalia, Xiaohong Jiang, and Michitaka Kameyama. ”Group test-ing based detection of web service DDoS attackers.” IEICE transactions on communications 93.5 (2010): 1113-1121.
[37] Bowen, Tom, et al. ”Enabling reproducible cyber research-four labeled datasets.” MILCOM 2016-2016 IEEE Military Communications Confer-ence. IEEE, 2016.
[38] Sharafaldin, Iman, et al. ”Developing realistic distributed denial of ser-vice (DDoS) attack dataset and taxonomy.” 2019 International Carnahan Conference on Security Technology (ICCST). IEEE, 2019.