A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems

Jung Woo Seo, Sangjin Lee

Research output: Contribution to journalArticle

2 Citations (Scopus)

Abstract

Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

Original languageEnglish
Article number1878
JournalSpringerPlus
Volume5
Issue number1
DOIs
Publication statusPublished - 2016 Dec 1

Fingerprint

Servers
Malware

ASJC Scopus subject areas

  • General

Cite this

A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems. / Seo, Jung Woo; Lee, Sangjin.

In: SpringerPlus, Vol. 5, No. 1, 1878, 01.12.2016.

Research output: Contribution to journalArticle

@article{2930733edc6a45efa374365eef4f8ad9,
title = "A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems",
abstract = "Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.",
author = "Seo, {Jung Woo} and Sangjin Lee",
year = "2016",
month = "12",
day = "1",
doi = "10.1186/s40064-016-3569-3",
language = "English",
volume = "5",
journal = "SpringerPlus",
issn = "2193-1801",
publisher = "Springer Science and Business Media Deutschland GmbH",
number = "1",

}

TY - JOUR

T1 - A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems

AU - Seo, Jung Woo

AU - Lee, Sangjin

PY - 2016/12/1

Y1 - 2016/12/1

N2 - Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

AB - Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic.

UR - http://www.scopus.com/inward/record.url?scp=84994017748&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84994017748&partnerID=8YFLogxK

U2 - 10.1186/s40064-016-3569-3

DO - 10.1186/s40064-016-3569-3

M3 - Article

AN - SCOPUS:84994017748

VL - 5

JO - SpringerPlus

JF - SpringerPlus

SN - 2193-1801

IS - 1

M1 - 1878

ER -