Detection and Prevention System on Computer Network to Handle Distributed Denial-Of-Service (Ddos) Attack in Realtime and Multi-Agent
Abstract
This research builds a realtime and multi-agent system to handle Distributed Denial of Service (DDoS) attacks. The integration of an Intrusion Detection System (IDS), Security Information and Event Management (SIEM), and Security Orchestration, Automation, and Response (SOAR) establishes a robust defense mechanism, utilizing Discord for sending alert notifications to the Security Operations Center (SOC). Tested with sending 10 DDoS attacks by SYN flooding, the system resulted in a precision of 89%, showcased its capability to minimize false positives and identify true threats. The system also shows that Wazuh Indexer consumed the most resources with an average CPU usage of 22.94% and memory usage of 58.04%, while Shuffle Frontend exhibited lower resource consumption, with an average CPU usage of 0.0% and memory usage of 0.14%. These varied resource consumptions highlight the system’s adaptability and scalability across diverse operational scenarios.
References
[1]
[n. d.]. What is a Linux server? — redhat.com. https://www.redhat.com/en/topics/linux/linux-server. [Accessed 31-01-2024].
[2]
Omar Abouabdalla, Homam El-Taj, Ahmed Manasrah, and Sureswaran Ramadass. 2009. False positive reduction in intrusion detection system: A survey. In 2009 2nd IEEE International Conference on Broadband Network & Multimedia Technology. 463–466. https://doi.org/10.1109/ICBNMT.2009.5348536
[3]
Bram Andika Ahmad Al’aziz, Parman Sukarno, and Aulia Arif Wardana. 2020. Blacklisted IP Distribution System to handle DDoS attacks on IPS Snort based on Blockchain. In 2020 6th Information Technology International Seminar (ITIS). 41–45. https://doi.org/10.1109/ITIS50118.2020.9320996
[4]
Amir Azodi, David Jaeger, Feng Cheng, and Christoph Meinel. 2013. A New Approach to Building a Multi-tier Direct Access Knowledgebase for IDS/SIEM Systems. In 2013 IEEE 11th International Conference on Dependable, Autonomic and Secure Computing. 118–123. https://doi.org/10.1109/DASC.2013.48
[5]
Upendra Bartwal, Subhasis Mukhopadhyay, Rohit Negi, and Sandeep Shukla. 2022. Security Orchestration, Automation, and Response Engine for Deployment of Behavioural Honeypots. In 2022 IEEE Conference on Dependable and Secure Computing (DSC). 1–8. https://doi.org/10.1109/DSC54232.2022.9888808
[6]
Zhongqiang Chen, Zhongrong Chen, and Alex Delis. 2007. An Inline Detection and Prevention Framework for Distributed Denial of Service Attacks. Comput. J. 50, 1 (2007), 7–40. https://doi.org/10.1093/comjnl/bxl042
[7]
R. F. Gibadullin and V. V. Nikonorov. 2021. Development of the System for Automated Incident Management Based on Open-Source Software. In 2021 International Russian Automation Conference (RusAutoCon). 521–525. https://doi.org/10.1109/RusAutoCon52004.2021.9537385
[8]
Filip Hock and Peter Kortiš. 2015. Commercial and open-source based Intrusion Detection System and Intrusion Prevention System (IDS/IPS) design for an IP networks. In 2015 13th International Conference on Emerging eLearning Technologies and Applications (ICETA). 1–4. https://doi.org/10.1109/ICETA.2015.7558466
[9]
Marian Hristov, Maria Nenova, Georgi Iliev, and Dimiter Avresky. 2021. Integration of Splunk Enterprise SIEM for DDoS Attack Detection in IoT. In 2021 IEEE 20th International Symposium on Network Computing and Applications (NCA). 1–5. https://doi.org/10.1109/NCA53618.2021.9685977
[10]
Tim Laue, Carsten Kleiner, Kai-Oliver Detken, and Timo Klecker. 2021. A SIEM Architecture for Multidimensional Anomaly Detection. In 2021 11th IEEE International Conference on Intelligent Data Acquisition and Advanced Computing Systems: Technology and Applications (IDAACS), Vol. 1. 136–142. https://doi.org/10.1109/IDAACS53288.2021.9660903
[11]
Abdul Majeed, Raihan Rasool, Farooq Ahmad, Muhammad Alam, and Nadeem Javaid. 2019. Near-miss situation based visual analysis of SIEM rules for real time network security monitoring. Journal of Ambient Intelligence and Humanized Computing 10 (04 2019). https://doi.org/10.1007/s12652-018-0936-7
[12]
Adabi Raihan Muhammad, Parman Sukarno, and Aulia Arif Wardana. 2023. Integrated Security Information and Event Management (SIEM) with Intrusion Detection System (IDS) for Live Analysis based on Machine Learning. Procedia Comput. Sci. 217, C (jan 2023), 1406–1415. https://doi.org/10.1016/j.procs.2022.12.339
[13]
Sherif Saad, Issa Traore, and Marcelo Luiz Brocardo. 2014. Context-aware intrusion alerts verification approach. In 2014 10th International Conference on Information Assurance and Security. 53–59. https://doi.org/10.1109/ISIAS.2014.7064620
[14]
Anish Sridharan and V Kanchana. 2022. SIEM integration with SOAR. In 2022 International Conference on Futuristic Technologies (INCOFT). 1–6. https://doi.org/10.1109/INCOFT55651.2022.10094537
[15]
Vladimir Vasilyev and Rinat Shamsutdinov. 2020. Security Analysis of Wireless Sensor Networks Using SIEM and Multi-agent Approach. In 2020 Global Smart Industry Conference (GloSIC). 291–296. https://doi.org/10.1109/GloSIC50886.2020.9267830
[16]
Rahul Vast, Shruti Sawant, Aishwarya Thorbole, and Vishal Badgujar. 2021. Artificial Intelligence based Security Orchestration, Automation and Response System. In 2021 6th International Conference for Convergence in Technology (I2CT). 1–5. https://doi.org/10.1109/I2CT51068.2021.9418109
[17]
Wazuh. [n. d.]. Network IDS integration - Proof of Concept guide · Wazuh documentation — documentation.wazuh.com. https://documentation.wazuh.com/current/proof-of-concept-guide/integrate-network-ids-suricata.html. [Accessed 31-01-2024].
[18]
Xiaoyong Yuan, Chuanhuang Li, and Xiaolin Li. 2017. DeepDefense: Identifying DDoS Attack via Deep Learning. In 2017 IEEE International Conference on Smart Computing (SMARTCOMP). 1–8. https://doi.org/10.1109/SMARTCOMP.2017.7946998
[19]
Boyang Zhang, Tao Zhang, and Zhijian Yu. 2017. DDoS detection and prevention based on artificial intelligence techniques. In 2017 3rd IEEE International Conference on Computer and Communications (ICCC). 1276–1280. https://doi.org/10.1109/CompComm.2017.8322748
[20]
Salva Daneshgadeh Çakmakçı, Helmar Hutschenreuter, Christian Maeder, and Thomas Kemmerich. 2021. A Framework For Intelligent DDoS Attack Detection and Response using SIEM and Ontology. In 2021 IEEE International Conference on Communications Workshops (ICC Workshops). 1–6. https://doi.org/10.1109/ICCWorkshops50388.2021.9473869
Index Terms
- Detection and Prevention System on Computer Network to Handle Distributed Denial-Of-Service (Ddos) Attack in Realtime and Multi-Agent
Index terms have been assigned to the content through auto-classification.
Recommendations
Intrusion Detection Systems of ICMPv6-based DDoS attacks
Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are thorny and a grave problem of today's Internet, resulting in economic damages for organizations and individuals. DoS and DDoS attacks that are using Internet Control Message ...
Inferring distributed reflection denial of service attacks from darknet
This work proposes a novel approach to infer and characterize Internet-scale DNS Distributed Reflection Denial of Service (DRDoS) attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS)...
A Comparative Study of Distributed Denial of Service Attacks, Intrusion Tolerance and Mitigation Techniques
EISIC '11: Proceedings of the 2011 European Intelligence and Security Informatics ConferenceDisruption of service caused by distributed denial of services (DDoS) attacks is an increasing problem in the Internet world. At the present time, to attack the victim's system, the attacker uses sophisticated automated attacking tools for DDoS attack, ...
Comments
Information & Contributors
Information
Published In
May 2024
324 pages
ISBN:9798400716386
DOI:10.1145/3674558
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 26 August 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCTA 2024
ICCTA 2024: 2024 10th International Conference on Computer Technology Applications
May 15 - 17, 2024
Vienna, Austria
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 75Total Downloads
- Downloads (Last 12 months)75
- Downloads (Last 6 weeks)13
Reflects downloads up to 30 Jan 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format