DETECTION AND BLOCKING SLOW DDOS ATTACKS BASED ON PREDICTING USER BEHAVIOR
DOI:
https://doi.org/10.18372/2310-5461.55.16908Keywords:
network protocol, locking, individual prediction, random process, slow DDoS attack, user behaviorAbstract
Security researchers have identified 14 vulnerabilities affecting the TCP/IP protocol library. A feature of a slow DDoS attack is the use of a vulnerability in the TCP/IP protocol, where interruptions can be caused intentionally or unintentionally as a result of delays in communication channels. The article deals with the problem of detecting a slow distributed denial of service attack. Detecting slow-moving DDoS attacks is known to differ from traffic-based attacks because they do not increase network traffic. Instead of creating a sudden surge of traffic, slow, low-power attacks are conducted with minimal activity and are not registered Наукоємні технології № 3(55), 2022 © Лаптєв О. А., Бучик С. С., Савченко В. А., Наконечний В. С., Михальчук І. І., Шестак Я. В., 2022 192 by systems. They aim to fail the object inconspicuously by creating the minimum number of connections and leaving them unfinished for as long as possible. Typically, attackers send partial HTTP requests and small data packets or activity check messages to keep the connection active. Such attacks are difficult to block and difficult to detect. Due to the low volume of traffic and the fact that attacks can look like standard connections, a different prevention technology is required. Attack sources should be blocked based on the characteristics of the request execution, not on the basis of their reputation. Therefore, it was assumed that the success of a slow DDoS attack depends on the user's behavior. Based on the modeling of the method of detecting slow attacks, research and prediction of the behavior of the individual was carried out, and the trajectory of the behavior of a specific user was proposed. The possibilities of using this method were confirmed by modeling RUDY attacks on HTTP services. The obtained prediction accuracy characteristics depend on the displayed accumulated traffic and attack statistics. The study proves that such a method can be used to detect different types of slow DDoS attacks
References
A. Dhanapal and P. Nithyanandam. The Slow HTTP DDOS Attacks: Detection, Mitigation and Prevention in the Cloud Environment. Scalable Computing: Practice and Experience. 2019. Vol ume 20, Number 4, pp. 669–685. https://doi.org/ 10.12694/ scpe.v20i4.1569
H. Abusaimeh, H. Atta, H. Shihadeh. Survey on Cache-Based Side-Channel Attacks in Cloud Com puting. International Journal of Emerging Trends in Engineering Research. 2020. Volume 8, No. 4, p. 1019–1026.
Лаптев О. А., Собчук В. В., Саланди И. П., Сачук Ю. В. Математична модель структури інформаційної мережі на основі нестаціонарної ієрархічної та стаціонарної гіпермережі. Збірник наукових праць Військового інституту Київського національного університету імені Тараса Шевченка. 2019. Вип. 64. С. 124–132.
C. L. Calvert, T. M. Khoshgoftaar Impact of class distribution on the detection of slow HTTP DoS attacks using Big Data. Journal of Big Data. 2019. Volume 6, No. 67 https://doi.org/10.1186/s40537- 019-0230-3.
Karaboga D. An idea based on honey bee swarm for numerical optimization Technical Report TR06, Erciyes University, Engineering Faculty, Computer Engineering Department, 2005.
Ya. V. Tarasov. Investigation of the application of neural networks for the detection of low-intensity DDоS-attacks of the application level. Cybersecurity. 2017. Іssues №5(24). PP. 23–29. https://doi.org/ 10.21681/2311-3456-2017-5-23-29.
Kureichik V. V., Zaruba D. V., Zaporozhets D. Y. Algoritm parametricheskoy optimizatsii na osnove modeli povedeniya roya svetlyachkov. Parametric optimization algorithm based on the model of glowworm swarm behavior. Izvestiya SFedU. Engineering Sciences. 2015, no. 6 (167), pp. 6–15.
Лаптєв О. А., Собчук В. В., Савченко В. А. Метод підвищення завадостійкості системи ви явлення, розпізнавання і локалізації цифрових сигналів в інформаційних системах. Збірник наукових праць Військового інституту Київсь кого національного університету імені Тараса Шевченка. 2019. Вип. 66. С. 124–132.
M. Idhammad, K. Afdel, and M. Belouch. Detection System of HTTP DDoS Attacks in a Cloud Envi ronment Based on Information Theoretic Entropy and Random Forest. Security and Communication Networks. 2018, Volume Article ID 1263123, 13 p. https://doi.org/10.1155/2018/1263123.
Лаптєв О. А. Експериментально-статистичний метод обчислення кореляційної взаємозалеж ності параметрів розпізнавання засобів неглас ного отримання інформації. Сучасний захист інформації. 2019. № 3(39). С. 23–29.
S. Lysenko, V. Tkachuk. Method and software for detecting r.u.d.y. attack based on the usage of the algorithm of determining traffic self-similarity. Herald of Khmelnytskyi national university. 2019. Issue 3, p. 273.
Sobchuk A. V., Sobchuk V. V., Barabash O. V., Lyashenko I. O. Functionally sustainable wireless sensor network technologies aspects analysis. Sci ence and Education a New Dimension. Natural and Technical Sciences. 2019. VII (23), Issue 193, Budapest, Hungary, pp. 46–48.
