Denial of Service attacks remain one of the most serious threats to the Internet nowadays. In this study, we propose an algorithm for detection of Denial of Service attacks that utilize SSL/TLS protocol. These protocols encrypt the data of network connections on the application layer which makes it impossible to detect attackers activity based on the analysis of packet payload. For this reason, we concentrate on statistics that can be extracted from packet headers. Based on these statistics, we build a model of normal user behavior by using several data mining algorithms. Once the model has been built, it is used to detect DoS attacks. The proposed framework is tested on the data obtained with the help of a realistic cyber environment that enables one to construct real attack vectors. The simulations show that the proposed method results in a higher accuracy rate when compared to other intrusion detection techniques.
Zolotukhin Mikhail, Hämäläinen Timo, Kokkonen Tero, Niemelä Antti, Siltanen Jarmo
Zolotukhin M., Hämäläinen T., Kokkonen T., Niemelä A., Siltanen J. (2015) Data Mining Approach for Detection of DDoS Attacks Utilizing SSL/TLS Protocol. In: Balandin S., Andreev S., Koucheryavy Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART 2015, NEW2AN 2015. Lecture Notes in Computer Science, vol 9247. Springer, Cham