Raj Kumar Batchu,Thulasi Bikku,Srinivasarao Thota,Hari Seetha,Abayomi Ayotunde Ayoade

DOI: https://doi.org/10.1038/s41598-024-77554-9

IF: 4.6

2024-11-24

Scientific Reports

Abstract:Distributed denial of service (DDoS) attack is one of the most hazardous assaults in cloud computing or networking. By depleting resources, this attack renders the services unavailable to end users and leads to significant financial and reputational damage. Hence, identifying such threats is crucial to minimize revenue loss, market share, and productivity loss and enhance the brand reputation. In this study, we implemented an effective intrusion detection system using deep learning approach. The suggested framework includes three phases: Data pre-processing, Data balancing, and Classification. First, we prepare the valid data, which is helpful for further processing. Then, we balance the given pre-processed data by Conditional generative adversarial network (CGAN), and as a result, we can minimize the bias towards the majority classes. Finally, we distinguish whether the traffic is attack or benign using a stacked sparse denoising autoencoder (SSDAE) with a firefly-black widow (FA-BW) hybrid optimization algorithm. All these experiments are validated through the CICDDoS2019 dataset and compared with well-received techniques. From these findings, we observed that the proposed strategy detects DDoS attacks significantly more accurately than other approaches. Based on our findings, this study highlights the crucial role played by advanced deep learning techniques and hybrid optimization algorithms in strengthening cybersecurity against DDoS attacks.

multidisciplinary sciences

Jeferson Arango‐López,Gustavo Isaza,Fabian Ramirez,Nestor Duque,Jose Montes

DOI: https://doi.org/10.1111/exsy.13552

IF: 3.3

2024-01-25

Expert Systems

Abstract:Conventional methodologies employed in detecting distributed denial‐of‐service attacks have frequently struggled to adapt to the dynamic and multi‐faceted evolution of such threats. Furthermore, many of the contemporary detection and prevention solutions, while innovative, remain anchored to dedicated workstations, lacking the flexibility and scalability required in today's digital landscape. To bridge this technological chasm, this research introduces a state‐of‐the‐art intrusion detection system firmly rooted in advanced Deep Learning techniques. By leveraging the expansive and adaptable nature of cloud‐centric, service‐oriented architectures, we not only bolster detection precision but also offer a solution designed for modern infrastructures. This system provides enterprises with a robust, easily deployable tool that is both versatile in its application and proactive in its defence approach, ensuring that networks remain resilient against the continuously evolving spectrum of cyber threats.

computer science, artificial intelligence, theory & methods

Ahamed Ali Samsu Aliar,V. Gowri,A. Arockia Abins

DOI: https://doi.org/10.1002/ett.4921

IF: 3.6

2024-01-06

Transactions on Emerging Telecommunications Technologies

Abstract:Distributed denial of service (DDoS) attacks are a cyber‐attack in which multiple compromised systems, often controlled by attackers, flood a target system or network with massive traffic volume, overwhelming its resources and rendering it inaccessible to legitimate users. DDoS attacks can cause significant disruption, financial losses, and reputational damage to organizations and individuals. Detecting DDoS an attack promptly allows organizations to respond quickly and implement appropriate mitigation measures. Rapid response helps minimize the impact of the attack and reduce downtime, ensuring that critical systems and services remain accessible to legitimate users and by detecting and mitigating DDoS attacks, organizations can maintain the availability of their services and prevent disruption to their operations. Uninterrupted access to services enhances customer satisfaction, prevents revenue losses, and preserves the organization's reputation. While detecting DDoS attacks brings several advantages, DDoS detection systems may occasionally generate false‐positive alerts, mistakenly identifying legitimate traffic as an attack. This can lead to unnecessary disruptions or false alarms, requiring additional effort and resources for investigation and response. DDoS attacks constantly evolve, and attackers may employ new techniques or variations not yet known or accounted for by detection systems. Reducing some of these problems using the suggested method, this helps improve the system's performance and efficiency. This figure shows the "pictorial representation of the proposed detection model for DDoS attacks over the cloud sector using ensemble deep learning methods." The biggest firms throughout the world now are the ones that offer services in the cloud. One of the top problems for cloud users (CUs) and cloud service providers (CSPs) is the availability of cloud‐based services whenever needed. A distributed denial of service (DDoS) assault has been a significant threat to the security of the system in recent years. DDoS defense and detection of these attacks have become hot topics of research for academia and business. However, most approaches cannot accomplish efficient detection outcomes with few false alarms. As a result, minimizing the consequences of DDoS attacks allows CSPs to offer CUs high‐quality services. In the cloud sector, a collective deep structured algorithm is suggested to identify DDoS attacks successfully. The recommended method contains several stages: data acquisition, pre‐processing, optimal feature detection, and selection. The first step is the acquisition of data using the help of publicly available sources. Further, the input data undergoes preprocessing. Consequently, the optimal weighted feature selection takes place on the preprocessed data, where the optimization is done with the aid of the Hybrid Border Collie and Dragonfly Algorithm (HBCDA). Finally, DDoS attack detection is achieved via a novel method known as adaptive deep dilated ensemble (ADDE), which includes, one‐dimensional convolutional neural network (1DCNN), deep temporal convolutional neural network (DTCNN), recurrent neural network (RNN), and bidirectional long short‐term memory (Bi‐LSTM). For the attainment of optimal results, the parameter tuning is accomplished by using the HBCDA approach. The detection outcome is computed by using the fuzzy ranking mechanism. The validation is done for the suggested method model, and its corresponding findings are validated with conventional techniques. Hence, the suggested approach outperforms the detection performance and ensures more efficiency than traditional approaches.

telecommunications

Amran Mansoor,Mohammed Anbar,Abdullah Ahmed Bahashwan,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.3390/systems11060296

2023-06-09

Systems

Abstract:The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

Xi Ling,Jiongchi Yu,Ziming Zhao,Zhihao Zhou,Haitao Xu,Binbin Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-031-54773-7_12

2024-01-01

Abstract:With the proliferation of Internet development, Distributed Denial of Service (DDoS) attacks are on the rise. As rule-based traffic analysis frameworks and Deep Packet Inspection (DPI) defense measures can effectively thwart many DDoS attacks, attackers keep exploring various attack surfaces and traffic amplification strategies to nullify the defense. In this paper, we propose DDoSMiner, an automated framework for DDoS attack characterization and vulnerability mining. DDoSMiner analyzes system call patterns of the TCP-based DDoS attack family, then generates Attack Call Flow Graph (ACFG) by discerning the differences between DDoS attack traffic and benign traffic. Furthermore, DDoSMiner identifies and extracts drop nodes and pivotal TCP states from the distinctive characteristics of attack traffic, then passes to the symbolic execution framework for exploring variants of the DDoS attack. We collectively analyze six types of TCP-based DDoS attacks, construct the corresponding ACFG, and identify a set of attack traffic variants. The attack traffic variants are evaluated on the widely used Network Intrusion Detection System (NIDS) Snort with three popular rule sets. The result shows that DDoSMiner indeed discovers the new DDoS attack trace, and the corresponding attack traffic can bypass all three defense toolkits.

Roberto Doriguzzi-Corin,Stuart Millar,Sandra Scott-Hayward,Jesus Martinez-del-Rincon,Domenico Siracusa

DOI: https://doi.org/10.1109/TNSM.2020.2971776

2020-08-28

Abstract:Distributed Denial of Service (DDoS) attacks are one of the most harmful threats in today's Internet, disrupting the availability of essential services. The challenge of DDoS detection is the combination of attack approaches coupled with the volume of live traffic to be analysed. In this paper, we present a practical, lightweight deep learning DDoS detection system called LUCID, which exploits the properties of Convolutional Neural Networks (CNNs) to classify traffic flows as either malicious or benign. We make four main contributions; (1) an innovative application of a CNN to detect DDoS traffic with low processing overhead, (2) a dataset-agnostic preprocessing mechanism to produce traffic observations for online attack detection, (3) an activation analysis to explain LUCID's DDoS classification, and (4) an empirical validation of the solution on a resource-constrained hardware platform. Using the latest datasets, LUCID matches existing state-of-the-art detection accuracy whilst presenting a 40x reduction in processing time, as compared to the state-of-the-art. With our evaluation results, we prove that the proposed approach is suitable for effective DDoS detection in resource-constrained operational environments.

Cryptography and Security,Networking and Internet Architecture

Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Mahmoud Said Elsayed,Nhien-An Le-Khac,Soumyabrata Dev,Anca Delia Jurcut

DOI: https://doi.org/10.48550/arXiv.2006.13981

2020-06-25

Abstract:Software-Defined Networking (SDN) is an emerging paradigm, which evolved in recent years to address the weaknesses in traditional networks. The significant feature of the SDN, which is achieved by disassociating the control plane from the data plane, facilitates network management and allows the network to be efficiently programmable. However, the new architecture can be susceptible to several attacks that lead to resource exhaustion and prevent the SDN controller from supporting legitimate users. One of these attacks, which nowadays is growing significantly, is the Distributed Denial of Service (DDoS) attack. DDoS attack has a high impact on crashing the network resources, making the target servers unable to support the valid users. The current methods deploy Machine Learning (ML) for intrusion detection against DDoS attacks in the SDN network using the standard datasets. However, these methods suffer several drawbacks, and the used datasets do not contain the most recent attack patterns - hence, lacking in attack diversity. In this paper, we propose DDoSNet, an intrusion detection system against DDoS attacks in SDN environments. Our method is based on Deep Learning (DL) technique, combining the Recurrent Neural Network (RNN) with autoencoder. We evaluate our model using the newly released dataset CICDDoS2019, which contains a comprehensive variety of DDoS attacks and addresses the gaps of the existing current datasets. We obtain a significant improvement in attack detection, as compared to other benchmarking methods. Hence, our model provides great confidence in securing these networks.

Cryptography and Security

Manish Kumar Rajak,Ravindra Tiwari

DOI: https://doi.org/10.15680/ijircce.2024.1203507

2024-03-25

International Journal of Innovative Research in Computer and Communication Engineering

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS- attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Sengathir Janakiraman,M. Deva Priya

DOI: https://doi.org/10.1007/s11277-023-10407-2

IF: 2.017

2023-04-26

Wireless Personal Communications

Abstract:Cloud computing is supported by Fog computing paradigm for achieving local data investigation at edge devices by offering storage support, infrastructure, computing and network facilities to end users. Availability is considered as the important security requirement for facilitating disruptive utilization of on-demand cloud service for diverse client applications. Seamless services of clouds are hindered by Distributed Denial of Service (DDoS) attacks in a cloud computing environment. In this paper, Deep Reinforcement Learning (DRL) and Long Short Term Memory (LSTM)-based DDoS attack mitigation scheme is propounded for handling the impacts of DDoS attacks in fog-assisted cloud computing environment. In the proposed scheme, Software Defined Network (SDN) is utilized for deploying defense module in the SDN controller for the purpose of identifying anomalous characteristics of DDoS attack in transport or network layer. It aids in filtering and forwarding legitimate packets by performing network traffic analysis while circumventing attacks caused by infected packets.

telecommunications

Ali Alfatemi,Mohamed Rahouti,Ruhul Amin,Sarah ALJamal,Kaiqi Xiong,Yufeng Xin

2024-01-06

Abstract:Distributed Denial of Service (DDoS) attacks pose a significant threat to the stability and reliability of online systems. Effective and early detection of such attacks is pivotal for safeguarding the integrity of networks. In this work, we introduce an enhanced approach for DDoS attack detection by leveraging the capabilities of Deep Residual Neural Networks (ResNets) coupled with synthetic oversampling techniques. Because of the inherent class imbalance in many cyber-security datasets, conventional methods often struggle with false negatives, misclassifying subtle DDoS patterns as benign. By applying the Synthetic Minority Over-sampling Technique (SMOTE) to the CICIDS dataset, we balance the representation of benign and malicious data points, enabling the model to better discern intricate patterns indicative of an attack. Our deep residual network, tailored for this specific task, further refines the detection process. Experimental results on a real-world dataset demonstrate that our approach achieves an accuracy of 99.98%, significantly outperforming traditional methods. This work underscores the potential of combining advanced data augmentation techniques with deep learning models to bolster cyber-security defenses.

Cryptography and Security,Machine Learning

Quamar Niyaz,Weiqing Sun,Ahmad Y Javaid

DOI: https://doi.org/10.4108/eai.28-12-2017.153515

2016-11-23

Abstract:Distributed Denial of Service (DDoS) is one of the most prevalent attacks that an organizational network infrastructure comes across nowadays. We propose a deep learning based multi-vector DDoS detection system in a software-defined network (SDN) environment. SDN provides flexibility to program network devices for different objectives and eliminates the need for third-party vendor-specific hardware. We implement our system as a network application on top of an SDN controller. We use deep learning for feature reduction of a large set of features derived from network traffic headers. We evaluate our system based on different performance metrics by applying it on traffic traces collected from different scenarios. We observe high accuracy with a low false-positive for attack detection in our proposed system.

Networking and Internet Architecture

Iqbal Jebril,M. Premkumar,Ghaida Muttashar Abdulsahib,S. R. Ashokkumar,S. Dhanasekaran,Oshamah Ibrahim Khalaf,Sameer Algburi

DOI: https://doi.org/10.36244/icj.2024.1.1

2024-01-01

Infocommunications journal

Abstract:In recent days, with the rapid advancement of technology in informatics systems, the Internet of Things (IoT) becomes crucial in many aspects of daily life. IoT applications have gained popularity due to the availability of various IoT enabler gadgets, such as smartwatches, smartphones, and so on. However, the vulnerability of IoT devices has led to security challenges, including Distributed Denial-of-Service (DDoS) attacks. These limitations result from the dynamic communication between IoT devices due to their limited data storage and processing resources. The primary research challenge is to create a model that can recognize legitimate traffic while effectively protecting the network against various classes of DDoS attacks. This article proposes a CNN-BiLSTM DDoS detection model by combining three deep-learning algorithms. The models are evaluated using the CICIDS2017 dataset against commonly used performance criteria which the models perform well, achieving an accuracy of around 99.76%, except for the CNN model, which achieves an accuracy of 98.82%. The proposed model performs best, achieving an accuracy of 99.9%.

Peyman Khordadpour,Saeed Ahmadi

DOI: https://doi.org/10.48550/arXiv.2305.16389

2023-05-26

Abstract:In recent times, I've encountered a principle known as cloud computing, a model that simplifies user access to data and computing power on a demand basis. The main objective of cloud computing is to accommodate users' growing needs by decreasing dependence on human resources, minimizing expenses, and enhancing the speed of data access. Nevertheless, preserving security and privacy in cloud computing systems pose notable challenges. This issue arises because these systems have a distributed structure, which is susceptible to unsanctioned access - a fundamental problem. In the context of cloud computing, the provision of services on demand makes them targets for common assaults like Denial of Service (DoS) attacks, which include Economic Denial of Sustainability (EDoS) and Distributed Denial of Service (DDoS). These onslaughts can be classified into three categories: bandwidth consumption attacks, specific application attacks, and connection layer attacks. Most of the studies conducted in this arena have concentrated on a singular type of attack, with the concurrent detection of multiple DoS attacks often overlooked. This article proposes a suitable method to identify four types of assaults: HTTP, Database, TCP SYN, and DNS Flood. The aim is to present a universal algorithm that performs effectively in detecting all four attacks instead of using separate algorithms for each one. In this technique, seventeen server parameters like memory usage, CPU usage, and input/output counts are extracted and monitored for changes, identifying the failure point using the CUSUM algorithm to calculate the likelihood of each attack. Subsequently, a fuzzy neural network is employed to determine the occurrence of an attack. When compared to the Snort software, the proposed method's results show a significant improvement in the average detection rate, jumping from 57% to 95%.

Cryptography and Security

Trung V. Phan,Minho Park

DOI: https://doi.org/10.1109/access.2019.2896783

IF: 3.9

2019-01-01

IEEE Access

Abstract:Software-defined networking (SDN) is the key outcome of extensive research efforts over the past few decades toward transforming the Internet infrastructure to be more programmable, configurable, and manageable. However, critical cyber-threats in the SDN-based cloud environment are rising rapidly, in which distributed denial-of-service (DDoS) attack is one of the most damaging cyber attacks. In this paper, we propose an efficient solution to tackle DDoS attacks in the SDN-based cloud environment. We first introduce a new hybrid machine learning model based on support vector machine and self-organizing map algorithms to improve the traffic classification. Then, we propose an enhanced history-based IP filtering scheme ( $eHIPF$ ) to improve the attack detection rate and speed. Finally, we introduce a novel mechanism that combines both the hybrid machine learning model and the $eHIPF$ scheme to make a DDoS attack defender for the SDN-based cloud environment. The testbed is implemented in an SDN-based cloud with service function chaining. Through practical experiments, the proposed DDoS attack defender is proven to outperform existing mechanisms for DDoS attack classification and detection. The comprehensive experiments conducted with various DDoS attack levels prove that the proposed mechanism is an effective, innovative approach to defend DDoS attacks in the SDN-based cloud.

computer science, information systems,telecommunications,engineering, electrical & electronic

Firas Mohammed Aswad,Ali Mohammed Saleh Ahmed,Nafea Ali Majeed Alhammadi,Bashar Ahmad Khalaf,Salama A. Mostafa

DOI: https://doi.org/10.1515/jisys-2022-0155

2023-01-01

Journal of Intelligent Systems

Abstract:Abstract With the rapid growth of informatics systems’ technology in this modern age, the Internet of Things (IoT) has become more valuable and vital to everyday life in many ways. IoT applications are now more popular than they used to be due to the availability of many gadgets that work as IoT enablers, including smartwatches, smartphones, security cameras, and smart sensors. However, the insecure nature of IoT devices has led to several difficulties, one of which is distributed denial-of-service (DDoS) attacks. IoT systems have several security limitations due to their disreputability characteristics, like dynamic communication between IoT devices. The dynamic communications resulted from the limited resources of these devices, such as their data storage and processing units. Recently, many attempts have been made to develop intelligent models to protect IoT networks against DDoS attacks. The main ongoing research issue is developing a model capable of protecting the network from DDoS attacks that is sensitive to various classes of DDoS and can recognize legitimate traffic to avoid false alarms. Subsequently, this study proposes combining three deep learning algorithms, namely recurrent neural network (RNN), long short-term memory (LSTM)-RNN, and convolutional neural network (CNN), to build a bidirectional CNN-BiLSTM DDoS detection model. The RNN, CNN, LSTM, and CNN-BiLSTM are implemented and tested to determine the most effective model against DDoS attacks that can accurately detect and distinguish DDoS from legitimate traffic. The intrusion detection evaluation dataset (CICIDS2017) is used to provide more realistic detection. The CICIDS2017 dataset includes benign and up-to-date examples of typical attacks, closely matching real-world data of Packet Capture. The four models are tested and assessed using Confusion Metrix against four commonly used criteria: accuracy, precision, recall, and F -measure. The performance of the models is quite effective as they obtain an accuracy rate of around 99.00%, except for the CNN model, which achieves an accuracy of 98.82%. The CNN-BiLSTM achieves the best accuracy of 99.76% and precision of 98.90%.

Khoi Khac Nguyen,Dinh Thai Hoang,Dusit Niyato,Ping Wang,Diep Nguyen,Eryk Dutkiewicz

DOI: https://doi.org/10.48550/arXiv.1712.05914

2017-12-16

Abstract:With the rapid growth of mobile applications and cloud computing, mobile cloud computing has attracted great interest from both academia and industry. However, mobile cloud applications are facing security issues such as data integrity, users' confidentiality, and service availability. A preventive approach to such problems is to detect and isolate cyber threats before they can cause serious impacts to the mobile cloud computing system. In this paper, we propose a novel framework that leverages a deep learning approach to detect cyberattacks in mobile cloud environment. Through experimental results, we show that our proposed framework not only recognizes diverse cyberattacks, but also achieves a high accuracy (up to 97.11%) in detecting the attacks. Furthermore, we present the comparisons with current machine learning-based approaches to demonstrate the effectiveness of our proposed solution.

Cryptography and Security,Distributed, Parallel, and Cluster Computing,Machine Learning

Mahrukh Ramzan,Muhammad Shoaib,Ayesha Altaf,Shazia Arshad,Faiza Iqbal,Ángel Kuc Castilla,Imran Ashraf

DOI: https://doi.org/10.3390/s23208642

2023-10-23

Abstract:Internet security is a major concern these days due to the increasing demand for information technology (IT)-based platforms and cloud computing. With its expansion, the Internet has been facing various types of attacks. Viruses, denial of service (DoS) attacks, distributed DoS (DDoS) attacks, code injection attacks, and spoofing are the most common types of attacks in the modern era. Due to the expansion of IT, the volume and severity of network attacks have been increasing lately. DoS and DDoS are the most frequently reported network traffic attacks. Traditional solutions such as intrusion detection systems and firewalls cannot detect complex DDoS and DoS attacks. With the integration of artificial intelligence-based machine learning and deep learning methods, several novel approaches have been presented for DoS and DDoS detection. In particular, deep learning models have played a crucial role in detecting DDoS attacks due to their exceptional performance. This study adopts deep learning models including recurrent neural network (RNN), long short-term memory (LSTM), and gradient recurrent unit (GRU) to detect DDoS attacks on the most recent dataset, CICDDoS2019, and a comparative analysis is conducted with the CICIDS2017 dataset. The comparative analysis contributes to the development of a competent and accurate method for detecting DDoS attacks with reduced execution time and complexity. The experimental results demonstrate that models perform equally well on the CICDDoS2019 dataset with an accuracy score of 0.99, but there is a difference in execution time, with GRU showing less execution time than those of RNN and LSTM.

S. Velliangiri,P. Karthikeyan,V. Vinoth Kumar

DOI: https://doi.org/10.1080/0952813X.2020.1744196

2020-04-16

Abstract:Cloud computing services provide a wide range of resource pool for maintaining a large amount of data. Cloud services are commonly used as the private or public data forum based on the demand, and the increase in usage has lead to security concerns. The information in the cloud comes under threat due to hackers, and the most common attack on the cloud data is considered as the Distributed Denial of Service (DDoS) attack. This work has concentrated on detecting the DDoS attack by developing the deep learning-based classifier. The service request from the users is collected and grouped as the log information. From the log file, some important features are selected for the classification using the Bhattacharya distance measure to reduce the training time of the classifier. Here, Taylor-Elephant Herd Optimisation based Deep Belief Network (TEHO-DBN), is developed by modifying the Elephant Herd Optimisation (EHO) with the Taylor series and the algorithm thus developed is adopted to train the Deep Belief Network (DBN) for the DDoS attack detection. From the simulation results, it can be concluded that the proposed TEHO based DBN classifier has improved performance with a maximum accuracy of 0.830.

computer science, artificial intelligence

Azar Abid Salih,Maiwan Bahjat Abdulrazaq

DOI: https://doi.org/10.32604/cmc.2023.046101

2024-01-01

Abstract:Cyberspace is extremely dynamic, with new attacks arising daily. Protecting cybersecurity controls is vital for network security. Deep Learning (DL) models find widespread use across various fields, with cybersecurity being one of the most crucial due to their rapid cyberattack detection capabilities on networks and hosts. The capabilities of DL in feature learning and analyzing extensive data volumes lead to the recognition of network traffic patterns. This study presents novel lightweight DL models, known as Cybernet models, for the detection and recognition of various cyber Distributed Denial of Service (DDoS) attacks. These models were constructed to have a reasonable number of learnable parameters, i.e., less than 225,000, hence the name “lightweight.” This not only helps reduce the number of computations required but also results in faster training and inference times. Additionally, these models were designed to extract features in parallel from 1D Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM), which makes them unique compared to earlier existing architectures and results in better performance measures. To validate their robustness and effectiveness, they were tested on the CIC-DDoS2019 dataset, which is an imbalanced and large dataset that contains different types of DDoS attacks. Experimental results revealed that both models yielded promising results, with 99.99% for the detection model and 99.76% for the recognition model in terms of accuracy, precision, recall, and F1 score. Furthermore, they outperformed the existing state-of-the-art models proposed for the same task. Thus, the proposed models can be used in cyber security research domains to successfully identify different types of attacks with a high detection and recognition rate.

computer science, information systems,materials science, multidisciplinary