Raj Kumar Batchu,Hari Seetha

DOI: https://doi.org/10.1016/j.comnet.2021.108498

IF: 5.493

2021-12-01

Computer Networks

Abstract:In the digital era, the usage of network-connected devices is rapidly growing which leads to an increase in cyberattacks. Among them, Distributed Denial of Service (DDoS) attacks are becoming more complex to detect. Recently, several models have been reported in the literature to identify them, but it remains a challenging issue due to the significant changes in signatures and traffic rate. To address this problem, a new automatic detection methodology is developed by reducing the feature space, which in turn reduces overfitting and computational time of the model. Initially, data pre-processing is performed to improve the generalizability of the model. Next, feature selection is applied to select the most appropriate features, which helps in improving classification accuracy. Further, the performance of the model is enhanced using hyperparameter tuning by selecting the appropriate parameters for learning approaches. Finally, both the optimal features and hyperparameters are fed to various supervised learning approaches namely-Logistic regression(LR), Decision tree (DT), Gradient boost(GB), K-nearest neighbor (KNN), and Support vector machine (SVM). All these experiments are evaluated on the CICDDoS2019 dataset. The experimental results show that the GB model performed well compared to the state-of-the-art methods with an accuracy of 99.97 %.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Anupama Mishra,Neena Gupta,Brij B. Gupta

DOI: https://doi.org/10.1007/s11235-022-00981-4

2022-12-15

Telecommunication Systems

Abstract:Distributed denial of service attacks are common and very severe threat to various computing technology like Cloud, IoT and Blockchain because of the disruption they cause to the services that are provided. Many different types of DDoS attacks are there, each with a unique action, making it difficult for network monitoring and control systems to identify and prevent them. The objective of this research work is to explore and select a set of data to represent DDoS attack events and attack traffic information. A pre-processing phase is used to clean and transform the data, and afterwards the generation of a model of machine learning for multi-class classification is done. This is carried out to identify the various classification of different types of DDoS attacks. We have used CIC dataset for the experiment which contains all types of DDoS attack and huge in number of records. Random Forest, Support Vector Machine, Naive Bayes, Decision Tree, XGBoost, and AdaBoost are six different types of machine learning algorithms employed in this research. FRom the results, AdaBoost achieves the best accuracy of 99.87% in 27.4 s of computation time. Naive Bayes has the fastest computing time (3.2 s) with 94.15% accuracy, where as Support Vector Machine has the slowest time, a lazy learner (229m26s for training and 0.2 s for prediction) and has the low accuracy (95.73%).

telecommunications

Zainab Sahib Dhahir

DOI: https://doi.org/10.62411/faith.2024-33

2024-09-30

Abstract:This is one of the greatest challenges in computer network security and cannot be dealt with without a set of most recent detection techniques. This paper lays down a new hybrid technique that combines Clustering-Based Local Outlier Factor (CBLOF) and Extreme Gradient Boosting (XGBoost) to enhance accuracy while detecting Distributed Denial of Service (DDoS) from network traffic. The proposed hybrid model utilizes a CBLOF for outlier detection as feature engineering. Over the detected anomalies, classification is to be done using XGBoost classification to attain the objective. The proposed hybrid model was tested extensively on CICIDS 2017 and CICIDS 2018 datasets Compared with traditional ones, the proposed model outperformed the traditional ones with an accuracy rate of 99.99%, precision of 100%, and F1 score reflecting perfection. These results confirm this model's efficiency in terms of known and novel attack patterns and introduce a further reliable framework for the timely detection of DDoS attacks. Even if it is computation-heavy, optimization could be made towards real-time large-scale data.

Daniyal Alghazzawi,Omaimah Bamasag,Hayat Ullah,Muhammad Zubair Asghar

DOI: https://doi.org/10.3390/app112411634

2021-12-08

Applied Sciences

Abstract:DDoS (Distributed Denial of Service) attacks have now become a serious risk to the integrity and confidentiality of computer networks and systems, which are essential assets in today’s world. Detecting DDoS attacks is a difficult task that must be accomplished before any mitigation strategies can be used. The identification of DDoS attacks has already been successfully implemented using machine learning/deep learning (ML/DL). However, due to an inherent limitation of ML/DL frameworks—so-called optimal feature selection—complete accomplishment is likewise out of reach. This is a case in which a machine learning/deep learning-based system does not produce promising results for identifying DDoS attacks. At the moment, existing research on forecasting DDoS attacks has yielded a variety of unexpected predictions utilising machine learning (ML) classifiers and conventional approaches for feature encoding. These previous efforts also made use of deep neural networks to extract features without having to maintain the track of the sequence information. The current work suggests predicting DDoS attacks using a hybrid deep learning (DL) model, namely a CNN with BiLSTM (bidirectional long/short-term memory), in order to effectively anticipate DDoS attacks using benchmark data. By ranking and choosing features that scored the highest in the provided data set, only the most pertinent features were picked. Experiment findings demonstrate that the proposed CNN-BI-LSTM attained an accuracy of up to 94.52 percent using the data set CIC-DDoS2019 during training, testing, and validation.

Huseyin Polat,Onur Polat,Aydin Cetin

DOI: https://doi.org/10.3390/su12031035

IF: 3.9

2020-02-01

Sustainability

Abstract:Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

environmental sciences,environmental studies,green & sustainable science & technology

O. Pandithurai,C. Venkataiah,Shrikant Tiwari,N. Ramanjaneyulu

DOI: https://doi.org/10.1016/j.eswa.2023.122544

IF: 8.5

2024-05-01

Expert Systems with Applications

Abstract:Users are provided access to on-demand services through the Internet with the assist of cloud computing. Services can be accessed at any time and from any place. Although delivering useful services, this model remains vulnerable to security problems. The accessibility of cloud resources is affected by Distributed Denial of Service (DDoS) attacks, which also present security risks for cloud computing. Unable to access data from cloud services, various advanced risks such as malware injection, packagingas well as virtual machine escapes and DDoS are developed by the attackers. Recently, numerous models were designed for detecting attacks in the cloud, but still they lack certain reasons. To alleviate these concerns, this proposed method presented a DDoS attack prediction using a honey badger optimization algorithm based on feature selection and Bi-LSTM in a cloud environment. Input features are gathered from the DDoS attack dataset as the first step in the process. Following this, input features are transmitted into preprocessing steps, including Bayesian and Z-Score normalization. Preprocessed data is sent into the feature selection phasethat employs Honey Badger Optimization (HBO). In this case, the features are chosen by decreasing their MSE to obtain the best feature. Then, optimal features are fed into the Bi-directional Long Short term Memory (Bi-LSTM) classifier for predicting DDoS attacks. The proposed model is also examined using certain existing approaches, including LSTM, DNN, DBN and ANN. When the performance was examined using the existing method, the Bi-LSTM model achieved 97% accuracy, 95% sensitivity, 90% specificity, 3% error, 94% precision and so on. The proposed model is effective at finding DDoS in a cloud environment.

computer science, artificial intelligence,engineering, electrical & electronic,operations research & management science

Azadeh Golduzian

DOI: https://doi.org/10.48550/arXiv.2308.15674

2023-08-30

Abstract:A malicious attempt to exhaust a victim's resources to cause it to crash or halt its services is known as a distributed denial-of-service (DDoS) attack. DDOS attacks stop authorized users from accessing specific services available on the Internet. It targets varying components of a network layer and it is better to stop into layer 4 (transport layer) of the network before approaching a higher layer. This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow and suggests a method to prevent DDOS attacks. For this purpose, we used logistic regression, CNN, XGBoost, naive Bayes, AdaBoostClassifier, KNN, and random forest ML algorithms. In addition, data preprocessing was performed using three methods to identify the most relevant features. This paper explores the issue of improving the DDOS attack detection accuracy using the latest dataset named CICDDoS2019, which has over 50 million records. Because we employed an extensive dataset for this investigation, our findings are trustworthy and practical. Our target class (attack class) was imbalanced. Therefore, we used two techniques to deal with imbalanced data in machine learning. The XGboost machine learning model provided the best detection accuracy of (99.9999%) after applying the SMOTE approach to the target class, outperforming recently developed DDoS detection systems. To the best of our knowledge, no other research has worked on the most recent dataset with over 50 million records, addresses the statistical technique to select the most significant feature, has this high accuracy, and suggests ways to avoid DDOS attackI.

Cryptography and Security

Ahamed Ali Samsu Aliar,V. Gowri,A. Arockia Abins

DOI: https://doi.org/10.1002/ett.4921

IF: 3.6

2024-01-06

Transactions on Emerging Telecommunications Technologies

Abstract:Distributed denial of service (DDoS) attacks are a cyber‐attack in which multiple compromised systems, often controlled by attackers, flood a target system or network with massive traffic volume, overwhelming its resources and rendering it inaccessible to legitimate users. DDoS attacks can cause significant disruption, financial losses, and reputational damage to organizations and individuals. Detecting DDoS an attack promptly allows organizations to respond quickly and implement appropriate mitigation measures. Rapid response helps minimize the impact of the attack and reduce downtime, ensuring that critical systems and services remain accessible to legitimate users and by detecting and mitigating DDoS attacks, organizations can maintain the availability of their services and prevent disruption to their operations. Uninterrupted access to services enhances customer satisfaction, prevents revenue losses, and preserves the organization's reputation. While detecting DDoS attacks brings several advantages, DDoS detection systems may occasionally generate false‐positive alerts, mistakenly identifying legitimate traffic as an attack. This can lead to unnecessary disruptions or false alarms, requiring additional effort and resources for investigation and response. DDoS attacks constantly evolve, and attackers may employ new techniques or variations not yet known or accounted for by detection systems. Reducing some of these problems using the suggested method, this helps improve the system's performance and efficiency. This figure shows the "pictorial representation of the proposed detection model for DDoS attacks over the cloud sector using ensemble deep learning methods." The biggest firms throughout the world now are the ones that offer services in the cloud. One of the top problems for cloud users (CUs) and cloud service providers (CSPs) is the availability of cloud‐based services whenever needed. A distributed denial of service (DDoS) assault has been a significant threat to the security of the system in recent years. DDoS defense and detection of these attacks have become hot topics of research for academia and business. However, most approaches cannot accomplish efficient detection outcomes with few false alarms. As a result, minimizing the consequences of DDoS attacks allows CSPs to offer CUs high‐quality services. In the cloud sector, a collective deep structured algorithm is suggested to identify DDoS attacks successfully. The recommended method contains several stages: data acquisition, pre‐processing, optimal feature detection, and selection. The first step is the acquisition of data using the help of publicly available sources. Further, the input data undergoes preprocessing. Consequently, the optimal weighted feature selection takes place on the preprocessed data, where the optimization is done with the aid of the Hybrid Border Collie and Dragonfly Algorithm (HBCDA). Finally, DDoS attack detection is achieved via a novel method known as adaptive deep dilated ensemble (ADDE), which includes, one‐dimensional convolutional neural network (1DCNN), deep temporal convolutional neural network (DTCNN), recurrent neural network (RNN), and bidirectional long short‐term memory (Bi‐LSTM). For the attainment of optimal results, the parameter tuning is accomplished by using the HBCDA approach. The detection outcome is computed by using the fuzzy ranking mechanism. The validation is done for the suggested method model, and its corresponding findings are validated with conventional techniques. Hence, the suggested approach outperforms the detection performance and ensures more efficiency than traditional approaches.

telecommunications

Kishore Babu Dasari,Nagaraju Devarakonda

DOI: https://doi.org/10.18280/ria.360107

2022-02-28

Abstract:The Distributed Denial of Service (DDoS) attack is a serious cyber security attack that attempts to disrupt the availability security principle of computer networks and information systems. It's critical to detect DDoS attacks quickly and accurately while using as less computing power as possible in order to minimize damage and cost efficient. This research proposes a fast and high-accuracy detection approach by using features selected by proposed method for Exploitation-based DDoS attacks. Experiments are carried out on the CICDDoS2019 datasets Syn flood, UDP flood, and UDP-Lag, as well as customized dataset. In addition, experiments were also conducted on a customized dataset that was constructed by combining three CICDDoS2019 datasets. Pearson, Spearman, and Kendall correlation techniques have been used for datasets to find un-correlated feature subsets. Then, among three un-correlated feature subsets, choose the common un-correlated features. On the datasets, classification techniques are applied to these common un-correlated features. This research used conventional classifiers Logistic regression, Decision tree, KNN, Naive Bayes, bagging classifier Random forest, boosting classifiers Ada boost, Gradient boost, and neural network-based classifier Multilayer perceptron. The performance of these classification algorithms was also evaluated in terms of accuracy, precision, recall, F1-score, specificity, log loss, execution time, and K-fold cross-validation. Finally, classification techniques were tested on a customized dataset with common features that were common in all of the dataset’s common un-correlated feature sets.

Fizza Rizvi,Ravi Sharma,Nonita Sharma,Manik Rakhra,Arwa N. Aledaily,Wattana Viriyasitavat,Kusum Yadav,Gaurav Dhiman,Amandeep Kaur

DOI: https://doi.org/10.1007/s11042-024-18744-5

IF: 2.577

2024-03-14

Multimedia Tools and Applications

Abstract:Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to network infrastructures, exploiting vulnerabilities within existing security protocols and disrupting the seamless availability of online services. The intricate interconnections of nodes within computer networks contribute to the dynamic structure of this environment, complicating efforts to establish a secure and productive user experience. Effectively mitigating DDoS attacks in this complex networked setting remains a challenge. While current strategies primarily rely on anomaly detection and signature-based techniques, utilizing statistical analysis and predefined patterns to identify and thwart attacks, none have consistently demonstrated efficacy or reliability. Consequently, there is a compelling need for advancements in security mechanisms to address DDoS threats more effectively. This research introduces an innovative and highly efficient approach that incorporates various classification algorithms, including Random Forest, Decision Tree, Gradient Boosting, Linear SVM, Logistics, K-nearest neighbors (KNN), and AdaBoost, for DDoS attack detection. The performance of these machine learning classifiers is evaluated using key metrics such as accuracy, recall, F1-score, and precision. Remarkably, experimental results reveal outstanding accuracy rates, with Random Forest achieving the highest accuracy in detecting attacks. Additionally, a genetic algorithm is employed to select optimal features from the dataset, further enhancing the performance of the classifiers. This results in a notable 25% increase in accuracy, surpassing AdaBoost and Logistics, with K-nearest neighbors emerging as the top performer in terms of accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Fray L. Becerra-Suarez,Ismael Fernández-Roman,Manuel G. Forero

DOI: https://doi.org/10.3390/math12091294

IF: 2.4

2024-04-25

Mathematics

Abstract:The early and accurate detection of Distributed Denial of Service (DDoS) attacks is a fundamental area of research to safeguard the integrity and functionality of organizations' digital ecosystems. Despite the growing importance of neural networks in recent years, the use of classical techniques remains relevant due to their interpretability, speed, resource efficiency, and satisfactory performance. This article presents the results of a comparative analysis of six machine learning techniques, namely, Random Forest (RF), Decision Tree (DT), AdaBoost (ADA), Extreme Gradient Boosting (XGB), Multilayer Perceptron (MLP), and Dense Neural Network (DNN), for classifying DDoS attacks. The CICDDoS2019 dataset was used, which underwent data preprocessing to remove outliers, and 22 features were selected using the Pearson correlation coefficient. The RF classifier achieved the best accuracy rate (99.97%), outperforming other classifiers and even previously published neural network-based techniques. These findings underscore the feasibility and effectiveness of machine learning algorithms in the field of DDoS attack detection, reaffirming their relevance as a valuable tool in advanced cyber defense.

mathematics

Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

P. Arun Raj Kumar,S. Selvakumar

DOI: https://doi.org/10.1016/j.comcom.2012.09.010

IF: 5.047

2013-02-01

Computer Communications

Abstract:A DDoS attack is the most prevalent threat, viz., flooding the computing and communication resources in order to make the service unavailable for legitimate users, since a decade and continues to be threatening till date. Therefore, these critical resources must be protected against the DDoS attacks. The detection of DDoS attacks requires adaptive and incremental learning classifier, less computational complexity, and accurate decision making from uncertain information. Hence, the DDoS attacks could be detected using existing soft computing techniques such as fuzzy logic, neural networks, and genetic algorithms. Fuzzy logic has the advantage of interpreting the rules well but it suffers from the disadvantage of not able to acquire the rules automatically. The neural networks generalize the network well but they cannot interpret the rules. Genetic algorithm provides optimal solutions but the time complexity is high. Hybrid methods, Neuro-fuzzy and genetic fuzzy have been proposed to overcome the drawbacks of interpretability and manual rules acquisition. In this paper, adaptive and hybrid neuro-fuzzy systems were proposed as subsystems of the ensemble. Sugeno type Adaptive Neuro-Fuzzy Inference System (ANFIS) has been chosen as a base classifier for our research as Mamdani type ANFIS is not suitable for real time due to its high computational complexity and non-adaptiveness to extract exact knowledge from the dataset. Single classifier makes error on different training samples. So, by creating an ensemble of classifiers and combining their outputs, the total error can be reduced and the detection accuracy can be increased. Improvement in the performance of ANFIS ensemble is the focus of this paper. Our proposed DDoS classification algorithm, NFBoost, differs from the existing methods in weight update distribution strategy, error cost minimization, and ensemble output combination method, but resembles similar in classifier weight assignment and error computation. Our proposed NFBoost algorithm is achieved by combining ensemble of classifier outputs and Neyman Pearson cost minimization strategy, for final classification decision. Publicly available datasets such as KDD Cup, CAIDA DDOS Attack 2007, CONFICKER worm, UNINA traffic traces, and UCI Datasets were used for the simulation experiments. NFBoost was trained and tested with the publicly available datasets and our own SSE Lab1All hosts in SSE Lab are connected through a backbone bandwidth of 1Gbps and to different sites through a 2Mbps MPLS VPN cloud.1 SSENET 2011 datasets. Detection accuracy and Cost per sample were the two metrics used to analyze the performance of the NFBoost classification algorithm and were compared with bagging, boosting, and AdaBoost algorithms. From the simulation results, it is evident that NFBoost algorithm achieves high detection accuracy (99.2%) with fewer false alarms. Cost per instance is also very less for the NFBoost algorithm compared to the existing algorithms. NFBoost algorithm outperforms the existing ensemble algorithms with a maximum gain of 8.4% and a minimum gain of 1.1%.

computer science, information systems,telecommunications,engineering, electrical & electronic

Deepak Kshirsagar,Sandeep Kumar

DOI: https://doi.org/10.1007/s12652-021-02907-5

IF: 3.662

2021-01-28

Journal of Ambient Intelligence and Humanized Computing

Abstract:The hacker attempts distributed denial of service (DDoS) attacks towards network resources to disturb or deny services. The hacker degrades the quality of service to legitimate users by performing reflection and exploitation based DDoS attacks with a trusted third party server that hides information of the attacker. It is, therefore, necessary to propose an intelligent intrusion detection system to detect reflection and exploitation based DDoS attacks efficiently and effectively. The present study proposes a feature reduction method by the combination of information gain (IG) and correlation (CR) feature selection techniques. This study presents a DDoS attack detection framework to detect reflection and exploitation based DDoS attacks in an efficient manner. The framework is tested on the latest DDoS evaluation (CICDDoS2019) dataset with J48 classifier. The feature reduction method obtains minimum and maximum reduction by 56 and 82.92% respectively, of the original features. The experimentation results show that the proposed framework outperforms using a reduced features subset. The validation of the proposed framework on knowledge discovery and data mining (KDD Cup 1999) dataset provides improvement in performance for binary and multi-level classification using feature reduction by 60.97% of the original features. The proposed feature reduction method is also compared to the relevant existing feature selection methods used for intrusion detection on CICDoS 2019 and KDD Cup 1999 datasets.

computer science, information systems,telecommunications, artificial intelligence

Zhenpeng Liu,Yihang Wang,Fan Feng,Yifan Liu,Zelin Li,Yawei Shan

DOI: https://doi.org/10.3390/s23136176

IF: 3.9

2023-07-06

Sensors

Abstract:Distributed denial-of-service (DDoS) attacks pose a significant cybersecurity threat to software-defined networks (SDNs). This paper proposes a feature-engineering- and machine-learning-based approach to detect DDoS attacks in SDNs. First, the CSE-CIC-IDS2018 dataset was cleaned and normalized, and the optimal feature subset was found using an improved binary grey wolf optimization algorithm. Next, the optimal feature subset was trained and tested in Random Forest (RF), Support Vector Machine (SVM), K-Nearest Neighbor (k-NN), Decision Tree, and XGBoost machine learning algorithms, from which the best classifier was selected for DDoS attack detection and deployed in the SDN controller. The results show that RF performs best when compared across several performance metrics (e.g., accuracy, precision, recall, F1 and AUC values). We also explore the comparison between different models and algorithms. The results show that our proposed method performed the best and can effectively detect and identify DDoS attacks in SDNs, providing a new idea and solution for the security of SDNs.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Muhammad Aamir,Syed Mustafa Ali Zaidi

DOI: https://doi.org/10.1007/s10207-019-00434-1

2019-04-11

International Journal of Information Security

Abstract:This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy.

computer science, information systems, theory & methods, software engineering

Manish Kumar Rajak,Ravindra Tiwari

DOI: https://doi.org/10.15680/ijircce.2024.1203507

2024-03-25

International Journal of Innovative Research in Computer and Communication Engineering

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS- attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Ali Shamekhi,Pirooz Shamsinejad Babaki,Reza Javidan

DOI: https://doi.org/10.1007/s12083-024-01690-2

IF: 3.488

2024-04-25

Peer-to-Peer Networking and Applications

Abstract:Dealing with network attacks is becoming more uphill as we go further due to the complexity of computer networks. Among all the network attacks, DDoS attacks are widespread and challenging to detect. Because launching these attacks requires no vulnerability in the target network and they are like legitimate traffic, there is no certain solution for detecting them. Analyzing network users' behavior can be a well-founded solution for detecting anomalies in network resource usage. Since, in most networks, the users' behavior differs at different times of the day, in this paper, we proposed a DDoS attack detection method that clusters the network users' behavior based on adaptive time intervals in a single day. Our contribution is introducing the Timestamp feature as a primary indicator of normal behavior during different times of the day. Time intervals are computed adaptively by clustering the network IP flow using DBSCAN. This process leads to the extraction of a new feature that helps to detect DDoS attacks more accurately. To demonstrate the importance and impact of our new feature, several attack classification models have been trained using prevalent shallow machine algorithms such as Support Vector Machine (SVM), Random Forest (RF), and XGBoost. The method is also validated with the CICDDoS2019 and the CICIoT2023 datasets, which are the most popular and latest DDoS attack datasets. The results showed that our new feature has improved the evaluation metrics impressively with both datasets.

computer science, information systems,telecommunications

Arati Behera,Kshira Sagar Sahoo,Tapas Kumara Mishra,Anand Nayyar,Muhammad Bilal

DOI: https://doi.org/10.1371/journal.pone.0309682

IF: 3.7

2024-10-17

PLoS ONE

Abstract:Internet of things (IoT) facilitates a variety of heterogeneous devices to be enabled with network connectivity via various network architectures to gather and exchange real-time information. On the other hand, the rise of IoT creates Distributed Denial of Services (DDoS) like security threats. The recent advancement of Software Defined-Internet of Things (SDIoT) architecture can provide better security solutions compared to the conventional networking approaches. Moreover, limited computing resources and heterogeneous network protocols are major challenges in the SDIoT ecosystem. Given these circumstances, it is essential to design a low-cost DDoS attack classifier. The current study aims to employ an improved feature selection (FS) technique which determines the most relevant features that can improve the detection rate and reduce the training time. At first, to overcome the data imbalance problem, Edited Nearest Neighbor-based Synthetic Minority Oversampling (SMOTE-ENN) was exploited. The study proposes SFMI, an FS method that combines Sequential Feature Selection (SFE) and Mutual Information (MI) techniques. The top k common features were extracted from the nominated features based on SFE and MI. Further, Principal component analysis (PCA) is employed to address multicollinearity issues in the dataset. Comprehensive experiments have been conducted on two benchmark datasets such as the KDDCup99, CIC IoT-2023 datasets. For classification purposes, Decision Tree, K-Nearest Neighbor, Gaussian Naive Bayes, Random Forest (RF), and Multilayer Perceptron classifiers were employed. The experimental results quantitatively demonstrate that the proposed SMOTE-ENN+SFMI+PCA with RF classifier achieves 99.97% accuracy and 99.39% precision with 10 features.

Mohammad Arafat Ullah,Arthy Anjum,Rashedul Amin Tuhin,Shamim Akhter

2024-11-21

Abstract:A distributed denial-of-service (DDoS) attack is an attempt to produce humongous traffic within a network by overwhelming a targeted server or its neighboring infrastructure with a flood of service requests ceaselessly coming from multiple remotely controlled malware-infected computers or network-connected devices. Thus, exploring DDoS attacks by recognizing their functionalities and differentiating them from normal traffic services are the primary concerns of network security issues particularly for online businesses. In modern networks, most DDoS attacks occur in the network and application layer including HTTP flood, UDP flood, SIDDOS, SMURF, SNMP flood, IP NULL, etc. The goal of this paper is to detect DDoS attacks from all service requests and classify them according to DDoS classes. In this regard, a standard dataset is collected from the internet which contains several network-related attributes and their corresponding DDoS attack class name. Two(2) different machine learning approaches, SVM and Logistic Regression, are implemented in the dataset for detecting and classifying DDoS attacks, and a comparative study is accomplished among them in terms of accuracy, precision, and recall rates. Logistic Regression and SVM both achieve 98.65% classification accuracy which is the highest achieved accuracy among other previous experiments with the same dataset.

Cryptography and Security,Machine Learning