Entropy Based Deep Attention Mechanism (EDAM) To Mitigate Denial of Service (Dos) Attack Orchestrated Through Idempotent Operation
Keywords:
Entropy, Denial of Service Attack, Deep Attention, Idempotent OperationAbstract
Measuring entropy in a system represents the degree of uncertainty that characterizes the smooth, free and fair conduct of the network operations. The change in quantum of entropy value raises an alarm of the unscrupulous behavior in the vicinity of the network. The continuous inspection of network characteristics and internet flow profiling maintains a constant vigil of the state, behavior and actions performed by the participating hosts in the network. The traffic flow from the multiple senders to either same/different receiver evinces a significant entropy escalation trend as the network composition at any timestamp is a rightful mixture of quality transmission attributes like source IP address, destination IP address, Sequence no. This suffers a setback when the senders camouflaging as legitimate ones tries to fool the network administrators of the impending threat viz. DoS (Denial of Service) attack that the adversary may wish to coordinate via an idempotent HTTP Get Request operation. A request method is considered idempotent if the intended effect on the destination server with multiple identical requests is the same as the effect for a single such request. It produces the same result when executed over and over again. This ambiguous request operation directed from multiple/single sender to the intended receiver generates a broadcast storm that dampens the network services to the core. The ability of the idempotent nature is to generate as many genuine requests as possible and swamp the receiver with HTTP Get request packets. The receiver believes that the same host connection metric per flow count is generated by multiple senders but the reality is reverse. The proposed solution to this problem is to aggregate and maintain a time stamp based and granular based flow attributes reserved for future entropy synchronization at several intermediate routers which will serve as evaluation checkpoints for the receiver. This Entropy based Deep Attention Mechanism (EDAM) coupled with DES (Deferred Entropy Synchronization) acts as a determinant for receiver to perform multi-level cross verification at different time instants and perform deferred synchronization with the reserved values. The performance of this deep attention based entropy synchronization approach witness a deep spike in prediction accuracy and this is plotted with no. of idempotent attackers in the x axis and the improved accuracy in Y axis.
Downloads
References
Wang, M., Lu, Y., Qin, J., “A dynamic MLP-based DDoS attack detection method using feature selection and feedback”, Elsevier, Computers and Security (88), 2020.
Kaur, P., Kumar, M., Bhandari, A., “A review of detection approaches for distributed denial of service attacks”, Systems Science & Control Engineering, pp. 301-320, DOI: 10.1080/21642583.2017.1331768.
Aamir, M., Mustafa,S., “ DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation”, International Journal of Information Security (2019) pp. 761–785 https://doi.org/10.1007/s10207- 019-00434-1, Springer Nature 2019.
Corin, R.D., Millar, S., Hayward, S.S., Rincon, M., Siracusa, D., “LUCID: A Practical, Lightweight Deep Learning Solution for DDoS Attack Detection” IEEE Transactions on Network and Service Management, t
David, J., Thomas, C.,” DDoS Attack Detection using Fast Entropy Approach on Flow Based Network Traffic”, 2nd International Symposium on Big Data and Cloud Computing (ISBCC’15)
Singh, K.J., Thongam, K., De, T., “Entropy-Based Application Layer DDoS Attack Detection Using Artificial Networks”, MDPI, Entropy 2016, 18, 350; [7] Tritilanunt, S., Sivakorn, S., Juengjincharoen, C., Siripornpisan, A., “Entropy-based Input-Output Traffic Mode
Detection Scheme for DoS/DDoS Attacks”, 978-1-4244- 7010-5/10/2010 IEEE
Basicevic, I., Ocavaj, S., Popovic, M., “Evaluation of entropy-based detection of outbound denial-of-service attacks in edge networks”, Security and Communication Networks, Security Comm. Networks 2015; pp. 837–844,
Khan, S., Gani, A., Wahab, A.W.A. et al. Feature Selection of Denial-of-Service Attacks Using Entropy and Granular Computing. Arab J Sci Eng 43, 499–508 (2018). https://doi.org/10.1007/s13369-017-2634-8
Gupta, A. (2018). Distributed Denial of Service Attack Detection Using a Machine Learning Approach (Unpublished master's thesis). University of Calgary, Calgary, AB doi:10.11575/PRISM/32797
Idhammad, M., Afdel, K., Belouch, M., “ Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest”, Security and Communication Networks Volume 2018, https://doi.org/10.1155/2018/1263123
Nayaz, A.S.Syed, Sangeetha, V., Prabhadevi, C., “Entropy based Anomaly Detection System to Prevent DDoS Attacks in Cloud”, International Journal of Computer Applications (0975 – 8887) Volume 62– No.15, January 2013.
Altaher, A., Ramadass, S., Almomani, A., “Real Time Network Anomaly Detection Using Relative Entropy”, 978- 1-4577-1169-5/11/$26.00 ©2011 IEEE
Ujjan, R.M.A., Zeeshan Pervez, Z., Dahal, K., Khan, W.A., Khattak, A.M., Hayat, B., “Entropy Based Features Distribution for Anti-DDoS Model in SDN”, Sustainability 2021, 13, 1522. https://doi.org/10.3390/su13031522 https://www.mdpi.com/journal/sustainability.
https://wiki.pathmind.com/attention-mechanism-memory network
https://blog.floydhub.com/attention-mechanism/ [17] Kim, K., Aminanto, M.E., “Deep Learning in Intrusion Detection Perspective: Overview and Further Challenges”, IWBIS 2017 978-1-5386-2038-0/17/$31.00 c 2017 IEEE [18] https://tools.ietf.org/id/draft-idempotency-header-00.html
