Cargando…
A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems
Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s i...
| Autores principales: | , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer International Publishing
2016
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5081987/ https://www.ncbi.nlm.nih.gov/pubmed/27833837 http://dx.doi.org/10.1186/s40064-016-3569-3 |
| _version_ | 1782462991019540480 |
|---|---|
| author | Seo, Jung Woo Lee, Sang Jin |
| author_facet | Seo, Jung Woo Lee, Sang Jin |
| author_sort | Seo, Jung Woo |
| collection | PubMed |
| description | Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic. |
| format | Online Article Text |
| id | pubmed-5081987 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2016 |
| publisher | Springer International Publishing |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-50819872016-11-10 A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems Seo, Jung Woo Lee, Sang Jin Springerplus Research Large-scale network environments require effective detection and response methods against DDoS attacks. Depending on the advancement of IT infrastructure such as the server or network equipment, DDoS attack traffic arising from a few malware-infected systems capable of crippling the organization’s internal network has become a significant threat. This study calculates the frequency of network-based packet attributes and analyzes the anomalies of the attributes in order to detect IP-spoofed DDoS attacks. Also, a method is proposed for the effective detection of malware infection systems triggering IP-spoofed DDoS attacks on an edge network. Detection accuracy and performance of the collected real-time traffic on a core network is analyzed thru the use of the proposed algorithm, and a prototype was developed to evaluate the performance of the algorithm. As a result, DDoS attacks on the internal network were detected in real-time and whether or not IP addresses were spoofed was confirmed. Detecting hosts infected by malware in real-time allowed the execution of intrusion responses before stoppage of the internal network caused by large-scale attack traffic. Springer International Publishing 2016-10-26 /pmc/articles/PMC5081987/ /pubmed/27833837 http://dx.doi.org/10.1186/s40064-016-3569-3 Text en © The Author(s) 2016 Open AccessThis article is distributed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits unrestricted use, distribution, and reproduction in any medium, provided you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license, and indicate if changes were made. |
| spellingShingle | Research Seo, Jung Woo Lee, Sang Jin A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems |
| title | A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems |
| title_full | A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems |
| title_fullStr | A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems |
| title_full_unstemmed | A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems |
| title_short | A study on efficient detection of network-based IP spoofing DDoS and malware-infected Systems |
| title_sort | study on efficient detection of network-based ip spoofing ddos and malware-infected systems |
| topic | Research |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5081987/ https://www.ncbi.nlm.nih.gov/pubmed/27833837 http://dx.doi.org/10.1186/s40064-016-3569-3 |
| work_keys_str_mv | AT seojungwoo astudyonefficientdetectionofnetworkbasedipspoofingddosandmalwareinfectedsystems AT leesangjin astudyonefficientdetectionofnetworkbasedipspoofingddosandmalwareinfectedsystems AT seojungwoo studyonefficientdetectionofnetworkbasedipspoofingddosandmalwareinfectedsystems AT leesangjin studyonefficientdetectionofnetworkbasedipspoofingddosandmalwareinfectedsystems |