Distributed Threat Analytics System for Denial-of-Service Attacks
Prabhakar Krishnan1, Vinay Gurram2

1Prabhakar Krishnan, Amrita Center for Cybersecurity Systems and Networks, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Amrita University, Amritapuri, India.
2Vinay Gurram, Amrita Center for Cybersecurity Systems and Networks, Amrita School of Engineering,Amrita Vishwa Vidyapeetham, Amrita University, Amritapuri, India.
Manuscript received on 07 March 2019 | Revised Manuscript received on 20 March 2019 | Manuscript published on 30 March 2019 | PP: 394-398 | Volume-8 Issue-5, March 2019 | Retrieval Number: E3199038519/19©BEIESP
Open Access | Ethics and Policies | Cite | Mendeley | Indexing and Abstracting
© The Authors. Blue Eyes Intelligence Engineering and Sciences Publication (BEIESP). This is an open access article under the CC-BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/)

Abstract: In recent years, we have seen the rise of application specific attacks that exploit the vulnerabilities in the network protocols (HTTP, DNS, SMTP, other) and try to overwhelm the server application, not just the connectivity pipe. In this paper, we propose an advanced DoS Threat Analytics System (DTAS) to mitigate the full range of DoS network attacks – not just volumetric, based on comprehensive collaborative detection algorithms, implemented in the Elasticsearch Big Data platform. DTAS security solution is driven by powerful threat detection algorithms that: a) dissects all attack probabilities in the network traffic, b) Uses behavioural analytics to correlate multiple parameters and generate multi-vector representations, c) Employs dynamic challenges to verify normal versus attack traffic. The DTAS analytics engine analyses multiple IP attributes within TCP and UDP flows, ICMP, HTTP and DNS traffic, count, frequency, headers, payloads, detecting covert traffic, amplification attacks trying to target the services on the network. By measuring all these attributes, our system creates a multi-vector heuristic representation of the normal or baseline traffic flows. We have used datasets from UCLA, downloaded traces from real world incidents and tested the efficacy of the system with various large-scale simulated DoS attacks in the test network. Our experiments show that the DTAS framework can detect DoS attacks in real time, without impacting the latency to benign traffic in the network and with accuracy up to 95% detection rate for attacks.
Keyword: Botnet, Distributed Denial of Service (DDoS) Attack, Network Security, Threat Analytics.
Scope of the Article: SOA and Service-Oriented Systems