Distributed denial of service attack detection using density based clustering and information fusion techniques

Abstract

The devices in networks are constantly under numerous attack threat in today’s complex internet world. DDoS is the well-known type of attack since it is easy to launch and disrupt the target traffic. Attackers can implement various techniques to launch their attacks by masquerading their real identities behind false addresses. In order to ensure confidentiality, integrity and availability, the implementing an Intrusion Prevention Systems is of primary importance in order to establish a secure network infrastructure. In thesis, we propose DDoS attack prevention framework in which multiple metrics from packet headers are used and then fused to generate a collective judgment on whether an attack occurs. Dempster-Shafer Theory is an information fusion approach for combining various evidences from various sources. An unsupervised BPA approach is employed to adapt assignment of beliefs to the most up to date attribute of the network traffic. The BPA approach is simple but highly effective. It has outstanding accuracy with low false alarms and very high attack identification rate. It is hard to find publicly available datasets for DDoS schemes. We used CAIDA and Bogazici University datasets. Datasets with more comprehensive features would be better to test success of our method. A descriptive analysis of the produced results, for all the used datasets are given. The performance evaluation of the effectiveness of proposed scheme is measured by using different attack rates.