Distributed denial-of-service (DDoS) attacks are one of the most serious threats to today’s high-speed networks. These attacks can quickly incapacitate a targeted business, costing victims millions of dollars in lost revenue and productivity. In this paper, we present a novel method which allows us to timely detect application-layer DDoS attacks that utilize encrypted protocols by applying an anomaly-based approach to statistics extracted from network packets. The method involves construction of a model of normal user behavior with the help of weighted fuzzy clustering. The construction algorithm is self-adaptive and allows one to update the model every time when a new portion of network traffic data is available for the analysis. The proposed technique is tested with realistic end user network traffic generated in the RGCE Cyber Range.
Zolotukhin Mikhail, Kokkonen Tero, Hämäläinen Timo, Siltanen Jarmo
Zolotukhin M., Kokkonen T., Hämäläinen T., Siltanen J. (2016) Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic. In: Galinina O., Balandin S., Koucheryavy Y. (eds) Internet of Things, Smart Spaces, and Next Generation Networks and Systems. ruSMART 2016, NEW2AN 2016. Lecture Notes in Computer Science, vol 9870. Springer, Cham