Azadeh Golduzian

DOI: https://doi.org/10.48550/arXiv.2308.15674

2023-08-30

Abstract:A malicious attempt to exhaust a victim's resources to cause it to crash or halt its services is known as a distributed denial-of-service (DDoS) attack. DDOS attacks stop authorized users from accessing specific services available on the Internet. It targets varying components of a network layer and it is better to stop into layer 4 (transport layer) of the network before approaching a higher layer. This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow and suggests a method to prevent DDOS attacks. For this purpose, we used logistic regression, CNN, XGBoost, naive Bayes, AdaBoostClassifier, KNN, and random forest ML algorithms. In addition, data preprocessing was performed using three methods to identify the most relevant features. This paper explores the issue of improving the DDOS attack detection accuracy using the latest dataset named CICDDoS2019, which has over 50 million records. Because we employed an extensive dataset for this investigation, our findings are trustworthy and practical. Our target class (attack class) was imbalanced. Therefore, we used two techniques to deal with imbalanced data in machine learning. The XGboost machine learning model provided the best detection accuracy of (99.9999%) after applying the SMOTE approach to the target class, outperforming recently developed DDoS detection systems. To the best of our knowledge, no other research has worked on the most recent dataset with over 50 million records, addresses the statistical technique to select the most significant feature, has this high accuracy, and suggests ways to avoid DDOS attackI.

Cryptography and Security

Anupama Mishra

DOI: https://doi.org/10.48550/arXiv.2204.12855

2022-04-27

Abstract:DDoS attacks, also known as distributed denial of service (DDoS) attacks, have emerged as one of the most serious and fastest-growing threats on the Internet. Denial-of-service (DDoS) attacks are an example of cyber attacks that target a specific system or network in an attempt to render it inaccessible or unusable for a period of time. As a result, improving the detection of diverse types of DDoS cyber threats with better algorithms and higher accuracy while keeping the computational cost under control has become the most significant component of detecting DDoS cyber threats. In order to properly defend the targeted network or system, it is critical to first determine the sort of DDoS assault that has been launched against it. A number of ensemble classification techniques are presented in this paper, which combines the performance of various algorithms. They are then compared to existing Machine Learning Algorithms in terms of their effectiveness in detecting different types of DDoS attacks using accuracy, F1 scores, and ROC curves. The results show high accuracy and good performance.

Cryptography and Security

Fray L. Becerra-Suarez,Ismael Fernández-Roman,Manuel G. Forero

DOI: https://doi.org/10.3390/math12091294

IF: 2.4

2024-04-25

Mathematics

Abstract:The early and accurate detection of Distributed Denial of Service (DDoS) attacks is a fundamental area of research to safeguard the integrity and functionality of organizations' digital ecosystems. Despite the growing importance of neural networks in recent years, the use of classical techniques remains relevant due to their interpretability, speed, resource efficiency, and satisfactory performance. This article presents the results of a comparative analysis of six machine learning techniques, namely, Random Forest (RF), Decision Tree (DT), AdaBoost (ADA), Extreme Gradient Boosting (XGB), Multilayer Perceptron (MLP), and Dense Neural Network (DNN), for classifying DDoS attacks. The CICDDoS2019 dataset was used, which underwent data preprocessing to remove outliers, and 22 features were selected using the Pearson correlation coefficient. The RF classifier achieved the best accuracy rate (99.97%), outperforming other classifiers and even previously published neural network-based techniques. These findings underscore the feasibility and effectiveness of machine learning algorithms in the field of DDoS attack detection, reaffirming their relevance as a valuable tool in advanced cyber defense.

mathematics

Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Manish Kumar Rajak,Ravindra Tiwari

DOI: https://doi.org/10.15680/ijircce.2024.1203507

2024-03-25

International Journal of Innovative Research in Computer and Communication Engineering

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS- attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Fizza Rizvi,Ravi Sharma,Nonita Sharma,Manik Rakhra,Arwa N. Aledaily,Wattana Viriyasitavat,Kusum Yadav,Gaurav Dhiman,Amandeep Kaur

DOI: https://doi.org/10.1007/s11042-024-18744-5

IF: 2.577

2024-03-14

Multimedia Tools and Applications

Abstract:Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to network infrastructures, exploiting vulnerabilities within existing security protocols and disrupting the seamless availability of online services. The intricate interconnections of nodes within computer networks contribute to the dynamic structure of this environment, complicating efforts to establish a secure and productive user experience. Effectively mitigating DDoS attacks in this complex networked setting remains a challenge. While current strategies primarily rely on anomaly detection and signature-based techniques, utilizing statistical analysis and predefined patterns to identify and thwart attacks, none have consistently demonstrated efficacy or reliability. Consequently, there is a compelling need for advancements in security mechanisms to address DDoS threats more effectively. This research introduces an innovative and highly efficient approach that incorporates various classification algorithms, including Random Forest, Decision Tree, Gradient Boosting, Linear SVM, Logistics, K-nearest neighbors (KNN), and AdaBoost, for DDoS attack detection. The performance of these machine learning classifiers is evaluated using key metrics such as accuracy, recall, F1-score, and precision. Remarkably, experimental results reveal outstanding accuracy rates, with Random Forest achieving the highest accuracy in detecting attacks. Additionally, a genetic algorithm is employed to select optimal features from the dataset, further enhancing the performance of the classifiers. This results in a notable 25% increase in accuracy, surpassing AdaBoost and Logistics, with K-nearest neighbors emerging as the top performer in terms of accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Raj Kumar Batchu,Hari Seetha

DOI: https://doi.org/10.1016/j.comnet.2021.108498

IF: 5.493

2021-12-01

Computer Networks

Abstract:In the digital era, the usage of network-connected devices is rapidly growing which leads to an increase in cyberattacks. Among them, Distributed Denial of Service (DDoS) attacks are becoming more complex to detect. Recently, several models have been reported in the literature to identify them, but it remains a challenging issue due to the significant changes in signatures and traffic rate. To address this problem, a new automatic detection methodology is developed by reducing the feature space, which in turn reduces overfitting and computational time of the model. Initially, data pre-processing is performed to improve the generalizability of the model. Next, feature selection is applied to select the most appropriate features, which helps in improving classification accuracy. Further, the performance of the model is enhanced using hyperparameter tuning by selecting the appropriate parameters for learning approaches. Finally, both the optimal features and hyperparameters are fed to various supervised learning approaches namely-Logistic regression(LR), Decision tree (DT), Gradient boost(GB), K-nearest neighbor (KNN), and Support vector machine (SVM). All these experiments are evaluated on the CICDDoS2019 dataset. The experimental results show that the GB model performed well compared to the state-of-the-art methods with an accuracy of 99.97 %.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Tianqi Yang,Weilin Wang,Ying Liu,Huachun Zhou

DOI: https://doi.org/10.56801/rebicte.v7i.127

2021-01-01

Abstract:Distributed denial of service (DDoS) attack is one of the most serious threats to the Internet The emergenceof distributed reflection denial of service (DRDoS) attacks has increased the harm of DDoSattacks. Aiming at the common DRDoS attacks such as Memcached, TFTP, NTP, SSDP, SNMPand Chargen in the network, a multi-class DRDoS attack detection method based on feature selectionis proposed. Through the analysis of the behavior and characteristics of attack, combined withprobability distribution of features and feature importance to obtain a feature subset of 24 features.When constructing XGBoost model, the input features are the feature subset obtained by the abovefeature selection, and the model outputs multi classification results. The selected features can betterreflect the characteristics of DRDoS attack and improve the detection performance of the model. Experimentalresults show that the feature subset obtained by this method has high precision in multiclassification against DRDoS attacks, and is better than the traditional methods such as support vectormachine and multi-layer perceptron. Feature selection not only reduces the processing time, butalso reduces the malicious traffic by 99.93%.

Furqan Rustam,Muhammad Faheem Mushtaq,Ameer Hamza,Muhammad Shoaib Farooq,Anca Delia Jurcut,Imran Ashraf

DOI: https://doi.org/10.3390/electronics11223817

IF: 2.9

2022-01-01

Electronics

Abstract:The exploitation of internet networks through denial of services (DoS) attacks has experienced a continuous surge over the past few years. Despite the development of advanced intrusion detection and protection systems, network security remains a challenging problem and necessitates the development of efficient and effective defense mechanisms to detect these threats. This research proposes a machine learning-based framework to detect distributed DOS (DDoS)/DoS attacks. For this purpose, a large dataset containing the network traffic of the application layer is utilized. A novel multi-feature approach is proposed where the principal component analysis (PCA) features and singular value decomposition (SVD) features are combined to obtain higher performance. The validation of the multi-feature approach is determined by extensive experiments using several machine learning models. The performance of machine learning models is evaluated for each class of attack and results are discussed regarding the accuracy, recall, and F1 score, etc., in the context of recent state-of-the-art approaches. Experimental results confirm that using multi-feature increases the performance and RF obtains a 100% accuracy.

Xiulai Li,Jieren Cheng,Chengchun Ruan,Bin Zhang,Xiangyan Tang,Mengzhe Sun

DOI: https://doi.org/10.32604/cmc.2023.045588

2023-01-01

Abstract:With the rising adoption of blockchain technology due to its decentralized, secure, and transparent features, ensuring its resilience against network threats, especially Distributed Denial of Service (DDoS) attacks, is crucial. This research addresses the vulnerability of blockchain systems to DDoS assaults, which undermine their core decentralized characteristics, posing threats to their security and reliability. We have devised a novel adaptive integration technique for the detection and identification of varied DDoS attacks. To ensure the robustness and validity of our approach, a dataset amalgamating multiple DDoS attacks was derived from the CIC-DDoS2019 dataset. Using this, our methodology was applied to detect DDoS threats and further classify them into seven unique attack subcategories. To cope with the broad spectrum of DDoS attack variations, a holistic framework has been pro posed that seamlessly integrates five machine learning models: Gate Recurrent Unit (GRU), Convolutional Neural Networks (CNN), Long-Short Term Memory (LSTM), Deep Neural Networks (DNN), and Support Vector Machine (SVM). The innovative aspect of our framework is the introduction of a dynamic weight adjustment mechanism, enhancing the system's adaptability. Experimental results substantiate the superiority of our ensemble method in comparison to singular models across various evaluation metrics. The framework displayed remarkable accuracy, with rates reaching 99.71% for detection and 87.62% for classification tasks. By developing a comprehensive and adaptive methodology, this study paves the way for strengthening the defense mechanisms of blockchain systems against DDoS attacks. The ensemble approach, combined with the dynamic weight adjustment, offers promise in ensuring blockchain's enduring security and trustworthiness

Sandeep Dasari,Rajesh Kaluri

DOI: https://doi.org/10.1109/access.2024.3352281

IF: 3.9

2024-01-01

IEEE Access

Abstract:Data privacy is essential in the financial sector to protect client’s sensitive information, prevent financial fraud, ensure regulatory compliance, and safeguard intellectual property. It has become a challenging task due to the increase in usage of the internet and digital transactions. In this scenario, DDoS attack is one of the major attacks that makes clients’ privacy questionable. It requires effective and robust attack detection and prevention techniques. Machine Learning (ML) is the most effective approach for employing cyber attack detection systems. It paves the way for a new era where human and scientific communities will benefit. This paper presents a hierarchical ML-based hyperparameter-optimization approach for classifying intrusions in a network. CICIDS 2017 standard dataset was considered for this work. Initially, data was preprocessed with the min-max scaling and SMOTE methods. The LASSO approach was used for feature selection, given as input to the hierarchical ML algorithms: XGboost, LGBM, CatBoost, Random Forest (RF), and Decision Tree (DT). All these algorithms are pretrained with hyperparameters to enhance the effectiveness of algorithms. Models performance was assessed in terms of recall, precision, accuracy, and F1-score metrics. Evaluated approaches have shown that the LGBM algorithm gives a proven performance in classifying DDoS attacks with 99.77% of classification accuracy.

computer science, information systems,telecommunications,engineering, electrical & electronic

Huseyin Polat,Onur Polat,Aydin Cetin

DOI: https://doi.org/10.3390/su12031035

IF: 3.9

2020-02-01

Sustainability

Abstract:Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

environmental sciences,environmental studies,green & sustainable science & technology

Muhammad Aamir,Syed Mustafa Ali Zaidi

DOI: https://doi.org/10.1007/s10207-019-00434-1

2019-04-11

International Journal of Information Security

Abstract:This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy.

computer science, information systems, theory & methods, software engineering

Naziya Aslam,Shashank Srivastava,M. M. Gore

DOI: https://doi.org/10.1007/s11277-023-10848-9

IF: 2.017

2024-01-30

Wireless Personal Communications

Abstract:Software-Defined Networking (SDN) outperforms conventional networks in terms of programmability, management, flexibility, and efficiency. This is because SDN separates the control and data planes. The centralised control of devices aids in the prevention of Distributed Denial of Service (DDoS) attacks. The controller has a larger network perspective and has the ability to filter network traffic in order to detect harmful flows. The separation of the control and data planes provided benefits, but it is vulnerable to DDoS attacks. DDoS assaults are difficult to detect and resist in real-time. This is only possible if appropriate features for attack detection are chosen. We intend to employ feature selection methods such as BORUTA, IRelief, Random Forest, Information Gain and Chi-Square Test to obtain the most relevant features for DDoS detection. Moreover, we have devised a strategy to detect and mitigate DDoS attack using tracebacking approach through ONOS Flood Defender (OFD) Application. The application effectively detects different DDoS attack traffic using XGBoost and Multilayer Perceptron algorithms with 99% accuracy and least testing times without adding unnecessary load to the system and mitigates the attack in approximately 3.2 s using tracebacking approach. We have performed our experiment on four benchmark datasets CIC-DoS 2017, CIC-DDoS 2019, CIC-IDS 2018 and InSDN. We have evaluated the trade-off between detection accuracy and testing time in order to determine the most effective detection model for addressing DDoS attacks on SDN networks.

telecommunications

Md. Alamgir Hossain

DOI: https://doi.org/10.37256/aie.4220233337

2023-08-24

Artificial Intelligence Evolution

Abstract:One of the major threats to computer networks and systems is distributed denial-of-service (DDoS) attacks. These attacks include saturating the targeted system with a large volume of traffic coming from several sources, which causes a service interruption. Detecting these attacks in real-time has become a critical task in cybersecurity. The existing method of DDoS attack detection suffers from the problem of high false positive rates. Additionally, the classifiers used in the existing methods may not be able to capture the complex patterns of the DDoS attack traffic, leading to low accuracy. In this research, I propose an enhanced approach for detecting DDoS attacks using an ensemble-based random forest classifier with a novel feature selection technique. The ability of the ensemble-based Random Forest Classifier to aggregate many decision trees to increase classification accuracy makes it a better option for DDoS attack detection than a single machine learning-based classifier. By lowering the variance and bias of the classifier, ensemble-based approaches are known to reduce overfitting and increase the robustness of the model. To choose the most useful characteristics for DDoS attack detection, the feature selection strategy uses a novel combination of correlation analysis, mutual information, and principal component analysis techniques. A part of the CIC-DDoS2019 dataset is used for the evaluation of the proposed method and to compare it to other modern approaches. The experimental results reveal that when integrated with additional evaluation metrics, the proposed approach outperforms existing techniques in various aspects, including accuracy, recall, precision, F1-score, false positive rate, and more. The proposed approach obtained almost 100% accuracy, 0% false positive rate, and 100% true positive rate.

Tewelde Gebremedhin Gebremeskel,Ketema Adere Gemeda,T. Gopi Krishna,Perumalla Janaki Ramulu

DOI: https://doi.org/10.1155/2023/9965945

2023-06-24

Wireless Communications and Mobile Computing

Abstract:A software-defined network (SDN) brings a lot of advantages to the world of networking through flexibility and centralized management; however, this centralized control makes it susceptible to different types of attacks. Distributed denial of service (DDoS) is one of the most dangerous attacks that are frequently launched against the controller to put it out of service. This work takes the special ability of SDN to propose a solution that is an implementation run at the multicontroller to detect a DDoS attack at the early stage. This method not only detects the attacks but also identifies the attacking paths and starts a mitigation process to provide protection for the network devices. This method is based on the entropy variation of the destination host targeted with its IP address and can detect the attack within the first 250 packets of malicious traffic attacking a particular host. Then, fine-grained packet-based detection is performed using a deep-learning model to classify the attack into different types of attack categories. Lastly, the controller sends the updated traffic information to neighbor controllers. The chi-squared ( x 2 ) test feature selection algorithm was also employed to reveal the most relevant features that scored the highest in the provided data set. The experiment result demonstrated that the proposed Long Short-Term Memory (LSTM) model achieved an accuracy of up to 99.42% using the data set CICDDoS2019, which has the potential to detect and classify the DDoS attack traffic effectively in the multicontroller SDN environment. In this regard, it has an enhanced accuracy level to 0.42% compared with the RNN-AE model with data set CICDDoS2019, while it has improved up to 0.44% in comparison with the CNN model with the different data set ICICDDoS2017.

computer science, information systems,telecommunications,engineering, electrical & electronic

Arun Kumar Silivery,Kovvur Ram Mohan Rao,L K Suresh Kumar

DOI: https://doi.org/10.32985/ijeces.14.4.6

2023-08-17

Abstract:In the past few years, cybersecurity is becoming very important due to the rise in internet users. The internet attacks such as Denial of service (DoS) and Distributed Denial of Service (DDoS) attacks severely harm a website or server and make them unavailable to other users. Network Monitoring and control systems have found it challenging to identify the many classes of DoS and DDoS attacks since each operates uniquely. Hence a powerful technique is required for attack detection. Traditional machine learning techniques are inefficient in handling extensive network data and cannot extract high-level features for attack detection. Therefore, an effective deep learning-based intrusion detection system is developed in this paper for DoS and DDoS attack classification. This model includes various phases and starts with the Deep Convolutional Generative Adversarial Networks (DCGAN) based technique to address the class imbalance issue in the dataset. Then a deep learning algorithm based on ResNet-50 extracts the critical features for each class in the dataset. After that, an optimized AlexNet-based classifier is implemented for detecting the attacks separately, and the essential parameters of the classifier are optimized using the Atom search optimization algorithm. The proposed approach was evaluated on benchmark datasets, CCIDS2019 and UNSW-NB15, using key classification metrics and achieved 99.37% accuracy for the UNSW-NB15 dataset and 99.33% for the CICIDS2019 dataset. The investigational results demonstrate that the suggested approach performs superior to other competitive techniques in identifying DoS and DDoS attacks.

Cryptography and Security,Networking and Internet Architecture

Jawahar A,Kaythry P,Vinoth Kumar C,Vinu R,Amrish R,Bavapriyan K,Gopinaath V

DOI: https://doi.org/10.1007/s11042-023-18028-4

IF: 2.577

2024-01-05

Multimedia Tools and Applications

Abstract:Online services are vulnerable to Distributed Denial of Service (DDoS) attacks, which overwhelm target servers with malicious traffic. These attacks are on the rise and challenging to detect due to their various forms, protocols, and the use of botnets. This paper presents a novel system that leverages machine learning algorithms for real-time DDoS attack detection and employs blockchain technology to store and block malicious IP addresses through software-defined networking. The system enhances security measures beyond traditional DDoS mitigation systems. In this paper, machine learning classification techniques are trained and tested using the Canadian Institute of Cyber Security's CICDDoS2019 dataset. Artificial Neural Network (ANN) outperformed KNN, Decision Tree, and Random Forest, achieving the best results. Additionally, the Ethereum blockchain is utilized to maintain a blacklist of malicious IP addresses. To assess the system's performance, a virtual network was established for testing using Mininet and the Python based Open-Source and OpenFlow (POX) controller. In real-time testing on the virtual network, ANN achieved an accuracy of 72.49%. This research presents a promising approach to combatting DDoS attacks while emphasizing the need for continuous improvement in cybersecurity.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Hesham A. Sakr,Mostafa M. Fouda,Ahmed F. Ashour,Ahmed Abdelhafeez,Magda I. El-Afifi,Mohamed Refaat Abdellah

DOI: https://doi.org/10.1016/j.eij.2024.100540

IF: 4.195

2024-09-22

Egyptian Informatics Journal

Abstract:With the growing integration of IoT devices in critical infrastructure, cybersecurity threats such as Distributed Denial of Service (DDoS) attacks on Energy Hubs (EH) have become a significant concern. This study aims to address these challenges by evaluating the effectiveness of various supervised machine learning (ML) algorithms in predicting DDoS attacks targeting EH systems through IoT devices. Using the CICDDOS2019 and KDD-CUP datasets, a comprehensive analysis was conducted on several classifiers, including Decision Tree (DT), Gradient Boosting, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Random Forest. The results highlight Gradient Boosting as the most effective model, particularly for the CICDDOS2019 dataset, demonstrating superior accuracy and predictive capability. Additionally, hybrid models combining Gradient Boosting with SVM or DT showed strong performance, though with varying precision and recall. This study provides valuable insights into the selection and tailoring of ML models for specific security challenges, emphasizing the need for ongoing research to enhance the resilience of EH systems and IoT devices against evolving DDoS threats.

computer science, information systems, artificial intelligence

Qian Li,Linhai Meng,Yuan Zhang,Jinyao Yan

DOI: https://doi.org/10.1007/978-981-13-8138-6_17

2019-01-01

Abstract:A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. It has caused great harm to the security of the network environment. This paper develops a novel framework called PCA-RNN (Principal Component Analysis-Recurrent Neural Network) to identify DDoS attacks. In order to comprehensively understand the network traffic, we select most network characteristics to describe the traffic. We further use the PCA algorithm to reduce the dimensions of the features in order to reduce the time complexity of detection. By applying PCA, the prediction time can be significantly reduced while most of the original information can still be contained. Data after dimensions reduction is fed into RNN to train and get detection model. Evaluation result shows that for the real dataset, PCA-RNN can achieve significant performance improvement in terms of accuracy, sensitivity, precision, and F-score compared to the several existing DDoS attacks detection methods.