KIPS Transactions on Computer and Communication Systems (정보처리학회논문지:컴퓨터 및 통신 시스템)

Korea Information Processing Society (한국정보처리학회)
권호 표지
DOI QR코드

DOI QR Code

CNN Based Real-Time DNS DDoS Attack Detection System

CNN 기반의 실시간 DNS DDoS 공격 탐지 시스템

  • 서인혁 (고려대학교 정보보호대학원 정보보호학과) ;
  • 이기택 (고려대학교 정보보호대학원 정보보호학과) ;
  • 유진현 (고려대학교 정보보호대학원 정보보호학과) ;
  • 김승주 (고려대학교 사이버국방학과/정보보호대학원)
  • Received : 2016.11.02
  • Accepted : 2016.11.20
  • Published : 2017.03.31
Download PDF
⟨ Previous Next ⟩

Abstract

DDoS (Distributed Denial of Service) exhausts the target server's resources using the large number of zombie pc, As a result normal users don't access to server. DDoS Attacks steadly increase by many attacker, and almost target of the attack is critical system such as IT Service Provider, Government Agency, Financial Institution. In this paper, We will introduce the CNN (Convolutional Neural Network) of deep learning based real-time detection system for DNS amplification Attack (DNS DDoS Attack). We use the dataset which is mixed with collected data in the real environment in order to overcome existing research limits that use only the data collected in the experiment environment. Also, we build a deep learning model based on Convolutional Neural Network (CNN) that is used in pattern recognition.

DDoS (Distributed Denial of Service)는 대량의 좀비 PC를 이용하여 공격 대상 서버에 접근하여 자원을 고갈시켜 정상적인 사용자가 서버를 이용하지 못하게 하는 공격이다. DDoS 공격발생 사례가 꾸준히 증가하고 있고, 주요 공격대상은 IT 서비스, 금융권, 정부기관이기 때문에 DDoS를 탐지하는 것이 중요한 이슈로 떠오르고 있다. 본 논문에서는 DNS 서버를 이용하여 패킷을 증폭시키는 DNS DDoS 공격 즉, DNS Amplification 공격(이하 DNS 증폭 공격)을 Deep Learning (이하 딥 러닝)을 활용해 실시간으로 탐지하는 방법에 대해 소개한다. 기존 연구들의 한계점을 극복하기 위하여 실험망 환경의 데이터가 아닌 실 환경 데이터를 혼합하여 탐지 시스템을 학습하였다. 또한 이미지 인식에 주로 사용되는 Convolutional Neural Network (이하 CNN)을 이용하여 딥 러닝 모델을 구축하였다.

Keywords

References

  1. DNSSEC and DNS Amplification Attacks [Internet], https://technet.microsoft.com/en-us/security/hh972393.aspx.
  2. 2015 Q4 DDoS Attack Trends Verisign [Internet], https://www.verisign.com/assets/infographic-ddos-trends-Q42015.pdf.
  3. Ye, Xi and Yiru Ye, "A practical mechanism to counteract DNS amplification DDoS attacks," Journal of Computational Information Systems, Vol.9, No.1, pp.265-272, 2013.
  4. Yu, Huiming et al., "A visualization analysis tool for DNS amplification attack," Biomedical Engineering and Informatics (BMEI), 2010 3rd International Conference on, Vol.7. IEEE, 2010.
  5. Wei-Min, Li, Chen Lu-Ying, and Lei Zhen-Ming, "Alleviating the impact of DNS DDoS attacks," Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on., Vol.1. IEEE, 2010.
  6. Rozekrans, Thijs, Matthijs Mekking, and Javy de Koning, "Defending against DNS reflection amplification attacks," University of Amsterdam, Tech. Rep., Feb., 2013.
  7. Zdrnja, Bojan, Nevil Brownlee, and Duane Wessels, "Passive monitoring of dns anomalies," Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, pp.129-139, 2007.
  8. Lee, Ki-Taek, Seung-Soo Baek, and Seung-Joo Kim, "Study on the near-real time DNS query analyzing system for DNS amplification attacks," Journal of the Korea Institute of Information Security and Cryptology, Vol.25, No.2, pp.303-311, 2015. https://doi.org/10.13089/JKIISC.2015.25.2.303
  9. Yang, Xinyu et al., "The Detection and Orientation Method to DRDoS Attack Based on Fuzzy Association Rules," Journal of Communication and Computer, Vol.3, No.8, pp.1-10, 2006.
  10. Wu, Jun et al., "Detecting DDoS attack towards DNS server using a neural network classifier," International Conference on Artificial Neural Networks, Springer Berlin Heidelberg, 2010.
  11. Wei, Wei et al., "A rank correlation based detection against distributed reflection DoS attacks," IEEE Communications Letters, Vol.17, No.1, pp.173-175, 2013. https://doi.org/10.1109/LCOMM.2012.121912.122257
  12. Gao, Yuxuan et al., "A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation," Proc. of the 11th Asia Joint Conference on Information Security, 2016.
  13. Santanna, Jose Jair et al., "Booters-An analysis of DDoS-as-a-service attacks," 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, 2015.
  14. Abadi, Martin et al., "Tensorflow: Large-scale machine learning on heterogeneous distributed systems," arXiv preprint arXiv:1603.04467 (2016).