On the Efficacy of Live DDoS Detection with Hadoop

TL;DR

This paper introduces HADEC, a Hadoop-based framework that uses MapReduce to detect DDoS flooding attacks in real-time, addressing the challenge of timely detection amidst increasing attack volumes.

Contribution

The paper presents a novel Hadoop-based live DDoS detection framework utilizing MapReduce and HDFS for efficient analysis of flooding attacks.

Findings

HADEC can process and detect DDoS attacks in a timely manner.

The framework effectively analyzes four major flooding attack types.

Experimental results demonstrate HADEC's practical viability.

Abstract

Distributed Denial of Service flooding attacks are one of the biggest challenges to the availability of online services today. These DDoS attacks overwhelm the victim with huge volume of traffic and render it incapable of performing normal communication or crashes it completely. If there are delays in detecting the flooding attacks, nothing much can be done except to manually disconnect the victim and fix the problem. With the rapid increase of DDoS volume and frequency, the current DDoS detection technologies are challenged to deal with huge attack volume in reasonable and affordable response time. In this paper, we propose HADEC, a Hadoop based Live DDoS Detection framework to tackle efficient analysis of flooding attacks by harnessing MapReduce and HDFS. We implemented a counter-based DDoS detection algorithm for four major flooding attacks (TCP-SYN, HTTP GET, UDP and ICMP) in MapReduce, consisting of map and reduce functions. We deployed a testbed to evaluate the performance of HADEC framework for live DDoS detection. Based on the experiments we showed that HADEC is capable of processing and detecting DDoS attacks in affordable time.