Back to Search
Start Over
Developing information technology for evaluating and enhancing application-layer DDoS attack detection methods
- Source :
- Радіоелектронні і комп'ютерні системи, Vol 2024, Iss 3, Pp 132-155 (2024)
- Publication Year :
- 2024
- Publisher :
- National Aerospace University «Kharkiv Aviation Institute», 2024.
-
Abstract
- The subject matter of this article is the methods to detect distributed denial-of-service (DDoS) attacks at the Hypertext Transfer Protocol (HTTP) level with the purpose of justifying the requirements for creating software capable of identifying malicious web server clients. The goal of this article is to develop an information technology to evaluate the efficiency of DDoS attack detection methods, which will quantify their operating time, memory consumption, and approximate classification accuracy. In addition, this paper proposes hypotheses and a potential approach to improve existing application-layer DDoS attack detection methods with the intention of increasing their accuracy and identification speed. The tasks of this study are as follows: to analyse modern methods for detecting application-layer DDoS attacks; to investigate their features and short­comings; to develop a software system to assess DDoS attack detection methods; to programmatically implement these methods and experimentally measure their performance indicators, specifically: classification ac­curacy, operating time, and memory usage; to compare the efficiency of the investigated methods; to formulate hypotheses and propose an approach to improve existing methods and/or develop new methods based on the results obtained. The methods employed are abstraction, analysis, systematic approach, and empirical research. In particular, the datasets generated by DDoS utilities were processed using the synthetic minority oversampling technique (SMOTE) to balance them. Furthermore, the studied DDoS attack detection methods were implemented, including fitting the required parameters and training artificial neural network models for evaluation. The following results were obtained. The average classification accuracy, operating time, and random-access memory (RAM) consumption during Internet traffic classification were determined for six DDoS attack detection methods under the same conditions. This study has demonstrated that the development of a novel method to detect DDoS attacks at the HTTP level with enhanced accuracy and classification speed is strongly required. The experimental results demonstrate that the time series-based method exhibited the shortest operating time (1.33 ms for 5000 vectors), whereas the deep neural network-based method exhibited the highest average classification accuracy (ranging from 99.07% to 99.97%) and the lowest memory consumption (39.09 KB for 5000 vectors). Conclusions. In this study, a software system was developed to assess the average accuracy of DDoS attack classification methods and measure the computational resources utilized. The scientific novelty of the obtained results lies in the formulation of two hypotheses and a potential approach to the creation of a novel method for detecting DDoS attacks at the HTTP level, which will have both high classification accuracy and a short operating time to surpass previously studied analogues in these respects. The first hypothesis is based on the additional usage of HTTP request attributes during Internet traffic classification. The second hypothesis is to analyse a graph of user transitions between website pages. The article also superficially describes a potential approach that involves the implementation of the described hypotheses as well as the proposed software architecture of an application-layer DDoS attack detection system for the Kubernetes platform and the Istio framework, which addresses the issue of collecting web request parameter values for websites that use the cryptographically secured HTTPS protocol.
Details
- Language :
- English, Ukrainian
- ISSN :
- 18144225 and 26632012
- Volume :
- 2024
- Issue :
- 3
- Database :
- Directory of Open Access Journals
- Journal :
- Радіоелектронні і комп'ютерні системи
- Publication Type :
- Academic Journal
- Accession number :
- edsdoj.f82f5dd5051141b6bd007b1a1a52e0ce
- Document Type :
- article
- Full Text :
- https://doi.org/10.32620/reks.2024.3.09