Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets

Author

Furutani, Nobuaki ; Tao Ban ; Nakazato, Junji ; Shimamura, Jumpei ; Kitazono, Jun ; Ozawa, Seiichi

Author_Institution

Guraduate Sch. of Eng., Kobe Univ., Kobe, Japan

fYear

2014

fDate

3-5 Sept. 2014

Firstpage

39

Lastpage

43

Abstract

In this work, we propose a method to discriminate backscatter caused by DDoS attacks from normal traffic. Since DDoS attacks are imminent threats which could give serious economic damages to private companies and public organizations, it is quite important to detect DDoS backscatter as early as possible. To do this, 11 features of port/IP information are defined for network packets which are sent within a short time, and these features of packet traffic are classified by Suppurt Vector Machine (SVM). In the experiments, we use TCP packets for the evaluation because they include control flags (e.g. SYN-ACK, RST-ACK, RST, ACK) which can give label information (i.e. Backscatter or non-backscatter). We confirm that the proposed method can discriminate DDoS backscatter correctly from unknown dark net TCP packets with more than 90% accuracy.

Keywords

computer network security; support vector machines; telecommunication traffic; transport protocols; DDoS attacks; DDoS backscatter detection; Darknet TCP packets; SVM; backscatter discrimination; control flags; network packets; packet traffic; port-IP information; support vector machine; traffic features; Backscatter; Computer crime; Feature extraction; IP networks; Ports (Computers); Servers; Support vector machines; DDoS attacks; Support Vector Machine; machine learning; network security; traffic classification;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Security (ASIA JCIS), 2014 Ninth Asia Joint Conference on

Conference_Location

Wuhan

Type

conf

DOI

10.1109/AsiaJCIS.2014.23

Filename

7023237