The document discusses a sketch-based defense system called 'Sky Shield' designed to mitigate application layer DDoS attacks, highlighting the growing sophistication and threats of bandwidth DDoS attacks. It outlines the vulnerabilities of the internet to such attacks and presents a methodology for detecting and addressing these threats using advanced techniques and features. The proposed system improves detection accuracy significantly compared to existing methods and incorporates modules for efficient traffic profile management and mitigation actions.

1. SKY SHIELD: A SKETCH-BASED
DEFENSE SYSTEM AGAINST
APPLICATION LAYER DDOS ATTACKS
Batch Members:
SHRISENA M(722821205047)
SRIHARAN K(722821205048)
KAVIN K(722821205019)
KIRUTHICK SARAN D(722821205020)
Guided by,
Mr.G.Swaminathan,
Assistant Professor,
Sri Eshwar College of
Engineering
Sri Eshwar College of Engineering
(Autonomous) Coimbatore -
641202.
Department of Information Technology
Third Review [PHASE-I]

2. Abstract
• The Internet is vulnerable to bandwidth distributed denial-of-service (BW- DDoS) attacks, wherein many hosts
send a huge number of packets to cause congestion and disrupt legitimate traffic.
• when adding a defense component against adversarial attacks, it is important to deploy multiple defense methods in
tandem to achieve a good coverage of various attacks, BW- DDoS attacks have employed relatively crude,
inefficient, brute-force mechanisms; future attacks might be significantly more effective and harmful.
• To meet the increasing threats, more advanced defenses are necessary. Distributed denial of service (DDoS) and
adversial attacks pose a serious threat to the Internet.
• We discuss the Internet's vulnerability to Bandwidth Distributed Denial of Service (BW-DDoS) attacks, where
many hosts send a huge number of packets exceeding network capacity and causing congestion and losses, thereby
disrupting legitimate traffic.
Dept of IT 2

3. Introduction
Dept of IT 3
• Distributed Denial of Service(DDOS) Attacks pose a serious threat to the internet.
• We discuss the Internet's Vulnerability to Bandwidth Distributed Denial of Service(BWDDOS) Attacks, where many
hosts send a huge number of packets exceeding network capacity and causing congestion and losses, thereby
disrupting legitimate traffic.
• TCP and other protocols employ congestion control mechanism that response to losses and delays by reducing
network usage, hence their performance may be degraded sharply due to such attacks.
• Attackers may disrupt connectivity to servers, networks, autonomous systems, or whole countries or regions; such
attacks were already launched in several conflicts.
• BWDDOS employed relatively crude, inefficient, 'brute force' mechanism; future attacks may be significantly more
effective, and hence much more harmful.

4. Literature Survey
Title of The paper Description Publication details
DDOs attack detection with
feature engineering and machine
learning: the framework and
performance evaluvation
A strategic framework is proposed that ensures
effective DDoS detection with significant feature
reduction (up to 68%) and minimal accuracy loss
(~0.03%). K-nearest neighbors (KNN) shows the best
overall performance, with models validated through
cross-validation and AUC analyses.
Spingers,2019
Statistical Application
Fingerprinting for
DDoS Attack Mitigation
The framework is extended to detect distributed
denial of service (DDoS) attacks, achieving an
accuracy of over 97% with a misclassification rate of
just 2.5%, as demonstrated using five real-world
traffic datasets.
IEEE,2019
Dept of IT 4

5. Literature Survey
Title of The paper Description Publication details
Learning Multilevel Auto-
Encoders for DDoS
Attack Detection in Smart Grid
Network
The final detection model, created by combining
multilevel features with a multiple kernel learning
(MKL) algorithm, is evaluated on two benchmark
DDoS attack databases. The proposed method
outperforms six recent techniques in prediction
accuracy.
IEEE,2019
DDoS Detection System:
Using a Set of
Classification Algorithms
Controlled by Fuzzy
Logic System in Apache
Spark
DDoS Detection System: Using a Set of Classification
Algorithms Controlled by Fuzzy Logic System in
Apache Spark
IEEE,2019
Dept of IT 5

6. Existing System
• Existing DDoS detection methods primarily focus on identifying specific types of attacks, often failing to detect
other types or mixed DDoS attacks.
• The system introduces five new features derived from heterogeneous packets: entropy rate of IP source flow,
entropy rate of flow, entropy of packet size, entropy rate of packet size, and the number of ICMP destination
unreachable packets.
• The proposed features enable the detection of various types of DDoS attacks, including complex and mixed
attacks, which are often missed by traditional methods.
• The system shows significant improvements in detection accuracy, outperforming existing methods by 21% to
53%.
• The system is based on a comprehensive analysis of the characteristics of various DDoS attacks, leading to more
effective and versatile detection.
Dept of IT 7

7. Proposed System
• BWDDOS attacks, where the attacker sends as many packets as possible directly to the victim, or from an
attacker controlled machines called 'zombies' or ‘puppets’.
• The simplest scenario is one in which the attacker is sending multiple packets using a connection less protocol
such as UDP.
• In Puppet attacks, zombie attacks, root attacks the attacker commonly has a user mode executable on the
zombie machine which opens a standard UDP sockets and sends many packets towards the victim.
• The first attempts to avoid detection, and the second tries to exploit legitimate protocol behavior and cause
legitimate clients/server to excessively misuse their bandwidth against the attacked victim.
Dept of IT 8

8. Methodology
• The methodology of "Sky Shield: A Sketch-Based Defense System Against Application Layer DDoS Attacks"
revolves around efficiently detecting and mitigating application-layer Distributed Denial of Service (DDoS)
attacks.
• The defense system is tested through simulations to evaluate its accuracy, memory usage, and scalability,
ensuring robust protection against application-layer DDoS attacks.
• The system first collects network traffic, focusing on application-layer requests like HTTP, and extracts key
traffic features such as request rates and user patterns.
▪ Sky Shield then applies countermeasures like blacklisting suspicious IP addresses, rate-limiting users, or
implementing graceful degradation of services during high attack periods.
Dept of IT 8

9. Project Modules
Sketch-Based Data Structure Module:
• Implements a memory-efficient data structure, such as Count-Min Sketch, for storing and updating traffic
profiles.
• It continuously updates the sketch as new requests are processed, helping detect traffic anomalies with
minimal memory overhead.
Mitigation Module:
• Once an attack is identified, this module takes action to mitigate the threat.
• It may involve blacklisting or rate-limiting suspicious IP addresses, adjusting traffic priorities, or slowing
down responses to suspected malicious users.
Dept of IT 9

10. System Requirements
HARDWARE REQUIREMENTS
CPU type : Intel core i5 processor
Clock speed : 3.0 GHz
RAM size : 8 GB
Hard disk capacity : 500 GB
Keyboard type : Internet Keyboard
CD -drive type : 52xmax
SOFTWARE REQUIREMENTS
Operating System : Windows 10
Front End : JAVA
Dept of IT 10

11. Use Case Diagram

12. Conference/Journal Publication Status
▪ Aamir, M., Zaidi, S.M.A.: DDoS attack detection with feature engineering and machine learning: the framework
and performance evaluation. Int. J. Inf. Security 18(6), 761–785 (2019)
▪ Ahmed, M.E., Ullah, S., Kim, H.: Statistical application fngerprinting for DDoS attack mitigation. IEEE Trans. Inf.
Forensics Security 14(6), 1471–1484 (2019)
▪ Ali, S., Li, Y.: Learning multilevel auto-encoders for DDoS attack detection in smart grid network. IEEE Access 7,
108647–108659 (2019)
▪ Alsirhani, A., Sampalli, S., Bodorik, P.: DDoS detection system: Using a set of classifcation algorithms controlled by
fuzzy logic system in apache spark. IEEE Trans. Netw. Service Manag. 16(3), 936–949 (2019)
Dept of IT 12

13. SAMPLE CODE
Dept of IT 14

14. SAMPLE CODE
Dept of IT 15

15. THANK YOU
Dept of IT 16