Show simple item record

dc.contributor.authorShiaeles, SN
dc.contributor.authorPapadaki, M
dc.date.accessioned2018-10-30T16:51:28Z
dc.date.available2018-10-30T16:51:28Z
dc.date.issued2015-04-01
dc.identifier.issn0010-4620
dc.identifier.issn1460-2067
dc.identifier.urihttp://hdl.handle.net/10026.1/12693
dc.description.abstract

Distributed denial of service (DDoS) attacks represent a significant threat for companies, affecting them on a regular basis, as reported in the 2013 Information Security Breaches Survey (Technical Report. http://www.pwc.co.uk/assets/pdf/cyber-security-2013-technical-report.pdf.). The most common target is web services, the downtime of which could lead to significant monetary costs and loss of reputation. IP spoofing is often used in DDoS attacks not only to protect the identity of offending bots but also to overcome IP-based filtering controls. This paper aims to propose a new multi-layer IP Spoofing detection mechanism, called fuzzy hybrid spoofing detector (FHSD), which is based on source MAC address, hop count, GeoIP, OS passive fingerprinting and web browser user agent. The hop count algorithm has been optimized to limit the need for continuous traceroute requests, by querying the subnet IP Address and GeoIP information instead of individual IP addresses. FHSD uses fuzzy empirical rules and fuzzy largest of maximum operator to identify offensive IPs and mitigate offending traffic. The proposed system was developed and tested against the BoNeSi DDoS emulator with encouraging results in terms of detection and performance. Specifically, FHSD analysed 10 000 packets, and correctly identified 99.99% of spoofed traffic in <5 s. It also reduced the need for traceroute requests by 97%.

dc.format.extent892-903
dc.languageen
dc.language.isoen
dc.publisherOxford University Press (OUP)
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rightsAttribution-NonCommercial 4.0 International
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.rights.urihttp://creativecommons.org/licenses/by-nc/4.0/
dc.subjectdistributed denial of service attack
dc.subjectnetwork anomaly
dc.subjectanomaly detection
dc.subjecthop counting
dc.subjectfingerprinting
dc.subjectspoofing detection
dc.subjectuser agent
dc.subjectHCF
dc.subjectIP2HC mapping
dc.titleFHSD: An Improved IP Spoof Detection Method for Web DDoS Attacks
dc.typejournal-article
dc.typeArticle
plymouth.issue4
plymouth.volume58
plymouth.publisher-urlhttp://dx.doi.org/10.1093/comjnl/bxu007
plymouth.publication-statusPublished
plymouth.journalThe Computer Journal
dc.identifier.doi10.1093/comjnl/bxu007
plymouth.organisational-group/Plymouth
plymouth.organisational-group/Plymouth/Faculty of Science and Engineering
plymouth.organisational-group/Plymouth/REF 2021 Researchers by UoA
plymouth.organisational-group/Plymouth/REF 2021 Researchers by UoA/UoA11 Computer Science and Informatics
plymouth.organisational-group/Plymouth/Users by role
dc.identifier.eissn1460-2067
dc.rights.embargoperiodNot known
rioxxterms.versionofrecord10.1093/comjnl/bxu007
rioxxterms.licenseref.urihttp://creativecommons.org/licenses/by-nc/4.0/
rioxxterms.typeJournal Article/Review


Files in this item

Thumbnail
Thumbnail

This item appears in the following Collection(s)

Show simple item record

Attribution-NonCommercial 4.0 International
Except where otherwise noted, this item's license is described as Attribution-NonCommercial 4.0 International

All items in PEARL are protected by copyright law.
Author manuscripts deposited to comply with open access mandates are made available in accordance with publisher policies. Please cite only the published version using the details provided on the item record or document. In the absence of an open licence (e.g. Creative Commons), permissions for further reuse of content should be sought from the publisher or author.
Theme by 
Atmire NV