Detecting DRDoS Attack by Log File Based IP Pairing Mechanism

Authors: , ,

Abstract: As the number of security threats and attacks increase the need for developing flexible and automated network security mechanism also increase. The main objective of this paper is to propose a Reflection Attack Log File (RALF) based IP pairing detection method to detect the TCP-SYN reflection attack. The proposed RALF based IP pairing detection method is best suitable for all the types of protocols such as TCP, UDP, ICMP packets and it belongs to the category of protocol independent detection method. The RALF based IP pairing detection method involves log files which comprises the details of source and destination addresses that are considered to be the comparative parameter for detecting the TCP-SYN reflection attack. In the experimental analysis, the performance of the proposed method is analyzed with Distributed Denial of Service (DDoS) and Distributed Reflection Denial of Service (DRDoS) attack traffic. This method achieves (99%) of True Positive Rates (TPR) and less (1%) of False Positive Rate (FPR) when compared to existing reflected attack detection method. The proposed RALF based IP pairing detection method effectively detects the TCP-SYN reflection attacks before the attack reaching the target server. The results show that the proposed RALF based IP pairing detection method detects the highest probability of attack traffic.

WSEAS Transactions on Computers, ISSN / E-ISSN: 1109-2750 / 2224-2872, Volume 13, 2014, Art. #48

PDF
XML
Cite
×
Citation Tools
WSEAS AMA
P. Mohana Priya, V. Akilandeswari, S. Mercy Shalinie, "Detecting DRDoS Attack by Log File Based IP Pairing Mechanism," WSEAS Transactions on Computers, vol. 13, pp. 538-548, 2014, DOI:
P. Mohana Priya, V. Akilandeswari, S. Mercy Shalinie. Detecting DRDoS Attack by Log File Based IP Pairing Mechanism. WSEAS Transactions on Computers. 2014;13:538-548.
Copy to Clipboard
Citation copied to Clipboard

Certification

---