The rule converter attempts to generates ACL automatically, however it includes many legitimate IP address that is not participating in the attack. Also, the cur- rent algorithm needs to be enhanced for producing ACL entries matching device capacity. These gaps need to be addressed for making the tool more reliable and administrator can make use of the tool.
Since, rule converter is making use of subnet-based approach, there are high probabilities of adding more IP address which are not involved in attack. One way to avoid this problem is by analyzing the impact of the ACL before deployment. If there is no overlap of legitimate IP addresses, then the administrator can choose to deploy the rule. An administrator should test against the normal traffic and deter- mine the impact, if it is actually blocking the legitimate traffic. Another point is, an administrator can input the limit specifying maximum number of rules of that device can support. Then, the tool should attempt to recursively check and generate ACL’s for specified number. It can group similar set of IP address and reduce the subnet mask for achieving this goal.
Bibliography
[1] S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks,” IEEE Communications Surveys Tutorials, vol. 15, no. 4, pp. 2046–2069, Fourth 2013.
[2] “Netscout,” https://www.netscout.com/blog/asert/ netscout-arbor-confirms-17-tbps-ddos-attack-terabit-attack-era/, accessed: 2019-03-20.
[3] K. Kumar, “Intrusion detection and prevention system in enhancing security of cloud environment,” vol. 6, pp. 2278–1323, 08 2017.
[4] M. Gupta, “Hybrid intrusion detection system: Technology and development,” 2015.
[5] V. Bukac, V. Stavova, L. Nemec, Z. Riha, and V. Matyas, “Service in denial – clouds going with the winds,” in Network and System Security, M. Qiu, S. Xu,
M. Yung, and H. Zhang, Eds. Cham: Springer International Publishing, 2015, pp. 130–143.
[6] J. J. Santanna, R. van Rijswijk-Deij, R. Hofstede, A. Sperotto, M. Wierbosch, L. Z. Granville, and A. Pras, “Booters â ˘AˇT an analysis of ddos-as-a-service attacks,” in 2015 IFIP/IEEE International Symposium on Integrated Network Management (IM), May 2015, pp. 243–251.
[7] “Ddos dissector,” https://github.com/ddos-clearing-house/ddos_dissector/, ac- cessed: 2019-09-21.
[8] “Corero,” https://www.corero.com/blog/914-automated-ddos-mitigation-is-essential-. html, accessed: 2019-03-20.
[9] “Arbor,” https://www.netscout.com/blog/consequences-ddos-attacks-are-rising, accessed: 2019-03-20.
[10] S. Rajan and C. Vivek, “Systematic review of sar reduction techniques for minimizing mobile phone radiation,” JOURNAL OF ADVANCES IN
CHEMISTRY, vol. 12, no. 9, pp. 4341–4348, Nov. 2016. [Online]. Available:
https://rajpub.com/index.php/jac/article/view/4102jac
[11] S. Arukonda and S. Sinha, “The innocent perpetrators: Reflectors and reflec- tion attacks,” 2015.
[12] K. S. V. Lovepreet Kaur Somal, “Classification of distributed denial of service attacks architecture, taxonomy and tools,” International Journal of Advanced Research in Computer Science and Technology (IJARCST), vol. 2, 2014.
[13] V. P. Keyur Chauhan, “Distributed denial of service(ddos) attack techniques and prevention on cloud environment,”International Journal of Innovations Ad- vancement in Computer Science (IJIACS), vol. 4, 2015.
[14] “Radware,” https://security.radware.com/ddos-knowledge-center/ddospedia/ amplification-attack/, accessed: 2019-07-05. [15] “Cloudflare,” https://www.cloudflare.com/learning/ddos/ddos-attack-tools/ how-to-ddos/CommonDDoSAttacks, accessed: 2019-07-05. [16] “imperva,” https://www.imperva.com/learn/application-security/ddos-attacks/, accessed: 2019-07-05.
[17] “securelist,” https://securelist.com/ddos-report-in-q3-2018/88617/, accessed: 2019-07-05.
[18] B. Shanmugam and N. B. Idris, “Improved intrusion detection system using fuzzy logic for detecting anamoly and misuse type of attacks,” in2009 Interna- tional Conference of Soft Computing and Pattern Recognition, Dec 2009, pp.
212–217.
[19] J. Han, M. Kamber, and J. Pei, “13 - data mining trends and research frontiers,” in Data Mining (Third Edition), third edition ed., ser. The Morgan Kaufmann
Series in Data Management Systems, J. Han, M. Kamber, and J. Pei, Eds. Boston: Morgan Kaufmann, 2012, pp. 585 – 631. [Online]. Available: http://www.sciencedirect.com/science/article/pii/B9780123814791000137 [20] V. Paxson, “Bro: a system for detecting network intruders in real-time,” Com-
puter networks, vol. 31, no. 23-24, pp. 2435–2463, 1999.
[21] M. Roesch, “Snort - lightweight intrusion detection for networks,” in
Proceedings of the 13th USENIX Conference on System Administration, ser.
LISA ’99. Berkeley, CA, USA: USENIX Association, 1999, pp. 229–238. [Online]. Available: http://dl.acm.org/citation.cfm?id=1039834.1039864
BIBLIOGRAPHY 57
[22] M. Khamruddin and C. Rupa, “A rule based ddos detection and mitigation technique,” in 2012 Nirma University International Conference on Engineering (NUiCONE), Dec 2012, pp. 1–5.
[23] B. Agarwal and N. Mittal, “Hybrid approach for detection of anomaly network traffic using data mining techniques,” Procedia Technology, vol. 6, pp. 996
– 1003, 2012, 2nd International Conference on Communication, Computing amp; Security [ICCCS-2012]. [Online]. Available: http://www.sciencedirect. com/science/article/pii/S2212017312006664
[24] J. Yang, X. Chen, X. Xiang, and J. Wan, “Hids-dt: An effective hybrid intrusion detection system based on decision tree,” in2010 International Conference on Communications and Mobile Computing, vol. 1, April 2010, pp. 70–75.
[25] I. Brahmi, S. Ben Yahia, and P. Poncelet, “Mad-ids: Novel intrusion detection system using mobile agents and data mining approaches,” in Intelligence and Security Informatics, vol. 6122, 09 2010.
[26] C. Buragohain, M. Jyoti, S. Singh, and D. K, “Anomaly based ddos attack de- tection,”International Journal of Computer Applications, vol. 123, pp. 35–40, 08
2015.
[27] “Caida,” https://www.caida.org/data/, accessed: 2019-03-14.
[28] J. B. Cabrera, L. Lewis, X. Qin, W. Lee, R. K. Prasanth, B. Ravichandran, and R. K. Mehra, “Proactive detection of distributed denial of service attacks us- ing mib traffic variables-a feasibility study,” in Integrated network management proceedings, 2001 IEEE/IFIP international symposium on. IEEE, 2001, pp.
609–622.
[29] K. Hwang, P. Dave, and S. Tanachaiwiwat, “Netshield: Protocol anomaly de- tection with datamining against ddos attacks,” 6th International Symposium, Pittsburgh, 2003.
[30] Tanachaiwiwat and K. Hwang, “Adaptive packet filtering against ddos attacks,”
Dept. of EE-Systems, University of Southern California (USC), 2003.
[31] C. Thomas, V. Sharma, and N. Balakrishnan, “Usefulness of darpa dataset for intrusion detection system evaluation,” 03 2008.
[32] Y. Ding and M. X. and, “Research and implementation on snort-based hybrid in- trusion detection system,” in2009 International Conference on Machine Learn- ing and Cybernetics, vol. 3, July 2009, pp. 1414–1418.
[33] V. Katkar and S. Bhirud, “Novel dos/ddos attack detection and signature gen- eration,”International Journal of Computer Applications, vol. 47, pp. 18–24, 06
2012.
[34] G. Nadiammai and M. Hemalatha, “Effective approach toward intrusion detection system using data mining techniques,” Egyptian Informatics Journal, vol. 15, no. 1, pp. 37 – 50, 2014. [Online]. Available:
http://www.sciencedirect.com/science/article/pii/S1110866513000418
[35] O. Cepheli, S. Buyukcorak, and G. Karabulut Kurt, “Hybrid intrusion detection system for ddos attacks,”Journal of Electrical and Computer Engineering, vol.
2016, pp. 1–8, 01 2016.
[36] P. Bhakti and P. Kalvadekar, “Hybrid intrusion detection system using anoma- lous internet episodes rules with weighted signature generation,” 2015.
[37] A. Tesfahun and L. Bhaskari, “Effective hybrid intrusion detection system: A layered approach,”International Journal of Computer Network and Information Security, vol. 7, pp. 35–41, 02 2015.
[38] M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the kdd cup 99 data set,” in2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, July 2009, pp. 1–6.
[39] “Tcprewrite,” https://linux.die.net/man/1/tcprewrite/, accessed: 2019-09-21. [40] “Tcpreplay,” https://tcpreplay.appneta.com/wiki/overview.html/, accessed: