Publication

Abstract : In recent years, we have seen the rise of application specific attacks that exploit the vulnerabilities in the network protocols (HTTP, DNS, SMTP, other) and try to overwhelm the server application, not just the connectivity pipe.In this paper, we propose an advanced DoS Threat Analytics System (DTAS) to mitigate the full range of DoS network attacks – not just volumetric, based on comprehensive collaborative detection algorithms, implemented in the Elasticsearch Big Data platform. DTAS security solution is driven by powerful threat detection algorithms that: a) dissects all attack probabilities in the network traffic, b) Uses behavioral analytics to correlate multiple parameters and generate multi-vector representations, c) Employs dynamic challenges to verify normal versus attack traffic. The DTAS analytics engine analyzes multiple IP attributes within TCP and UDP flows, ICMP, HTTP and DNS traffic, count, frequency, headers, payloads, detecting covert traffic, amplification attacks trying to target the services on the network. By measuring all these attributes, our system creates a multi-vector heuristic representation of the normal or baseline traffic flows. We have used datasets from UCLA, downloaded traces from real world incidents and tested the efficacy of the system with various largescale simulated DoS attacks in the test network. Our experiments show that the DTAS framework can detect DoS attacks in real time, without impacting the latency to benign traffic in the network and with accuracy up to 95% detection rate for attacks.