Smart-Defender: A comprehensive protection mechanism against DDoS attacks
Computer Network Security, Denial of Service Attacks, Distributed Denial of Service Attacks, Random Forest.
Distributed Denial of Service attacks are a major concern of security professionals and enterprises. Developing efficient defense mechanisms against DDoS attacks is a goal desired by the research community in the area of intrusion detection and prevention. However, the development of such a mechanism requires a comprehensive understanding of the problem and the techniques that have been used so far in preventing, detecting and responding to various DDoS flood attacks. In this work, we propose the Smart-Defender system, a distributed, non-invasive system (compatible with the current network scenario) and with a collaborative approach, to be executed at all levels of providers, aiming to overcome the DoS / DDoS attacks near its origins. Such a system is comprised of Smart-Detection, Smart-protect and Smart-Monitoring sub-systems. The detection subsystem uses the Random Forest algorithm to perform real-time detection using a small sample of network traffic. Attack notifications are shared with other system instances asynchronously throughout the service provider hierarchy. Containment measures are generated by the protection sub-system and applied by the network protection devices themselves as routers and firewalls. The sub-system monitors attack activities and notifies security teams. The results obtained with the Smart-Detection indicate efficiency in the method employed. High accuracy rates were obtained in the traffic classification, even using low sampling rates. The system was able to detect both high-volume DoS attacks of network and transport layer data, and also detected slow and stealth application-layer attacks with low data volume.