Cover Image

An adaptive protection of flooding attacks model for complex network environments

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consum...

Full description

Saved in:
Bibliographic Details
Main Authors: Ahmad Khalaf, Bashar, Mostafa, Salama A., Mustapha, Aida, Mohammed, Mazin Abed, Mahmoud, Moamin A., Al-Rimy, Bander Ali Saleh, Abd. Razak, Shukor, Elhoseny, Mohamed, Marks, Adam
Format: Article
Language:English
Published: Hindawi Limited 2021
Subjects:
QA75 Electronic computers. Computer science
Online Access:http://eprints.utm.my/id/eprint/93970/1/ShukorAbdRazak2021_AnAdaptiveProtectionofFloodingAttacks.pdf
http://eprints.utm.my/id/eprint/93970/
http://dx.doi.org/10.1155/2021/5542919
Tags: Add Tag
No Tags, Be the first to tag this record!
id my.utm.93970
record_format eprints
spelling my.utm.939702022-02-28T13:27:06Z http://eprints.utm.my/id/eprint/93970/ An adaptive protection of flooding attacks model for complex network environments Ahmad Khalaf, Bashar Mostafa, Salama A. Mustapha, Aida Mohammed, Mazin Abed Mahmoud, Moamin A. Al-Rimy, Bander Ali Saleh Abd. Razak, Shukor Elhoseny, Mohamed Marks, Adam QA75 Electronic computers. Computer science Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios' changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model. Hindawi Limited 2021-04 Article PeerReviewed application/pdf en http://eprints.utm.my/id/eprint/93970/1/ShukorAbdRazak2021_AnAdaptiveProtectionofFloodingAttacks.pdf Ahmad Khalaf, Bashar and Mostafa, Salama A. and Mustapha, Aida and Mohammed, Mazin Abed and Mahmoud, Moamin A. and Al-Rimy, Bander Ali Saleh and Abd. Razak, Shukor and Elhoseny, Mohamed and Marks, Adam (2021) An adaptive protection of flooding attacks model for complex network environments. Security and Communication Networks, 2021 . pp. 1-17. ISSN 1939-0114 http://dx.doi.org/10.1155/2021/5542919 DOI:10.1155/2021/5542919
institution Universiti Teknologi Malaysia
building UTM Library
collection Institutional Repository
continent Asia
country Malaysia
content_provider Universiti Teknologi Malaysia
content_source UTM Institutional Repository
url_provider http://eprints.utm.my/
language English
topic QA75 Electronic computers. Computer science
spellingShingle QA75 Electronic computers. Computer science
Ahmad Khalaf, Bashar
Mostafa, Salama A.
Mustapha, Aida
Mohammed, Mazin Abed
Mahmoud, Moamin A.
Al-Rimy, Bander Ali Saleh
Abd. Razak, Shukor
Elhoseny, Mohamed
Marks, Adam
An adaptive protection of flooding attacks model for complex network environments
description Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios' changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model.
format Article
author Ahmad Khalaf, Bashar
Mostafa, Salama A.
Mustapha, Aida
Mohammed, Mazin Abed
Mahmoud, Moamin A.
Al-Rimy, Bander Ali Saleh
Abd. Razak, Shukor
Elhoseny, Mohamed
Marks, Adam
author_facet Ahmad Khalaf, Bashar
Mostafa, Salama A.
Mustapha, Aida
Mohammed, Mazin Abed
Mahmoud, Moamin A.
Al-Rimy, Bander Ali Saleh
Abd. Razak, Shukor
Elhoseny, Mohamed
Marks, Adam
author_sort Ahmad Khalaf, Bashar
title An adaptive protection of flooding attacks model for complex network environments
title_short An adaptive protection of flooding attacks model for complex network environments
title_full An adaptive protection of flooding attacks model for complex network environments
title_fullStr An adaptive protection of flooding attacks model for complex network environments
title_full_unstemmed An adaptive protection of flooding attacks model for complex network environments
title_sort adaptive protection of flooding attacks model for complex network environments
publisher Hindawi Limited
publishDate 2021
url http://eprints.utm.my/id/eprint/93970/1/ShukorAbdRazak2021_AnAdaptiveProtectionofFloodingAttacks.pdf
http://eprints.utm.my/id/eprint/93970/
http://dx.doi.org/10.1155/2021/5542919
_version_ 1726791461456838656
score 13.211869

Similar Items