Predição de Ataques DDoS pela Correlação de Séries Temporais via Padrões Ordinais
Abstract
Infected devices in Internet of Things (IoT) represent one of the main challenges in fighting distributed denial of service (DDoS) attacks. Attackers camouflage their actions and delay attack prediction, requiring new solutions resilient to noise and variations in network traffic. This article presents a technique for predicting DDoS attacks using a novel methodology for extracting network features. The proposal benefits from the noise tolerance of the ordinal transformation to the DDoS attack prediction. The prediction applies the One-Class SVM algorithm, independent of labeled data. The technique predicts a DDoS attack up to 44 minutes before its start with an accuracy of 89%.
References
Abaid, Z., Sarkar, D., Kaafar, M. A., and Jha, S. (2016). The early bird gets the botnet:a markov chain based early warning system for botnet attack. In IEEE LCN, pages 1–8.
Amer, M., Goldstein, M., and Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. ACM SIGKDD, pages 8–15.
Bandt, C. and Pompe, B. (2002). Permutation entropy: a natural complexity measure for time series. Physical review letters, 88(17):174102.
Bezerra, V. H., da Costa, V. G. T., Barbon Junior, S., Miani, R. S., and Zarpelão, B. B. (2019). Iotds: A one-class classification approach to detect botnets in internet of things devices. Sensors, 19(14):3188.
Borges, J. B., Medeiros, J. P., Barbosa, L. P., Ramos, H. S., and Loureiro, A. A. (2022). Iot botnet detection based on anomalies of multiscale time series dynamics. IEEE TKDE.
Box, G. E., Jenkins, G. M., Reinsel, G. C., and Ljung, G. M. (2015). Time series analysis: forecasting and control. John Wiley & Sons.
Brito, D., Neira, A., Borges, L., Araújo, A., and Nogueira, M. (2023). Um sistema autônomo para a predição de ataques de ddos em redes locais e internet. In WGRS, pages 29–42, Porto Alegre, RS, Brasil. SBC.
Brockwell, P. J. and Davis, R. A. (2009). Time series: theory and methods. Springer science & business media.
Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).
Chagas, E. T., Borges, J. B., and Ramos, H. S. (2022). Uso de padrões ordinais na caracterização e análise de ataques de botnets em internet das coisas (IoT). In WebMedia, pages 133–137. SBC.
de Neira, A. B., de Araujo, A. M., and Nogueira, M. (2023). An intelligent system for DDoS attack prediction based on early warning signals. IEEE TNSM, 20(2):1–13.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, pages 173–180, Greece. IEEE.
Ferreira, A. E. and Nogueira, M. (2018). Identificando botnets geradoras de ataques ddos volumétricos por processamento de sinais em grafos. In WGRS. SBC.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. C&S, 45:100–123.
Garcia, S., Parmisano, A., and Erquiaga, M. J. (2020). IoT-23: A labeled dataset with malicious and benign IoT network traffic.
Griffioen, H., Oosthoek, K., van der Knaap, P., and Doerr, C. (2021). Scan, test, execute: Adversarial tactics in amplification ddos attacks. In ACM SIGSAC, pages 940–954.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Lamberti, P. W., Martin, M., Plastino, A., and Rosso, O. (2004). Intensive entropic nontriviality measure. PHYSA, 334(1-2):119–131.
Netscout (2023). Findings from 2nd half 2022. [(Acessado em: Abril de 2023)]. https://www.netscout.com/threatreport/global-highlights.
Rafiee, M. et al. (2022). Self-organization map (SOM) algorithm for ddos attack detection in distributed software defined network (D-SDN). JIST, 2(38):120.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Ribeiro, H. V., Jauregui, M., Zunino, L., and Lenzi, E. K. (2017). Characterizing time series via complexity-entropy curves. Physical Review E, 95(6):062106.
Rosso, O. A., Larrondo, H., Martin, M. T., Plastino, A., and Fuentes, M. A. (2007). Distinguishing noise from chaos. Physical review letters, 99(15):154102.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Silva, G. L. F. E., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for ddos attack anticipation. In LATINCOM, pages 1–6. IEEE.
Amer, M., Goldstein, M., and Abdennadher, S. (2013). Enhancing one-class support vector machines for unsupervised anomaly detection. ACM SIGKDD, pages 8–15.
Bandt, C. and Pompe, B. (2002). Permutation entropy: a natural complexity measure for time series. Physical review letters, 88(17):174102.
Bezerra, V. H., da Costa, V. G. T., Barbon Junior, S., Miani, R. S., and Zarpelão, B. B. (2019). Iotds: A one-class classification approach to detect botnets in internet of things devices. Sensors, 19(14):3188.
Borges, J. B., Medeiros, J. P., Barbosa, L. P., Ramos, H. S., and Loureiro, A. A. (2022). Iot botnet detection based on anomalies of multiscale time series dynamics. IEEE TKDE.
Box, G. E., Jenkins, G. M., Reinsel, G. C., and Ljung, G. M. (2015). Time series analysis: forecasting and control. John Wiley & Sons.
Brito, D., Neira, A., Borges, L., Araújo, A., and Nogueira, M. (2023). Um sistema autônomo para a predição de ataques de ddos em redes locais e internet. In WGRS, pages 29–42, Porto Alegre, RS, Brasil. SBC.
Brockwell, P. J. and Davis, R. A. (2009). Time series: theory and methods. Springer science & business media.
Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).
Chagas, E. T., Borges, J. B., and Ramos, H. S. (2022). Uso de padrões ordinais na caracterização e análise de ataques de botnets em internet das coisas (IoT). In WebMedia, pages 133–137. SBC.
de Neira, A. B., de Araujo, A. M., and Nogueira, M. (2023). An intelligent system for DDoS attack prediction based on early warning signals. IEEE TNSM, 20(2):1–13.
Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, pages 173–180, Greece. IEEE.
Ferreira, A. E. and Nogueira, M. (2018). Identificando botnets geradoras de ataques ddos volumétricos por processamento de sinais em grafos. In WGRS. SBC.
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. C&S, 45:100–123.
Garcia, S., Parmisano, A., and Erquiaga, M. J. (2020). IoT-23: A labeled dataset with malicious and benign IoT network traffic.
Griffioen, H., Oosthoek, K., van der Knaap, P., and Doerr, C. (2021). Scan, test, execute: Adversarial tactics in amplification ddos attacks. In ACM SIGSAC, pages 940–954.
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Lamberti, P. W., Martin, M., Plastino, A., and Rosso, O. (2004). Intensive entropic nontriviality measure. PHYSA, 334(1-2):119–131.
Netscout (2023). Findings from 2nd half 2022. [(Acessado em: Abril de 2023)]. https://www.netscout.com/threatreport/global-highlights.
Rafiee, M. et al. (2022). Self-organization map (SOM) algorithm for ddos attack detection in distributed software defined network (D-SDN). JIST, 2(38):120.
Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.
Ribeiro, H. V., Jauregui, M., Zunino, L., and Lenzi, E. K. (2017). Characterizing time series via complexity-entropy curves. Physical Review E, 95(6):062106.
Rosso, O. A., Larrondo, H., Martin, M. T., Plastino, A., and Fuentes, M. A. (2007). Distinguishing noise from chaos. Physical review letters, 99(15):154102.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Silva, G. L. F. E., de Neira, A. B., and Nogueira, M. (2022). A deep learning-based system for ddos attack anticipation. In LATINCOM, pages 1–6. IEEE.
Published
2023-09-18
How to Cite
ALBANO, Lucas; BORGES, Ligia F.; NEIRA, Anderson B. de; NOGUEIRA, Michele.
Predição de Ataques DDoS pela Correlação de Séries Temporais via Padrões Ordinais. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 23. , 2023, Juiz de Fora/MG.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2023
.
p. 69-82.
DOI: https://doi.org/10.5753/sbseg.2023.233476.
