i-manager Publications

Exploring a Novel Framework for DoS/DDoS Attack Detection and Simulation in Contemporary Networks

Gottapu Sankara Rao*, P. Krishna Subbarao**

* Department of Computer Science and Engineering, Jawaharlal Nehru Technological University (JNTU), Andhra Pradesh, India.

** Department of Computer Science and Engineering, Gayatri Vidya Parishad College of Engineering (GVPCE), Andhra Pradesh, India.

Periodicity:January - March'2024
DOI : https://doi.org/10.26634/jse.18.3.20596

Abstract

Currently, the internet serves as the predominant means of communication and is utilized by a vast number of individuals worldwide. Simultaneously, the commercial aspect of the internet is contributing to a rise in susceptibility to cybercrimes, leading to a significant surge in the occurrence of distributed Denial of Service (DDoS) assaults over the last decade. DoS/DDoS assaults primarily target network resources such as network bandwidth, CPU time, memory consumption, web servers, and network switches. Network security is an essential and crucial problem in the modern interconnected society. Numerous studies have been undertaken by multiple researchers thus far in order to identify this attack. However, there is still room for improvement in past investigations. This paper presents a novel approach for detecting and simulating DoS/DDoS attacks in modern networking environments, introducing a new paradigm. It is done in a controlled environment. The primary focus of this work is to simulate an attacker's perspective of a DoS/DDoS attack by repeatedly sending huge SYN flood packets to a specific target or network server using the hping3 tool. On the server side, the proposed attacker detector script continuously monitors incoming network connections on the network server using the netstat command. It identifies potential DoS/DDoS attacks by analyzing the connection count and comparing connections count with an assumed threshold. This experiment results in 61% CPU usage and 7.1% memory consumption while a DDoS attack triggers on the target server. Additionally, the proposed script performs statistical analysis and displays warning messages on the console when suspicious activity is detected on the network server. Wireshark is also utilized in this work to detect anomalous network traffic patterns in order to identify distributed denial-ofservice (DDoS) attacks that are targeting a network server. Additionally, it offers the capability to block the IP address of the attacker if the configuration allows for it. This proposed approach efficiently identifies DDoS activity in real-time network traffic, further helping to improve network security.

Keywords

Network, Security, Attack, hping3, Netstat, Wireshark, Cybersecurity, Intrusion Detection, Network Simulation, Denial of Service (DoS) Attacks.

How to Cite this Article?

Rao, G. S., and Subbarao, P. K. (2024). Exploring a Novel Framework for DoS/DDoS Attack Detection and Simulation in Contemporary Networks. i-manager’s Journal on Software Engineering, 18(3), 43-58. https://doi.org/10.26634/jse.18.3.20596

References

[1]. Agarwal, B., & Mittal, N. (2012). Hybrid approach for detection of anomaly network traffic using data mining techniques. Procedia Technology, 6, 996-1003.

[2]. Alhaidari, F. A., & Al-Dahasi, E. M. (2019, April). New approach to determine DDoS attack patterns on SCADA system using machine learning. In 2019 International Conference on Computer and Information Sciences (ICCIS) (pp. 1-6). IEEE.

[3]. Ali, S., & Li, Y. (2019). Learning multilevel auto- encoders for DDoS attack detection in smart grid network. IEEE Access, 7, 108647-108659.

[4]. Aljuhani, A. (2021). Machine learning approaches for combating distributed denial of service attacks in modern networking environments. IEEE Access, 9, 42236- 42264.

[5]. Al-Shareeda, M. A., Manickam, S., & Ali, M. (2023). DDoS attacks detection using machine learning and deep learning techniques: Analysis and comparison. Bulletin of Electrical Engineering and Informatics, 12(2), 930-939.

[6]. Arshi, M., Nasreen, M. D., & Madhavi, K. (2020). A survey of DDoS attacks using machine learning techniques. In E3S Web of Conferences, 184, 01052. EDP Sciences.

[7]. Aslan, Ö. (2022). A methodology to detect distributed denial of service attacks. Bilişim Teknolojileri Dergisi, 15(2), 149-158.

[8]. Athira, A. B., & Pathari, V. (2016). Standardisation and classification of alerts generated by intrusion detection systems. IJCI, International Journal on Cybernetics & Informatics, 5(2), 21-29.

[9]. Bao, C. M. (2009, August). Intrusion detection based on one-class svm and snmp mib data. In 2009 Fifth International Conference on Information Assurance and Security, 2, 346-349. IEEE.

[10]. Barati, M., Abdullah, A., Udzir, N. I., Mahmod, R., & Mustapha, N. (2014, August). Distributed Denial of Service detection using hybrid machine learning technique. In 2014 International Symposium on Biometrics and Security Technologies (ISBAST) (pp. 268-273). IEEE.

[11]. Chakraborty, N. (2013). Intrusion detection system and intrusion prevention system: A comparative study. International Journal of Computing and Business Research (IJCBR), 4(2), 1-8.

[12]. Das, V., Pathak, V., Sharma, S., Srikanth, M. V. V. N. S., & Kumar, T. G. (2010). Network intrusion detection system based on machine learning algorithms. AIRCC's International Journal of Computer Science and Information Technology, 2(6), 138-151.

[13]. Elsayed, M. S., Le-Khac, N. A., Dev, S., & Jurcut, A. D. (2020, August). Ddosnet: A deep-learning model for detecting network attacks. In 2020 IEEE 21st International Symposium on" A World of Wireless, Mobile and Multimedia Networks"(WoWMoM) (pp. 391-396). IEEE.

[14]. Filho, F. S. D. L., Silveira, F. A., Junior, A. M. B., Vargas- Solar, G., & Silveira, L. F. (2019). Smart detection: an online approach for DoS/DDoS attack detection using machine learning. Security and Communication Networks, 2019, 1-15.

[15]. Hussain, F., Abbas, S. G., Husnain, M., Fayyaz, U. U., Shahzad, F., & Shah, G. A. (2020, November). IoT DoS and DDoS attack detection using ResNet. In 2020 IEEE 23rd International Multitopic Conference (INMIC) (pp. 1-6). IEEE.

[16]. Johansson, D., & Andersson, P. (2006). Intrusion Detection Systems with Correlation Capabilities.

[17]. Jyothi, V., Wang, X., Addepalli, S. K., & Karri, R. (2016, January). Brain: Behavior based adaptive intrusion detection in networks: Using hardware performance counters to detect ddos attacks. In 2016 29th International Conference on VLSI Design and 2016 15th International Conference on Embedded Systems (VLSID) (pp. 587- 588). IEEE.

[18]. Khosroshahi, Y., & Ozdemir, E. (2019, June). Detection of sources being used in ddos attacks. In 2019 6th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2019 5th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom) (pp. 163-168). IEEE.

[19]. Kothari, P. (2002). Intrusion Detection Interoperability and Standardization. SANS Institute.

[20]. Kozlowski, M., & Ksiezopolski, B. (2021, July). A new method of testing machine learning models of detection for targeted DDoS attacks. In Proceedings of the 18th International Conference on Security and Cryptography SECRYPT, 1, 728-733.

[21]. Kshirsagar, V., & Joshi, M. (2015). Comparative analysis of various classifiers for performance improvement in intrusion detection system by reducing the false positives. International Journal of Computer Science and Information Technologies, 6(5), 4825-4828.

[22]. Nandi, S., Phadikar, S., & Majumder, K. (2020, February). Detection of DDoS attack and classification using a hybrid approach. In 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP) (pp. 41-47). IEEE.

[23]. Peneti, S., & Hemalatha, E. (2021, January). DDOS attack identification using machine learning techniques. In 2021 International Conference on Computer Communication and Informatics (ICCCI) (pp. 1-5). IEEE.

[24]. Perez-Diaz, J. A., Valdovinos, I. A., Choo, K. K. R., & Zhu, D. (2020). A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access, 8, 155859-155872.

[25]. Perez-Diaz, J. A., Valdovinos, I. A., Choo, K. K. R., & Zhu, D. (2020). A flexible SDN-based architecture for identifying and mitigating low-rate DDoS attacks using machine learning. IEEE Access, 8, 155859-155872.

[26]. Rahman, O., Quraishi, M. A. G., & Lung, C. H. (2019, July). DDoS attacks detection and mitigation in SDN using machine learning. In 2019 IEEE World Congress on Services (SERVICES), 2642, 184-189. IEEE.

[27]. Rao, G. S., & Subbarao, P. K. (2023). A novel approach for detection of DoS/DDoS attack in network environment using ensemble machine learning model. International Journal on Recent and Innovation Trends in Computing and Communication, 11(9), 244–253.

[28]. Rao, G. S., & Subbarao, P. K. (2024). A novel framework for detection of DoS/DDoS attack using deep learning techniques, and an approach to mitigate the impact of DoS/DDoS attack in network environment. International Journal of Intelligent Systems and Applications in Engineering, 12(1), 450-466.

[29]. Shamsolmoali, P., & Zareapoor, M. (2014, September). Statistical-based filtering system against DDOS attacks in cloud computing. In 2014 International Conference on Advances in Computing, Communications and Informatics (ICACCI) (pp. 1234-1239). IEEE.

[30]. Shen, Y. (2022, October). An intrusion detection algorithm for DDoS attacks based on DBN and three-way decisions. In Journal of Physics: Conference Series, 2356 (1), 012044. IOP Publishing.

[31]. Shieh, C. S., Nguyen, T. T., Lin, W. W., Lai, W. K., Horng, M. F., & Miu, D. (2022). Detection of adversarial ddos attacks using symmetric defense generative adversarial networks. Electronics, 11(13), 1977.

[32]. Shon, T., Kim, Y., Lee, C., & Moon, J. (2005, June). A machine learning framework for network anomaly detection using SVM and GA. In Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop (pp. 176-183). IEEE.

[33]. Silivery, A. K., Rao, K. R. M., & Kumar, L. K. (2023). An effective deep learning based multi-class classification of DoS and DDoS attack detection. International Journal of Electrical and Computer Engineering Systems, 14(4), 421-431.

[34]. Tao, Y., & Yu, S. (2013, July). DDoS attack detection at local area networks using information theoretical metrics. In 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (pp. 233-240). IEEE.

[35]. Tayyab, M., Belaton, B., & Anbar, M. (2020). ICMPv6- based DoS and DDoS attacks detection using machine learning techniques, open challenges, and blockchain applicability: A review. IEEE Access, 8, 170529-170547.

[36]. Timofte, J. (2008). Intrusion detection using open source tools. Revista Informatica Economică (pp. 75-79).

[37]. Ulemale, T. (2022). Review on detection of DDOS attack using machine learning. International Journal for Research in Applied Science & Engineering Technology, 10(3), 764-764.

[38]. Vijayarani, S., & Sylviaa, M. (2015). Intrusion detection system-a study. International Journal of Security, Privacy and trust management (IJSPTM), 4(1), 31-44.

[39]. Wankhede, S., & Kshirsagar, D. (2018, August). DoS attack detection using machine learning and neural network. In 2018 Fourth International Conference on Computing Communication Control and Automation (ICCUBEA) (pp. 1-5). IEEE.

[40]. Wei, Y., Jang-Jaccard, J., Sabrina, F., Singh, A., Xu, W., & Camtepe, S. (2021). Ae-mlp: A hybrid deep learning approach for ddos detection and classification. IEEE Access, 9, 146810-146821.

[41]. Wu, C., Sheng, S., & Dong, X. (2018, October). Research on visualization systems for DDoS attack detection. In 2018 IEEE International Conference on Systems, Man, and Cybernetics (SMC) (pp. 2986-2991). IEEE.

[42]. Yang, G., Chen, D., Xu, J., & Zhu, Z. (2010, March). Research of intrusion detection system based on vulnerability scanner. In 2010 2nd International Conference on Advanced Computer Control, 3, 173-176. IEEE.

[43]. Yasm, C. (2009). Prelude as a Hybrid IDS Framework.

[44]. Yuan, X., Li, C., & Li, X. (2017, May). DeepDefense: identifying DDoS attack via deep learning. In 2017 IEEE International Conference on Smart Computing (SMARTCOMP) (pp. 1-8). IEEE.

[45]. Yusof, A. R. A., Udzir, N. I., Selamat, A., Hamdan, H., & Abdullah, M. T. (2017, November). Adaptive feature selection for denial of services (DoS) attack. In 2017 IEEE Conference on Application, Information and Network Security (AINS) (pp. 81-84). IEEE.

[46]. Zekri, M., El Kafhali, S., Aboutabit, N., & Saadi, Y. (2017, October). DDoS attack detection using machine learning techniques in cloud computing environments. In 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech) (pp. 1-7). IEEE.

[47]. Zhou, B., Li, J., Wu, J., Guo, S., Gu, Y., & Li, Z. (2018, May). Machine-learning-based online distributed denial-of-service attack detection using spark streaming. In 2018 IEEE International Conference on Communications (ICC) (pp. 1-6). IEEE.