Implementation of a Clustering-Based LDDoS Detection Method

Abstract

With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.