Engenharia de Sinais Precoces de Alerta Para a Predição de Ataques DDoS

  • Anderson B. de Neira UFPR
  • Ligia F. Borges UFMG
  • Alex M. de Araújo UFPR
  • Michele Nogueira UFPR / UFMG

Resumo


A rápida escalada dos ataques de negação de serviço distribuído (DDoS) requer sua predição. Grandes volumes de tráfego de ataques limitam o tempo disponível para detê-los. Os atacantes escondem suas ações da detecção com o objetivo de aumentar seus danos. Portanto, é essencial predizer os sinais da preparação dos ataques. Este trabalho apresenta a abordagem Engenharia de Sinais Precoces de Alerta (ESPA). ESPA gera características que possam indicar a preparação do ataque no tráfego de rede baseado na teoria dos sinais precoces de alerta. A partir da indicação é possível detê-los antecipadamente. A abordagem ESPA permite a predição de um ataque DDoS 30 minutos antes do seu início efetivo.

Referências

Abdlhamed, M., Kifayat, K., Shi, Q., and Hurst, W. (2017). Intrusion Prediction Systems, pages 155–174. Springer International Publishing, Cham.

Bedeian, A. G. and Mossholder, K. W. (2000). On the use of the coefficient of variation as a measure of diversity. ORM, 3(3):285–297.

Biggs, R., Carpenter, S. R., and Brock, W. A. (2009). Turning back from the brink: Detecting an impending regime shift in time to avert it. PNAS, 106(3):826–831.

Boers, N. and Rypdal, M. (2021). Critical slowing down suggests that the western Greenland Ice Sheet is close to a tipping point. PNAS, 118(21).

Bury, T. M., Bauch, C. T., and Anand, M. (2020). Detecting and distinguishing tipping points using spectral early warning signals. J. R. Soc., 17(170).

Dakos, V., Carpenter, S. R., Brock, W. A., Ellison, A. M., Guttal, V., Ives, A. R., Kéfi, S., Livina, V., Seekell, D. A., van Nes, E. H., and Scheffer, M. (2012). Methods for detecting early warnings of critical transitions in time series illustrated using simulated ecological data. PLOS ONE, 7(7):1–20.

de Neira, A. B., de Araujo, A. M., and Nogueira, M. (2022). An intelligent system for DDoS attack prediction based on early warning signals. IEEE TNSM, -(-):1–13.

Feng, Y., Akiyama, H., Lu, L., and Sakurai, K. (2018). Feature selection for machine learning-based early detection of distributed cyber attacks. In DASC, pages 173–180, Greece. IEEE.

Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.

Gupta, B. B. and Badve, O. P. (2017). Taxonomy of DoS and DDoS attacks and desirable defense mechanism in a cloud computing environment. NCA, 28(12):3655–3682.

Guttal, V. and Jayaprakash, C. (2008). Changing skewness: an early warning signal of regime shifts in ecosystems. Ecology Letters, 11(5):450–460.

Jaber, A. N., Zolkipli, M. F., Majid, M. A., and Anwar, S. (2017). Methods for preventing distributed denial of service attacks in cloud computing. ASL, 23(6):5282–5285.

Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, New Delhi, India. IEEE.

Kivalov, S. and Strelkovskaya, I. (2022). Detection and prediction of DDoS cyber attacks using spline functions. In TCSET, pages 710–713, Ukraine.

Netscout (2022). Issue 9: Findings from 1st half 2022. [Acesso em: 11/22]. https://www.netscout.com/threatreport/global-highlights.

Oja, H. (1981). On location, scale, skewness and kurtosis of univariate distributions. Scand. J. Stat., 8(3):154–168.

Proverbio, D., Kemp, F., Magni, S., and Gonçalves, J. (2022). Performance of early warning signals for disease re-emergence: A case study on COVID-19 data. PLOS Computational Biology, 18(3):e1009958.

Rahal, B. M., Santos, A., and Nogueira, M. (2020). A distributed architecture for DDoS prediction and bot detection. IEEE Access, 8:159756–159772.

Salemi, H., Rostami, H., Talatian-Azad, S., and Khosravi, M. R. (2021). Leaesn: Predicting DDoS attack in healthcare systems based on lyapunov exponent analysis and echo state neural networks. MTA, -(-):1–22.

Santos, L. A. F., Campiolo, R., Gerosa, M. A., and Batista, D. M. (2013). Extração de alertas de segurança postados em mensagens de redes sociais. In SBRC, pages 791–804, Brasil.

Scheffer, M. (2009). Critical Transitions in Nature and Society. PUP.

Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.

Takimoto, G. (2009). Early warning signals of demographic regime shifts in invading populations. Population Ecology, 51(3):419–426.

Tasa, F. A., Istiqomah, Murti, M. A., and Alinursafa, I. (2022). Classification of earth-quake vibrations using the ANN (Artificial Neural Network) algorithm. In IAICT, pages 102–107.

Toh, A., Vij, A., and Pasha, S. (2022). Azure DDoS protection—2021 Q3 and Q4 DDoS attack trends. [link]. ([Acesso em: 01/22]).
Publicado
26/05/2023
NEIRA, Anderson B. de; BORGES, Ligia F.; ARAÚJO, Alex M. de; NOGUEIRA, Michele. Engenharia de Sinais Precoces de Alerta Para a Predição de Ataques DDoS. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 28. , 2023, Brasília/DF. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 139-152. ISSN 2595-2722. DOI: https://doi.org/10.5753/wgrs.2023.724.