The Distributed Denial of Service Attacks Situation Awareness Based on The Prediction of Battle Scene Using Dempster-Shefer Evidences Theories and Bayesian Rules

Document Type : Original Article

Authors

1 imam hossein university

2 amirkabir university

3 kharazmi university

Abstract

The cyber battle scene has two main actors: attacker and defender. Attacker will reduce or interrupt the services that defender provides by continuously sending huge packets and defender will insist on continuing the services by apply various kinds of security methods. Evaluating this scene from the perspective of an observers can be ambiguous and the scene cannot be predictable. In this research, we have defined        different kinds of attacker and defender situations and expertise criteria including: capabilities, response time, tools, capability of continued defense and/or attack operations, and ultimately accessibility of         defender’s services. We used a dataset include 3003 sequence of attacker or defender situations for     measuring the above-mentioned criteria. The results show that half of the scene sequences have a short time, which means that the attacker takes advantage of surprising, the victims not being prepared for the attack. The correlation criteria show that prolonged time length of attack is to the benefit of attacker and the defender’s loss is increased. Also, the equipment does not have a positive effect on the response time of the attacker. This means that for the attacker skill is more effective than equipment. Then, in order to      predict the situation of battle scene four criteria of impact capacity were combined using the Evidences Dempster-Shefer Theory to predict the victim status and finally, we estimated future methods of attacker and defense strategies of defender by using the Dempster-Shefer Evidences Theory and Bayesian rules and showed using five scenarios in four stages that the reliability of our estimation is more than 65%.
 

Keywords

References

   [1]      M. H. Hamza Kalai and M. R. M. J. shaman, “IP optimization ant colony algorithm for tracking denial of service attacks,” Journal of electronic and cyber defense, vol. 1, vol. 4, 2014. (In Persian), Ihu.ac.ir##
   [2]      K. Kumar, M. Sachdeva, and K. Arora, “Impact Analysis of Recent DDoS Attacks,” International Journal on Computer Science and Engineering (IJCSE), ISSN: 0975-3397, vol. 3 no. 2, Feb. 2011.##
   [3]      H. Akbari, et al, “A Framework For The Status Estimation In Distributed Denial-of-Service Attacks By Data Fusion of    Human-And-Technical Sensors Based on Fuzzy Logic,” Journal of Electronical & Cyber Defence vol. 5, no. 3, 2017, Serial No. 19 (In Persian).##
   [4]      A. J. Rashidi, et al, “A New Framework for Projection of Cyber-Attacks Based on Information Fusion,” Journal of Passive defense Quarterly,Vol. 6, No. 2, 2015, (In Persian).##
   [5]      C. Rossow and H. Bos. Arne Welzel, “On Measuring the Impact of DDoS Botnets,” EuroSec’14, Amsterdam, Netherlands, April 2014.##
   [6]      Z. Peng, W. Zhao, and J. Long, “Grey synthetic clustering method for DoS attack effectiveness evaluation,” International Conference on Modeling Decisions for Artificial Intelligence, pp. 139-149, Springer Berlin Heidelberg, July 2011.##
   [7]      C. Nordlohne, “Measuring Botnet Prevalence: Malice Value,” in University of Applied Sciences Gelsenkirchen, Germany, January 7, 2015.##
   [8]      P. A. A. M. B. B. Gupta, “Estimating Strength of Ddos Attack Using Various Regression Models,” in springer, 2011.##
   [9]      C. Bannwart, “Predicting the Impact of Denial of Service Attacks,” Master Thesis MA-2012-03, 2012.##
[10]      R. Vasudevan, et al, “MIDAS: An Impact Scale for DDoS attacks,” Proceedings of the 2007 15th IEEE Workshop on Local and Metropolitan Area Networks, 2007.##
[11]      T. Dubendorfer, A. Wagner, and B. Plattner, “An economic damage model for large-scale Internet attacks,” In 13th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, pp. 223–228, IEEE Comput. Soc., 2004.##
[12]      http://cs.mcgill.ca/~rwest/wikispeedia/ wpcd/wp/w/World_Wide_Web.htm##
[13]      K. Dadashtabar, et al, “Projection of Multi stage cyber Attack Based on Belief Model and fuzzy inference,” journal of Electronical & cyber Defense, vol. 3, no. 2, serial no.10, 2015 (In Persian).##
[14]      Du, Haitao, “Probabilistic Modeling and Inference for Obfuscated Network Attack Sequences,” Thesis, Rochester Institute of Technology, 2014. Accessed from http://scholarworks.rit.edu/theses.##
[15]      F. S. Yuan Yuan, “Data Fusion-based Resilient Control System under DoS Attacks: A Game Theoretic Approach,” International Journal of Control Automation and Systems, vol. 13, no. 3, June 2015.##
[16]      M. R. Endsley, “Final Reflections: Situation Awareness Models and Measures,” Journal of Cognitive Engineering and Decision Making, March 2015.##
[17]      H. Akbari and S. M. Safavi, “Determine of the victim machine situation by data fusion of cyber sensors at packet level,” Journal of Command and Control, vol. 1, no. 2, pp. 39-64, winter 2017 (In Persian).##
[18]      H. Akbari and S. M. Safavi, “Estimate botnet using vicarious servers in distributed denial of service attacks,” Journal of Electronical & Cyber Defence pp. 95-109, vol. 5, no. 4, Serial No. 20, 2018 (In Persian).##
[19]      A. Welzel, C. Rossow, and H. Bos, “On Measuring the Impact of DDoS Botnets,” VU University Amsterdam, 2014. available: http://dx.doi.org/10.1145/2592791.2592794##

Files

History

  • Receive Date: 02 February 2018
  • Accept Date: 27 May 2018
  • Publish Date: 22 May 2019

Share

How to cite

Statistics