DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK DETECTION AND PREVENTION MECHANISMS FOR CLOUD- ASSISTED WIRELESS BODY AREA NETWORKS (WBAN)

Abstract

Distributed Denial of Service (DDoS) attack does not aims to disrupts or interfere with the real sensor data, rather they take advantage of disparity that exists between the network bandwidth and the limited resource availability of the victim. Detecting and preventing such attacks in cloud- assisted Wireless Body Area Networks (WBANs) is an important concern. Such attacks can be avoided by first detecting followed by prevention and mitigation. Attack detection is an initial step of any defense approach that needs to be taken prior to attack mitigation techniques. Similarly, attack prevention also plays an important role in protecting a network from malicious attacks. This research is mainly focused on the DDoS attack detection and prevention algorithms and propose a novel solution that not only consumes less resources but also produce efficient results. The limited resources of WBAN are not enough to mitigate the huge amount of traffic generated by DDoS attack. Therefore, there is a need for lightweight approaches and capable of handling real-time high speed sensor data for detection of such attacks in cloudassisted WBAN environment. The concern of detecting and preventing the DDoS attack in cloud- assisted WBAN remains unresolved, existing solutions proposed for such attacks in conventional networks are not directly applicable in cloud-assisted WBAN environment due to the resource scarceness of these networks. Moreover, multiple entry points into these networks leave them more vulnerable to such attacks which makes the attack detection and prevention process a challenging task. The aim of this research is to design a lightweight, in-network, distributed and scalable approach for detecting DDoS attack that is capable of handling high speed streaming data generated by WBAN sensors in cloud- assisted WBAN environment. The goal is to propose the attack detection technique with improved performance when compared with existing techniques in terms of: i) improved attack detection accuracy; ii) minimizing overall resource usage and iii) reducing overall computational cost. Analyzing and comparing the existing techniques for detecting attacks in both conventional and wireless sensor networks concludes that Very Fast Decision Tree (VFDT) has proved to be the most promising solution for identifying the malicious behavior of nodes in these networks through pattern discovery. Therefore, in this research , we have selected and explored VFDT technique that is lightweight and have further optimized it for handling high-speed streaming data originating from WBAN sensors. The performance evaluation is done through simulation experiments and real-time WBAN testbed deployment to test the effectiveness of proposed attack detection approach. In addition, the quantitative results obtained from the simulation experiments are benchmarked with corresponding results acquired from the existing techniques. The results comparison shows the advantages and significance of deploying stream mining approach in such networks, for detecting DDoS attacks in an efficient and timely manner. Another objective of this research is to propose an efficient traceback technique specifically for cloud- assisted WBAN environment that incur minimal overhead on the WBAN network. The goal is to propose a technique that is efficient in packet marking and path reconstruction procedures in order to traceback and identify the source of DDoS attack with less convergence time. Different traceback techniques have been analyzed and their comparison drawn to the conclusion that Probability Packet Marking (PPM) is most appropriate and widely used approach in both conventional and wireless sensor networks. The key issue of PPM lies in assigning the marking probability for path reconstruction. Therefore, we model the traceback of DDoS attack as a marking probability assignment problem and further optimized it for efficient traceback of DDoS attack in cloud- assisted WBAN environment. The evaluation is performed through simulation experiments to test the effectiveness of the proposed traceback technique. In addition, the quantitative results acquired from the simulations are benchmarked with equivalent results acquired from a fish bone traceback technique. The result comparisons prove the effectiveness of proposed traceback technique in WBAN networks, for identifying the source of DDoS attacks with less convergence time and minimum overhead.