Um Sistema Autoadaptável para Predição de Ataques DDoS Fundado na Teoria da Metaestabilidade
Abstract
Distributed Denial of Service (DDoS) attacks grow in volume, sophistication, and impact. Examples are the recent DDoS attacks against the French company OVN and the name provider DYN, which have reached unprecedented volumes of malicious traffic. In general, these attacks have unexpected behaviors, being detected or mitigated only when they are in advanced stages. Thus, differently from other works, we advocate for the early prediction of DDoS attacks to assist in reducing or avoiding costs and losses due to DDoS attacks. This paper presents STARK, a self-adaptable DDoS attack prediction system. Unlike works from the literature, STARK identifies signs of attack on the network before reaching advanced stages. Based on the metastability theory, STARK provides unsupervised statistical learning and identifies the imminence of DDoS attacks. Its evaluation follows a trace-driven approach, in which three databases containing records of DDoS attacks are employed. Results show the prediction of DDoS attacks with minutes or hours in advance.
References
Azzouni, A. and Pujolle, G. (2017). A long short-term memory recurrent neural network framework for network trafc matrix prediction. arXiv.
Bovier, A. and Den Hollander, F. (2016). Metastability: a potential-theoretic approach, volume 351. Springer.
CAIDA, U. (2007). The CAIDA UCSD ”DDoS attack 2007”dataset. Disponível em https://www.caida.org/data/passive/ddos-20070804_dataset.xml. Acesso em Jun/2017.
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Ké, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PloS one, 7(7).
García, S. and Uhlir, V. (2011). Malware capture facility project. Disponível em http://mcfp.weebly.com/the-ctu-13-dataset-a-labeled-datasetwith-botnet-normal-and-background-traffic.html. Acesso em Jun/2017.
Holgado, P., VILLAGRA, V. A., and Vazquez, L. (2017). Real-time multistep attack prediction based on hidden markov models. IEEE Transactions on Dependable and Secure Computing.
Kwon, D., Kim, H., An, D., and Ju, H. (2017). Ddos attack volume forecasting using a statistical In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management approach. (IM), pages 1083–1086. IEEE.
Laboratory, L. (2000). DARPA intrusion detection evaluation. Disponível em https://www.ll.mit.edu/ideval/data/2000/LLS_DDOS_1.0.html. Acesso em Jun/2017.
Lima, M. N., Dos Santos, A. L., and Pujolle, G. (2009). A survey of survivability in mobile ad hoc networks. IEEE Communications Surveys & Tutorials, 11(1):66–77.
Introdução á Estatística: Aplicações em Mattos, V., Konrath, A., and Azambuja, A. (2017).
Ciências Exatas. Livros Técnicos e Cientícos Editora-LTC.
NicBR (2017). CERT.br registra aumento de ataques de negação de serviço em 2016. http://www.nic.br/noticia/releases/cert-br-registra-aumentode-ataques-de-negacao-de-servico-em-2016/. [ Último acesso em Jul/2017].
Nijim, M., Albataineh, H., Khan, M., and Rao, D. (2017). Fastdetict: A data mining engine for predecting and preventing ddos attacks. In IEEE International Symposium on Technologies for Homeland Security (HST), pages 1–5. IEEE.
Nogueira, M., Santos, A. A., and Moura, J. M. F. (2017). Early signals from volumetric ddos attacks: An empirical study. arXiv, 2.
Ramaki, A. A. and Atani, R. E. (2016). A survey of it early warning systems: architectures, challenges, and solutions. Security and Communication Networks.
Santos, A. A., Nogueira, M., and Moura, J. M. (2017). A stochastic adaptive model to explore mobile botnet dynamics. IEEE Communications Letters, 21(4):753–756.
Scheffer, M., Bascompte, J., Brock, W. A., Brovkin, V., Carpenter, S. R., Dakos, V., Held, H., Van Nes, E. H., Rietkerk, M., and Sugihara, G. (2009). Early-warning signals for critical transitions. Nature, 461(7260):53–59.
Vergutz, A., da Silva, R., Vieira, A. B., and Nogueira, M. (2017). Um sistema de identicação In Anais antecipada e transmissão prioritária de alertas médicos sobre WBANs e WLANs. SBRC, Trilha Principal. (SBRC).
Wang, A., Mohaisen, A., and Chen, S. (2017). An adversary-centric behavior modeling of ddos attacks. In IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pages 1126–1136. IEEE.
Woolf, N. (2016). DDoS attack that disrupted internet was largest of its kind in history, experts say. Disponível em https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet. Acesso em Jun/2017.
Zan, X., Gao, F., Han, J., and Sun, Y. (2009). A hidden markov model based framework for tracking and predicting of attack intention. In International Conference on Multimedia Information Networking and Security (MINES), volume 2, pages 498–501. IEEE.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) ooding attacks. IEEE commun. surveys & tuts, 15(4):2046–2069.
Bovier, A. and Den Hollander, F. (2016). Metastability: a potential-theoretic approach, volume 351. Springer.
CAIDA, U. (2007). The CAIDA UCSD ”DDoS attack 2007”dataset. Disponível em https://www.caida.org/data/passive/ddos-20070804_dataset.xml. Acesso em Jun/2017.
Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Ké, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PloS one, 7(7).
García, S. and Uhlir, V. (2011). Malware capture facility project. Disponível em http://mcfp.weebly.com/the-ctu-13-dataset-a-labeled-datasetwith-botnet-normal-and-background-traffic.html. Acesso em Jun/2017.
Holgado, P., VILLAGRA, V. A., and Vazquez, L. (2017). Real-time multistep attack prediction based on hidden markov models. IEEE Transactions on Dependable and Secure Computing.
Kwon, D., Kim, H., An, D., and Ju, H. (2017). Ddos attack volume forecasting using a statistical In 2017 IFIP/IEEE Symposium on Integrated Network and Service Management approach. (IM), pages 1083–1086. IEEE.
Laboratory, L. (2000). DARPA intrusion detection evaluation. Disponível em https://www.ll.mit.edu/ideval/data/2000/LLS_DDOS_1.0.html. Acesso em Jun/2017.
Lima, M. N., Dos Santos, A. L., and Pujolle, G. (2009). A survey of survivability in mobile ad hoc networks. IEEE Communications Surveys & Tutorials, 11(1):66–77.
Introdução á Estatística: Aplicações em Mattos, V., Konrath, A., and Azambuja, A. (2017).
Ciências Exatas. Livros Técnicos e Cientícos Editora-LTC.
NicBR (2017). CERT.br registra aumento de ataques de negação de serviço em 2016. http://www.nic.br/noticia/releases/cert-br-registra-aumentode-ataques-de-negacao-de-servico-em-2016/. [ Último acesso em Jul/2017].
Nijim, M., Albataineh, H., Khan, M., and Rao, D. (2017). Fastdetict: A data mining engine for predecting and preventing ddos attacks. In IEEE International Symposium on Technologies for Homeland Security (HST), pages 1–5. IEEE.
Nogueira, M., Santos, A. A., and Moura, J. M. F. (2017). Early signals from volumetric ddos attacks: An empirical study. arXiv, 2.
Ramaki, A. A. and Atani, R. E. (2016). A survey of it early warning systems: architectures, challenges, and solutions. Security and Communication Networks.
Santos, A. A., Nogueira, M., and Moura, J. M. (2017). A stochastic adaptive model to explore mobile botnet dynamics. IEEE Communications Letters, 21(4):753–756.
Scheffer, M., Bascompte, J., Brock, W. A., Brovkin, V., Carpenter, S. R., Dakos, V., Held, H., Van Nes, E. H., Rietkerk, M., and Sugihara, G. (2009). Early-warning signals for critical transitions. Nature, 461(7260):53–59.
Vergutz, A., da Silva, R., Vieira, A. B., and Nogueira, M. (2017). Um sistema de identicação In Anais antecipada e transmissão prioritária de alertas médicos sobre WBANs e WLANs. SBRC, Trilha Principal. (SBRC).
Wang, A., Mohaisen, A., and Chen, S. (2017). An adversary-centric behavior modeling of ddos attacks. In IEEE 37th International Conference on Distributed Computing Systems (ICDCS), pages 1126–1136. IEEE.
Woolf, N. (2016). DDoS attack that disrupted internet was largest of its kind in history, experts say. Disponível em https://www.theguardian.com/technology/2016/oct/26/ddos-attack-dyn-mirai-botnet. Acesso em Jun/2017.
Zan, X., Gao, F., Han, J., and Sun, Y. (2009). A hidden markov model based framework for tracking and predicting of attack intention. In International Conference on Multimedia Information Networking and Security (MINES), volume 2, pages 498–501. IEEE.
Zargar, S. T., Joshi, J., and Tipper, D. (2013). A survey of defense mechanisms against distributed denial of service (DDoS) ooding attacks. IEEE commun. surveys & tuts, 15(4):2046–2069.
Published
2018-05-10
How to Cite
PELLOSO, Mateus; VERGÜTZ, Andressa; SANTOS, Aldri; NOGUEIRA, Michele.
Um Sistema Autoadaptável para Predição de Ataques DDoS Fundado na Teoria da Metaestabilidade. In: BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 36. , 2018, Campos do Jordão.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2018
.
p. 726-739.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc.2018.2454.
