SKY SHIELD A SKETCH BASED DEFENSE SYSTEM AGAINST APPLICATION LAYER DDOS ATTACKS (2)[1].pptx

SKY SHIELD: A SKETCH-BASED
DEFENSE SYSTEM AGAINST
APPLICATION LAYER DDOS ATTACKS
Batch Members:
SHRISENA M(722821205047)
SRIHARAN K(722821205048)
KAVIN K(722821205019)
KIRUTHICK SARAN D(722821205020)
Guided by,
Mr.G.Swaminathan,
Assistant Professor,
Sri Eshwar College of
Engineering
Sri Eshwar College of Engineering
(Autonomous) Coimbatore -
641202.
Department of Information Technology
Third Review [PHASE-I]

Abstract
• The Internet is vulnerable to bandwidth distributed denial-of-service (BW- DDoS) attacks, wherein many hosts
send a huge number of packets to cause congestion and disrupt legitimate traffic.
• when adding a defense component against adversarial attacks, it is important to deploy multiple defense methods in
tandem to achieve a good coverage of various attacks, BW- DDoS attacks have employed relatively crude,
inefficient, brute-force mechanisms; future attacks might be significantly more effective and harmful.
• To meet the increasing threats, more advanced defenses are necessary. Distributed denial of service (DDoS) and
adversial attacks pose a serious threat to the Internet.
• We discuss the Internet's vulnerability to Bandwidth Distributed Denial of Service (BW-DDoS) attacks, where
many hosts send a huge number of packets exceeding network capacity and causing congestion and losses, thereby
disrupting legitimate traffic.
Dept of IT 2

Introduction
Dept of IT 3
• Distributed Denial of Service(DDOS) Attacks pose a serious threat to the internet.
• We discuss the Internet's Vulnerability to Bandwidth Distributed Denial of Service(BWDDOS) Attacks, where many
hosts send a huge number of packets exceeding network capacity and causing congestion and losses, thereby
disrupting legitimate traffic.
• TCP and other protocols employ congestion control mechanism that response to losses and delays by reducing
network usage, hence their performance may be degraded sharply due to such attacks.
• Attackers may disrupt connectivity to servers, networks, autonomous systems, or whole countries or regions; such
attacks were already launched in several conflicts.
• BWDDOS employed relatively crude, inefficient, 'brute force' mechanism; future attacks may be significantly more
effective, and hence much more harmful.

Literature Survey
Title of The paper Description Publication details
DDOs attack detection with
feature engineering and machine
learning: the framework and
performance evaluvation
A strategic framework is proposed that ensures
effective DDoS detection with significant feature
reduction (up to 68%) and minimal accuracy loss
(~0.03%). K-nearest neighbors (KNN) shows the best
overall performance, with models validated through
cross-validation and AUC analyses.
Spingers,2019
Statistical Application
Fingerprinting for
DDoS Attack Mitigation
The framework is extended to detect distributed
denial of service (DDoS) attacks, achieving an
accuracy of over 97% with a misclassification rate of
just 2.5%, as demonstrated using five real-world
traffic datasets.
IEEE,2019
Dept of IT 4

Literature Survey
Title of The paper Description Publication details
Learning Multilevel Auto-
Encoders for DDoS
Attack Detection in Smart Grid
Network
The final detection model, created by combining
multilevel features with a multiple kernel learning
(MKL) algorithm, is evaluated on two benchmark
DDoS attack databases. The proposed method
outperforms six recent techniques in prediction
accuracy.
IEEE,2019
DDoS Detection System:
Using a Set of
Classification Algorithms
Controlled by Fuzzy
Logic System in Apache
Spark
DDoS Detection System: Using a Set of Classification
Algorithms Controlled by Fuzzy Logic System in
Apache Spark
IEEE,2019
Dept of IT 5

Existing System
• Existing DDoS detection methods primarily focus on identifying specific types of attacks, often failing to detect
other types or mixed DDoS attacks.
• The system introduces five new features derived from heterogeneous packets: entropy rate of IP source flow,
entropy rate of flow, entropy of packet size, entropy rate of packet size, and the number of ICMP destination
unreachable packets.
• The proposed features enable the detection of various types of DDoS attacks, including complex and mixed
attacks, which are often missed by traditional methods.
• The system shows significant improvements in detection accuracy, outperforming existing methods by 21% to
53%.
• The system is based on a comprehensive analysis of the characteristics of various DDoS attacks, leading to more
effective and versatile detection.
Dept of IT 7

Proposed System
• BWDDOS attacks, where the attacker sends as many packets as possible directly to the victim, or from an
attacker controlled machines called 'zombies' or ‘puppets’.
• The simplest scenario is one in which the attacker is sending multiple packets using a connection less protocol
such as UDP.
• In Puppet attacks, zombie attacks, root attacks the attacker commonly has a user mode executable on the
zombie machine which opens a standard UDP sockets and sends many packets towards the victim.
• The first attempts to avoid detection, and the second tries to exploit legitimate protocol behavior and cause
legitimate clients/server to excessively misuse their bandwidth against the attacked victim.
Dept of IT 8

Methodology
• The methodology of "Sky Shield: A Sketch-Based Defense System Against Application Layer DDoS Attacks"
revolves around efficiently detecting and mitigating application-layer Distributed Denial of Service (DDoS)
attacks.
• The defense system is tested through simulations to evaluate its accuracy, memory usage, and scalability,
ensuring robust protection against application-layer DDoS attacks.
• The system first collects network traffic, focusing on application-layer requests like HTTP, and extracts key
traffic features such as request rates and user patterns.
▪ Sky Shield then applies countermeasures like blacklisting suspicious IP addresses, rate-limiting users, or
implementing graceful degradation of services during high attack periods.
Dept of IT 8

Project Modules
Sketch-Based Data Structure Module:
• Implements a memory-efficient data structure, such as Count-Min Sketch, for storing and updating traffic
profiles.
• It continuously updates the sketch as new requests are processed, helping detect traffic anomalies with
minimal memory overhead.
Mitigation Module:
• Once an attack is identified, this module takes action to mitigate the threat.
• It may involve blacklisting or rate-limiting suspicious IP addresses, adjusting traffic priorities, or slowing
down responses to suspected malicious users.
Dept of IT 9

System Requirements
HARDWARE REQUIREMENTS
CPU type : Intel core i5 processor
Clock speed : 3.0 GHz
RAM size : 8 GB
Hard disk capacity : 500 GB
Keyboard type : Internet Keyboard
CD -drive type : 52xmax
SOFTWARE REQUIREMENTS
Operating System : Windows 10
Front End : JAVA
Dept of IT 10

Conference/Journal Publication Status
▪ Aamir, M., Zaidi, S.M.A.: DDoS attack detection with feature engineering and machine learning: the framework
and performance evaluation. Int. J. Inf. Security 18(6), 761–785 (2019)
▪ Ahmed, M.E., Ullah, S., Kim, H.: Statistical application fngerprinting for DDoS attack mitigation. IEEE Trans. Inf.
Forensics Security 14(6), 1471–1484 (2019)
▪ Ali, S., Li, Y.: Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access 7,
108647–108659 (2019)
▪ Alsirhani, A., Sampalli, S., Bodorik, P.: DDoS detection system: Using a set of classifcation algorithms controlled by
fuzzy logic system in apache spark. IEEE Trans. Netw. Service Manag. 16(3), 936–949 (2019)
Dept of IT 12

SKY SHIELD A SKETCH BASED DEFENSE SYSTEM AGAINST APPLICATION LAYER DDOS ATTACKS (2)[1].pptx

More Related Content

Similar to SKY SHIELD A SKETCH BASED DEFENSE SYSTEM AGAINST APPLICATION LAYER DDOS ATTACKS (2)[1].pptx (20)

More from ssuser55cbdb (8)

Recently uploaded (20)

SKY SHIELD A SKETCH BASED DEFENSE SYSTEM AGAINST APPLICATION LAYER DDOS ATTACKS (2)[1].pptx