Browse > Article
http://dx.doi.org/10.9717/kmms.2013.16.6.678

Implementation Of DDoS Botnet Detection System On Local Area Network  

Huh, Jun-Ho (부경대학교 컴퓨터공학과)
Hong, Myeong-Ho (부경대학교 컴퓨터멀티미디어공학 전공)
Lee, JeongMin (부경대학교 컴퓨터멀티미디어공학 전공)
Seo, Kyungryong (부경대학교 컴퓨터공학과)
Publication Information
Journal of Korea Multimedia Society / v.16, no.6, 2013 , pp. 678-688 More about this Journal
Abstract
Different Different from a single attack, in DDoS Attacks, the botnets that are distributed on network initiate attacks against the target server simultaneously. In such cases, it is difficult to take an action while denying the access of packets that are regarded as DDoS since normal user's convenience should also be considered at the target server. Taking these considerations into account, the DDoS botnet detection system that can reduce the strain on the target server by detecting DDoS attacks on each user network basis, and then lets the network administrator to take actions that reduce overall scale of botnets, has been implemented in this study. The DDoS botnet detection system proposed by this study implemented the program which detects attacks based on the database composed of faults and abnormalities collected through analyzation of hourly attack traffics. The presence of attack was then determined using the threshold of current traffic calculated with the standard deviation and the mean number of packets. By converting botnet-based detection method centering around the servers that become the targets of attacks to the network based detection, it was possible to contemplate aggressive defense concept against DDoS attacks. With such measure, the network administrator can cut large scale traffics of which could be referred as the differences between DDoS and DoS attacks, in advance mitigating the scale of botnets. Furthermore, we expect to have an effect that can considerably reduce the strain imposed on the target servers and the network loads of routers in WAN communications if the traffic attacks can be blocked beforehand in the network communications under the router equipment level.
Keywords
DDoS; Botnet; SYN Flooding; Botnet Detection System;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 MIT Lincoln Lab, 1999 DARPA Intrusion Detection Scenario Specific Datasets, LINCOLN LABORATORY, 1999.
2 MIT Lincoln Lab, 2000 DARPA Intrusion Detection Scenario Specific Datasets, LINCOLN LABORATORY, 2000.
3 H. Debar, M Dacier, and A Wespi, "A Revised Taxonomy for Intrusion-Detection Systems," Annals of Telecommunications, 55(7-8), pp. 361-378, 2000.
4 Haiqin Liu, Yan Sun, and Min Sik Kim, "Fine-Grained DDoS Detection Scheme Based on Bidirectional Count Sketch," IEEE Computer Communications and Networks (ICCCN) , pp. 1-6, 2011.
5 J. Frank, "Artificial Intelligence and Intrusion Detection: Current and Future Directions," Proc. the 17th National Computer Security Conference, pp. 1-11, 1994.
6 HS. Javitz and A. Valdes, "The Sriides Statistical Anomaly Detector," Research in Security and Privacy, 1991. Proceedings., 1991 IEEE Computer Society Symposium on, pp. 316-326, 1991.
7 PA. Porras and PG. Neumann, "Emerald: Event Monitoring Enabling Responses to Anomalous Live Disturbances," Proc. the National Information Systems Security Conference, pp. 1-13, 1997.
8 V. Paxson, "Bro: A System for Detecting Network Intruders in Real-Time," 7th Annual USENIX Security Symposium, pp. 2435-2463, 1998.
9 H.R. Zeidanloo and A.A. Manaf, "Botnet Detection by Monitoring Similar Communication Patterns," International Journal of Computer Science and Information Security, Vol. 7, No. 3, pp. 36-45, 2010.
10 J. Markoff, Russian gang hijacking PCs in vast scheme, http://www.nytimes.com/2008/08/06/ technology/06hack.html, The New York Times, 2008.
11 http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/download, "Jcap download"
12 http://alyac.altools.co.kr/Main/Default.aspx, "Alyac"
13 http://www.symantec.com,"Semantec"
14 http://kr.ahnlab.com/b2b/securityinfo/html/renewasecreport,"Anlab news report"
15 http://www.ad-spider.com/spyware, "Adspider"
16 http://www.nprotect.com/v6/service, "nprotect"
17 신동진, 양해술, "유출트래픽 분석기반의 칩입 탐지시스템 설계 및 구현," 한국콘텐츠학회논문지, 제9권, 제4호, pp. 131-141, 2009.   과학기술학회마을   DOI   ScienceOn
18 김기현, 조용환, 김광훈, "네트워크 탐지 정보를 이용한 좀비 PC 대응시스템," 한국엔터테인먼트산업학회 2011 춘계학술대회 논문집, pp. 186-194, 2011.
19 윤성열, 하도윤, 정현철, 박선천, "SIP 환경에서의 DDoS 공격 탐지를 위한 확장된 TRW 알고리즘 검증," 멀티미디어학회논문지, 제13권, 제4호, pp. 594-600, 2010.   과학기술학회마을