Browse > Article
http://dx.doi.org/10.3745/KTCCS.2017.6.3.135

CNN Based Real-Time DNS DDoS Attack Detection System  

Seo, In Hyuk (고려대학교 정보보호대학원 정보보호학과)
Lee, Ki-Taek (고려대학교 정보보호대학원 정보보호학과)
Yu, Jinhyun (고려대학교 정보보호대학원 정보보호학과)
Kim, Seungjoo (고려대학교 사이버국방학과/정보보호대학원)
Publication Information
KIPS Transactions on Computer and Communication Systems / v.6, no.3, 2017 , pp. 135-142 More about this Journal
Abstract
DDoS (Distributed Denial of Service) exhausts the target server's resources using the large number of zombie pc, As a result normal users don't access to server. DDoS Attacks steadly increase by many attacker, and almost target of the attack is critical system such as IT Service Provider, Government Agency, Financial Institution. In this paper, We will introduce the CNN (Convolutional Neural Network) of deep learning based real-time detection system for DNS amplification Attack (DNS DDoS Attack). We use the dataset which is mixed with collected data in the real environment in order to overcome existing research limits that use only the data collected in the experiment environment. Also, we build a deep learning model based on Convolutional Neural Network (CNN) that is used in pattern recognition.
Keywords
Deep Learning; DNS DDoS Attack; Real-Time Detection System; DNS Amplification Attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 Wu, Jun et al., "Detecting DDoS attack towards DNS server using a neural network classifier," International Conference on Artificial Neural Networks, Springer Berlin Heidelberg, 2010.
2 Wei, Wei et al., "A rank correlation based detection against distributed reflection DoS attacks," IEEE Communications Letters, Vol.17, No.1, pp.173-175, 2013.   DOI
3 Gao, Yuxuan et al., "A Machine Learning Based Approach for Detecting DRDoS Attacks and Its Performance Evaluation," Proc. of the 11th Asia Joint Conference on Information Security, 2016.
4 Santanna, Jose Jair et al., "Booters-An analysis of DDoS-as-a-service attacks," 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM). IEEE, 2015.
5 Abadi, Martin et al., "Tensorflow: Large-scale machine learning on heterogeneous distributed systems," arXiv preprint arXiv:1603.04467 (2016).
6 DNSSEC and DNS Amplification Attacks [Internet], https://technet.microsoft.com/en-us/security/hh972393.aspx.
7 2015 Q4 DDoS Attack Trends Verisign [Internet], https://www.verisign.com/assets/infographic-ddos-trends-Q42015.pdf.
8 Ye, Xi and Yiru Ye, "A practical mechanism to counteract DNS amplification DDoS attacks," Journal of Computational Information Systems, Vol.9, No.1, pp.265-272, 2013.
9 Yu, Huiming et al., "A visualization analysis tool for DNS amplification attack," Biomedical Engineering and Informatics (BMEI), 2010 3rd International Conference on, Vol.7. IEEE, 2010.
10 Wei-Min, Li, Chen Lu-Ying, and Lei Zhen-Ming, "Alleviating the impact of DNS DDoS attacks," Networks Security Wireless Communications and Trusted Computing (NSWCTC), 2010 Second International Conference on., Vol.1. IEEE, 2010.
11 Rozekrans, Thijs, Matthijs Mekking, and Javy de Koning, "Defending against DNS reflection amplification attacks," University of Amsterdam, Tech. Rep., Feb., 2013.
12 Zdrnja, Bojan, Nevil Brownlee, and Duane Wessels, "Passive monitoring of dns anomalies," Detection of Intrusions and Malware, and Vulnerability Assessment. Springer Berlin Heidelberg, pp.129-139, 2007.
13 Lee, Ki-Taek, Seung-Soo Baek, and Seung-Joo Kim, "Study on the near-real time DNS query analyzing system for DNS amplification attacks," Journal of the Korea Institute of Information Security and Cryptology, Vol.25, No.2, pp.303-311, 2015.   DOI
14 Yang, Xinyu et al., "The Detection and Orientation Method to DRDoS Attack Based on Fuzzy Association Rules," Journal of Communication and Computer, Vol.3, No.8, pp.1-10, 2006.