Kombinasi Metode Partial Rank Correlation dan Flow Correlation Coefficient untuk Membedakan DDoS dengan Flash Crowds

Authors

  • Calvin Kamtoso Program Studi Informatika
  • Agustinus Noertjahyana Program Studi Informatika
  • Rolly Intan Program Studi Informatika

Keywords:

pergaulan bebas, seks bebas, peran orang tua, semiotika, John Fiske

Abstract

With the growing of internet user, causing DDoS attacks to also become more sophisticated. This of course causing DDoS detection became a challenge itself. On the other hand, there is flash crowds which is a traffic generated from a huge amount of valid user. While DDoS attack is becoming more sophisticated, it causes discrimination a DDoS attacks from flash crowds become more challenging.

This research will be conducted by combining two methods of partial rank correlation and flow correlation. Partial rank correlation itself can be used to detect low-rate and high-rate DDoS attacks. Meanwhile flow correlation coefficient can be used to discriminate DDoS from flash crowds, albeit it is lacking the capability to detect low-rate DDoS attacks.

With the test carried, it can be acknowledged whether combining two methods could produce a program that could detect DDoS, flash crowds, or not. Then whether by combining the two methods could increase the accuracy of detection rate and false positive alarm rate of said program than when each method is run independently.

References

[1] Ain, A., Bhuyan, M., Bhattacharyya, D., & Kalita, J. (n.d.). Rank Correlation for Low-Rate DDoS Attack Detection: An Empirical Evaluation (Rep.).

[2] Behal, S., Kumar, K., & Sachdeva, M. (2017). Discriminating flash events from DDoS attacks: A comprehensive review. International Journal of Network Security, 19(5), 734-741. doi:10.6633/IJNS.201709.19(5).11

[3] Bhuyan, M. H., Bhattacharyya, D. K., & Kalita, J. K. (2014). Information metrics for low-rate DDoS attack detection: A comparative evaluation. 2014 Seventh International Conference on Contemporary Computing (IC3). doi:10.1109/ic3.2014.6897151

[4] Bhuyan, M., Kalwar, A., Goswami, A., Bhattacharyya, D., & Kalita, J. (2015). Low-Rate and High-Rate Distributed DoS Attack Detection Using Partial Rank Correlation. 2015 Fifth International Conference on Communication Systems and Network Technologies. doi:10.1109/csnt.2015.24

[5] Dhingra, A., & Sachdeva, M. (2018). DDoS detection and discrimination from flash events: A compendious review. 2018 First International Conference on Secure Cyber Computing and Communication (ICSCCC). doi:10.1109/icsccc.2018.8703335

[6] Feinstein, L., Schnackenberg, D., Balupari, R., & Kindred, D. (n.d.). Statistical approaches to DDoS attack detection and response. Proceedings DARPA Information Survivability Conference and Exposition. doi:10.1109/discex.2003.1194894

[7] Gera, J., & Battula, B. P. (2018). Detection of spoofed and non-spoofed DDoS attacks and discriminating them from flash crowds. EURASIP Journal on Information Security, 2018(1). doi:10.1186/s13635-018-0079-6

[8] Kendall, M. G. (1942). Partial Rank Correlation. Biometrika, 32(3/4), 277. doi:10.2307/2332130

[9] Lasisi, A., Ghazali, R., & Herawan, T. (2016). Application of Real-Valued Negative Selection Algorithm to Improve Medical Diagnosis. Applied Computing in Medicine and Health, 231-243. doi:10.1016/b978-0-12-803468-2.00011-4

[10] Li, K., Zhou, W., Li, P., Hai, J., & Liu, J. (2009). Distinguishing DDoS Attacks from Flash Crowds Using Probability Metrics. 2009 Third International Conference on Network and System Security. doi:10.1109/nss.2009.35

[11] Privalov, A., Lukicheva, V., Kotenko, I., & Saenko, I. (2019). Method of Early Detection of Cyber-Attacks on Telecommunication Networks Based on Traffic Analysis by Extreme Filtering. Energies, 12(24), 4768. doi:10.3390/en12244768

[12] Singh, K. J., & De, T. (2017). Mathematical modelling of DDoS attack and detection using correlation. Journal of Cyber Security Technology, 1(3-4), 175-186. doi:10.1080/23742917.2017.1384213

[13] Srikanth Kandula, Dina Katabi, Matthias Jacob, and Arthur Berger. 2005. Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds. In Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2 (NSDI'05). USENIX Association, USA, 287–300

[14] Thapngam, T., Li, S., Zhou, W., & Beliakov, G. (2011). Discriminating DDoS attack traffic from flash crowd through packet arrival patterns. 2011 IEEE Conference on Computer Communications Workshops (INFOCOM WKSHPS). doi:10.1109/infcomw.2011.5928950

[15] Yu, S., Thapngam, T., Liu, J., Wei, S., & Zhou, W. (2009). Discriminating DDoS Flows from Flash Crowds Using Information Distance. 2009 Third International Conference on Network and System Security. doi:10.1109/nss.2009.29

[16] Yu, S., Zhou, W., Jia, W., Guo, S., Xiang, Y., & Tang, F. (2012). Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient. IEEE Transactions on Parallel and Distributed Systems, 23(6), 1073-1080.doi:10.1109/tpds.2011.262

Downloads

Published

2021-04-10

Issue

Section

Articles