Low-Complexity Training-Free Distributed Denial of Services (DDoS)-attack Detection System using NetMine

Abstract

The internet plays a significant role in our life nowadays. Nevertheless, attacks are everywhere in the cyber. Distributed Denial of Service (DDoS) attack has become a major problem in cyber security. It poses a threat to the server operation of the major websites and causes companies suffering from economic loss. Hence, legitimate users are disrupted to access network resources. A survey of Neustar pointed out that company would lose over £100,000 or €140.000 of revenue per hour under a DDoS attack in 2015. Hence, efficient DDoS attack detection techniques are needed to defense against the DDoS attacks from huge amount of network traffic flow data. Association rules mining is a widely used technique in finding the relevant patterns among netflow data. However, conventional association rules based on DDoS detection method required huge amount of training data to determine the threshold of support and confidence value. Yet, these training data is not easy to obtain since great demand of human resources are needed to label the real-time data. In addition, some public training data sources, such as KDD Cup 99, are out of time and fail to illustrate the attack pattern nowadays. In order to solve this problem, a normal distribution association rules based on DDoS attack detection system is proposed. With the application of this system, DDoS detection can be applied without training data. Some simulations have been practiced and 80% of the true positive rate can be achieved. Besides, a mobile app is also established to show the attack traces in the whole network.