Browse > Article
http://dx.doi.org/10.7472/jksii.2016.17.2.19

DDoS Attack Analysis Using the Improved ATMSim  

Jeong, Hae-Duck J. (Department of Computer Software, Korean Bible University)
Ryu, Myeong-Un (Department of Computer Software, Korean Bible University)
Ji, Min-Jun (Department of Computer Software, Korean Bible University)
Cho, You-Been (Department of Computer Software, Korean Bible University)
Ye, Sang-Kug (Division of LBS Solution, SK MNS)
Lee, Jong-Suk R. (Department of Computational Science & Engineering, KISTI)
Publication Information
Journal of Internet Computing and Services / v.17, no.2, 2016 , pp. 19-28 More about this Journal
Abstract
Internet traffic has been significantly increasing due to the development of information and communication networks and the growing numbers of cell phone users that access networks. This paper connects to this issue by presenting a way to detect and analyze a typical DDoS attack that results in Internet breaches and network attacks, which are on the increase. To achieve this goal, we improve features and GUI of the existing ATMSim analysis package and use it. This package operates on a network flow-based analysis method, which means that normal traffic collected through an internal LAN at the Korean Bible University campus as well as anomaly traffic with DDoS attacks are generated. Self-similarity processes are used to analyze normal and anomaly traffic that are collected and generated from the improved ATMSim. Our numerical results obtained from three Hurst parameter estimate techniques show that there is quantitatively a significant difference between normal traffic and anomaly traffic from a self-similarity perspective.
Keywords
Anomaly traffic; self-similarity; Hurst parameter; ATMSim; DDoS attack;
Citations & Related Records
Times Cited By KSCI : 4  (Citation Analysis)
연도 인용수 순위
1 M.-S. Kim, "Internet application traffic monitoring and analysis," PhD Thesis, Dept. of Computer Science and Engineering, Pohang University of Science and Technology (POSTECH), 2004. http://www.riss.kr/link?id=T13645544
2 J.-S. Lee and S.-K. Ye, H.-D. Jeong, "ATMSim: an Anomaly Teletraffic Detection Measurement Analysis Simulator," Simulation Modelling Practice and Theory, vol. 49, pp.98-109, 2014. http://www.riss.kr/link?id=O64187481   DOI
3 H.-J. Lee, "Uitilization of Big Data Hadoop Platform," Journal of KICS, vol. 29, no. 11, pp.43-47, 2012. http://www.riss.kr/link?id=A100392834
4 J.-P. Lee, "Security framework of big data distributed processing environment using Hadoop," Hannam University, 2014. http://www.riss.kr/link?id=T13378318
5 C.-B. Kim, J.-P. Chung, "Processing Method of Mass Small File Using Hadoop Platform," Journal of KONI, vol. 18, no. 4, pp.401-408, 2014. http://www.riss.kr/link?id=A100111693
6 X. Su, G. Swart, "Oracle in-database Hadoop: When MapReduce Meets RDBMS," in: SIGMOD '12: Proceedings of the 2012 International Conference on Management of Data, pp. 779-790, 2012. http://www.cs.yale.edu/homes/xs45/pdf/ss-sigmod2012.pdf
7 M.-J. Ji, E.-K. Cho, S.-R. Kim, I.-S. You, H.-D. Jeong, "Setting Rules for a Fraud Detection System by Applying ATMSim in Mobile Internet Environment," Proceedings of KSII, vol. 16 no. 1, 2015. http://www.riss.kr/link?id=A100503751
8 Financial Security Agency, "Response Manual for the Different Types of DDoS Attacks," 2008.
9 Kaspersky. Lab, "Kaspersky DDoS Intelligence Report Q2 2015" Kaspersky, Aug. 2015. https://securelist.com/analysis/quarterly-malware-reports/71663/kaspersky-ddos-intelligence-report-q2-2015/
10 Chris. Plante, "Valve's $18 million Dota 2 tournament delayed by DDoS attack," THEVERGE, Aug. 2015.
11 Cisco Systems, "NetFlow Services and Applications," White Papers. http://www.cisco.com/warp/public/cc/pd/iosw/ioft/neflct/tech/napps_wp.htm
12 Netbot, http://www.hackeroo.com.
13 W. Leland, M. Taqqu, W. Willinger, and D. Wilson. "On the Self-Similar Nature of Ethernet Traffic (Extended Version)," IEEE ACM Transactions on Networking, vol. 2, no. 1, pp. 1-15, 1994. http://ecee.colorado.edu/-ecen5032/handouts/94LelandSe lfSim.pdf   DOI
14 W.-C. Kang, Y.-H. Lee, Y.-S. Lee, "A Hadoop-based Traffic Analysis System Architecture for Multiple Users," Proceedings of KIISE, vol. 38, no. 1D, pp.252-255, 2011. http://www.dbpia.co.kr/Journal/ArticleDetail/NODE0168 0166
15 B.-M. Choi, J.-H. Kong, M.-M. Han, "The Model of Network Packet Analysis based on Big Data," Journal of Korean Institute of Intelligent Systems, vol. 23, no. 5, pp.392-39, Oct. 2013. http://www.riss.kr/link?id=A99799696   DOI
16 T.-K. Ju, C.-M. Hong, W. Shin, "A Monitoring Tool for Personal Information Leakage Prevention in Network Packets," Journal of Information Processing Systems, vol. 2, no. 11, pp.489-494, 2013. http://www.riss.kr/link?id=A99920290
17 H.-D. Jeong, J.-S. Lee, Pawlikowski, K. and McNickle, D. "Comparison of Various Estimators in Simulated FGN," Simulation Modelling Practice and Theory. vol.15, pp. 1173-1191, Oct. 2007. http://www.sciencedirect.com/science/article/pii/S156919 0X07001013   DOI
18 H.-D. Jeong, J.-S. Lee, D. McNickle, K. Pawlikowski, Self-Similar Properties of Malicious Teletraffic, International Journal of Computer Systems Science and Engineering 28(1) (2012) 1-7. http://dblp.uni-trier.de/db/journals/csse/csse27.html#Lee MPJ12