Distributed Detection of DDoS Attacks During the Intermediate Phase Through Mobile Agents

Authors

  • Ugur Akyazi Turkish Air War College, Yenilevent, 34330 Istanbul
  • A. Sima Uyar Computer Engineering Department, Istanbul Technical University, Maslak, 34469 Istanbul

Keywords:

Intrusion detection, DDoS, DARPA dataset, mobile agents

Abstract

A Distributed Denial of Service attack is a large-scale, coordinated attack on the availability of services of a victim system, launched indirectly through many compromised computers on the Internet. Intrusion detection systems are network security tools that process local audit data or monitor network traffic to search for specific patterns or certain deviations from expected behavior, which indicate malicious activities against the protected network. In this study, we propose distributed intrusion detection methods to detect Distributed Denial of Service attacks in a special dataset and test these methods in a simulated-real time environment, in which the mobile agents are synchronized with the timestamp stated in the dataset. All of our methods use the alarms generated by SNORT, a signature-based network intrusion detection system. We use mobile agents in our methods on the Jade platform in order to reduce network bandwidth usage and to decrease the dependency on the central unit for a higher reliability. The methods are compared based on reliability, network load and mean detection time values.

Downloads

Download data is not yet available.

Downloads

Published

2012-10-03

How to Cite

Akyazi, U., & Uyar, A. S. (2012). Distributed Detection of DDoS Attacks During the Intermediate Phase Through Mobile Agents. COMPUTING AND INFORMATICS, 31(4), 759–778. Retrieved from https://www.cai.sk/ojs/index.php/cai/article/view/1104