Detecting DDoS attack using MapReduce operations
Denial of Service (DoS) and Distributed DoS (DDoS) attacks are evolving continuously. These attacks make network resources unavailable for legitimate users which results in massive loss of data, resources and money. Recent distributed denial-of-service (DDoS) attacks have demonstrated horrible destructive power by paralyzing web servers within short time. As the volume of Internet traffic rapidly grows up, the current DDoS detection technologies have met a new challenge that should efficiently deal with a huge amount of traffic within the affordable response time. This work focuses on novel DDoS detection method based on Hadoop that implements a HTTP GET flooding detection algorithm in MapReduce on the distributed computing platform.
Keywords: DDoS Attack, HTTP Flooding Attack, MapReduce, Apache Hadoop.
Lammel, R. (2008), Google’s MapReduce programming model – revisited, Science of Computer Programming, No. 70 (1), pp. 1-30.
Jie-Hao, C., Ming, Z., Feng-Jiao, C., An-Di, Z. (2012), DDoS defense system with test and neural network, Proceedings of the IEEE International Conference on Granular Computing (GrC), Hangzhou, China, pp. 38-43.
Li, J., Liu, Y., Gu, L. (2010), DDoS attack detection based on neural network, Proceedings of the 2nd International Symposium on Aware Computing (ISAC), Tainan, pp. 196-199.
Akilandeswari, V., Shalinie, S. (2012), Probabilistic neural network based attack traffic classification, Proceedings of the Fourth International Conference on Advanced Computing (ICoAC), Chennai, pp.1-8.
Siaterlis, C., Maglaris, V. (2005), Detecting incoming and outgoing DDoS attacks at the edge using a single set of network characteristics, Proceedings of the 10th IEEE Symposium on Computers and Communications (ISCC), Washington, pp. 469-475.
Shanmugam, B., Idris, N. (2009), Improved Intrusion Detection System using Fuzzy Logic for Detecting Anamoly and Misuse type of Attacks, Proceedings of the International Conference of Soft Computing and Pattern Recognition, Malacca, pp. 212-217.
DDoS Definitions – DdoSPedia, available at : http://security.radware.com/knowledge-center/DDoSPedia/http-flood (accessed 9 July 2015).
Zinchenko, V. V, Zinchenko, M. V (2012), Viyavlennya ddos-atak prikladnogo rivnya [Detection of application layer DDoS attacks], Mizhnarodna naukovo-tehnichna konferentsiya «RadIotehnichni polya, signali, aparati ta sistemi», Kyiv, pp. 262-264.
LOIC (Low Orbit Ion Cannon) : A network stress testing application, available at: http://sourceforge.net/projects/loic/ (accessed 9 July 2015).
Scapy Project, available at : http://www.secdev.org/projects/scapy/ (accessed 19 August 2015).
Mausezahn, available at : http://www.perihel.at/sec/mz/ (accessed 19 August 2015).
Iperf : network performance measurement tool, available at : https://iperf.fr/ (accessed 19 August 2015).
How to Cite
Copyright (c) 2020 Collection "Information technology and security"
This work is licensed under a Creative Commons Attribution 4.0 International License.
The authors that are published in this collection, agree to the following terms:
- The authors reserve the right to authorship of their work and pass the collection right of first publication this work is licensed under the Creative Commons Attribution License, which allows others to freely distribute the published work with the obligatory reference to the authors of the original work and the first publication of the work in this collection.
- The authors have the right to conclude an agreement on exclusive distribution of the work in the form in which it was published this anthology (for example, to place the work in a digital repository institution or to publish in the structure of the monograph), provided that references to the first publication of the work in this collection.
- Policy of the journal allows and encourages the placement of authors on the Internet (for example, in storage facilities or on personal web sites) the manuscript of the work, prior to the submission of the manuscript to the editor, and during its editorial processing, as it contributes to productive scientific discussion and positive effect on the efficiency and dynamics of citations of published work (see The Effect of Open Access).