Title: An efficient technique to detect slow rate DDoS attack from a private Tor network

Authors: Yogita Deepak Mane; Uday Pandit Khot

Addresses: Department of Computer Engineering, St. Francis Institute of Technology, Borivali, Mumbai, India ' Department of Electronics and Telecommunication, St. Francis Institute of Technology, Borivali, Mumbai, India

Abstract: A roBOT NETwork is a collection of insecure computers connected via internet. All the activities of insecure computers are controlled by BotMaster. Lately, the BotMaster moved his activities to Tor browser because the secured Tor network makes the detection of Botnet more difficult. The purpose of this paper is to identify Tor based Bot. As the Tor browser is highly secure and doing practical experiment on it is not advisable as it rises ethical issues which could affect the performance and functionality of Tor. Thus, in the proposed system private Tor network (PTN) on physical machines under LAN infrastructure with dedicated resources had been created. The paper shows the detection and deactivation of 'Tor'sHammer' Bot. For detection, delta time (TΔ) is calculated and set the threshold value. For αnormal it is minimum 100 ms and αattack it is less than equal to 10 ms. The TPr is 86.79% and FNr is 13.21%.

Keywords: Botnet; Bot; live Tor network; LTN; private Tor network PTN; DDoS; Tor'sHammer; delta time; attack time.

DOI: 10.1504/IJESDF.2021.111726

International Journal of Electronic Security and Digital Forensics, 2021 Vol.13 No.1, pp.88 - 104

Received: 04 Sep 2019
Accepted: 14 Jan 2020

Published online: 11 Dec 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article