LDDoS Attack Detection by Using Ant Colony Optimization Algorithms

摘要

Internet service providers and equipment vendors are subject to cyber threats. One of the most prevalent security threats is the distributed denial of service (DDoS) attack. In a DDoS attack, the attack traffic and attacker's IP address are respectively difficult to detect and trace. This is because attack traffic is similar to regular traffic and the attack is executed by multiple attackers. This study focused on solving the low-rate distributed denial of service (LDDoS) problem; this problem is difficult to detect and trace compared with a DDoS attack. We therefore propose a novel distributed detection and identification ant colony system (DDIACS) framework, which is an ant-colony-optimization based metaheuristic technique, for solving the LDDoS problem. The DDIACS framework comprises three stages, which entail an information heuristic rule, a multiagent algorithm, and a backward and forward search method. Moreover, the DDIACS framework is compliant with the emerging software defined network (SDN) because in this framework, a control plane and data plane are used to monitor and manage the network topology. The proposed framework demonstrates SDN advantages such as enabling networks to exhibit flexibility, fast convergence, and robustness in overcoming complicated multi-attacker problems. In addition, this study investigated the time and space complexity of the DDIACS framework and compared this framework with the swarm optimization algorithm and probabilistic packet marking. This study designed the network topology by using the data set from the DARPA and KDD repository. The simulation results show that the proposed framework resolves the problems in using other algorithms and that the DDIACS framework demonstrates better performance than existing methods; furthermore, the adaptive metaheuristic algorithm outperforms other methods in thwarting an LDDoS attack. The detection rate is about 89% and the accuracy is greater than 83%.