Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Raj Kumar Batchu,Thulasi Bikku,Srinivasarao Thota,Hari Seetha,Abayomi Ayotunde Ayoade

DOI: https://doi.org/10.1038/s41598-024-77554-9

IF: 4.6

2024-11-24

Scientific Reports

Abstract:Distributed denial of service (DDoS) attack is one of the most hazardous assaults in cloud computing or networking. By depleting resources, this attack renders the services unavailable to end users and leads to significant financial and reputational damage. Hence, identifying such threats is crucial to minimize revenue loss, market share, and productivity loss and enhance the brand reputation. In this study, we implemented an effective intrusion detection system using deep learning approach. The suggested framework includes three phases: Data pre-processing, Data balancing, and Classification. First, we prepare the valid data, which is helpful for further processing. Then, we balance the given pre-processed data by Conditional generative adversarial network (CGAN), and as a result, we can minimize the bias towards the majority classes. Finally, we distinguish whether the traffic is attack or benign using a stacked sparse denoising autoencoder (SSDAE) with a firefly-black widow (FA-BW) hybrid optimization algorithm. All these experiments are validated through the CICDDoS2019 dataset and compared with well-received techniques. From these findings, we observed that the proposed strategy detects DDoS attacks significantly more accurately than other approaches. Based on our findings, this study highlights the crucial role played by advanced deep learning techniques and hybrid optimization algorithms in strengthening cybersecurity against DDoS attacks.

multidisciplinary sciences

Ancy Sherin Jose,Latha R Nair,Varghese Paul

DOI: https://doi.org/10.47059/revistageintec.v11i4.2411

2021-07-29

Revista Gestão Inovação e Tecnologias

Abstract:Distributed Denial of Service Attack (DDoS) has emerged as a major threat to cyber space. A DDoS attack aims at exhausting the resources of the victim causing financial and reputational damages to it. The availability of free software make launching of DDoS attacks easy. The difficulty in differentiating a DDoS traffic from a legitimate traffic burst such as a flash crowd makes DDoS difficult to be identified. A wide range of techniques have been used in conventional networks to detect and mitigate DDoS attacks. Though the advent of Software Defined Networking (SDN) makes a network easy to be managed even SDN is vulnerable to DDoS attacks. In this case, the controller of the SDN gets overloaded with the incoming packets from the switches. In fact, a solution based on security analytics can be put in place to ward off this threat as a proactive security measure using the flow level statistics available from the SDN. Compared to the packet analysis used in traditional networks which is resource expensive the flow level statistics is relatively inexpensive. This paper focuses on the design and implementation of an attack detection system for detecting the flooding DDoS attacks TCP SYN flooding attacks, HTTP request flooding attacks, UDP flooding attacks and ICMP flooding attacks over SDN network traffic. The system uses various classification algorithms to classify a traffic into normal or attack. The feature sets for classification were arrived at using a feature selection module with ANOVA (Analysis of Variance) F-Test statistical method. Performance evaluation of each of the classifiers was carried out for the three feature sets obtained from the feature selection module using various performance measures and the results have been tabulated. The feature set which gives the best performance in detecting malicious traffic has been identified.

Ahamed Ali Samsu Aliar,V. Gowri,A. Arockia Abins

DOI: https://doi.org/10.1002/ett.4921

IF: 3.6

2024-01-06

Transactions on Emerging Telecommunications Technologies

Abstract:Distributed denial of service (DDoS) attacks are a cyber‐attack in which multiple compromised systems, often controlled by attackers, flood a target system or network with massive traffic volume, overwhelming its resources and rendering it inaccessible to legitimate users. DDoS attacks can cause significant disruption, financial losses, and reputational damage to organizations and individuals. Detecting DDoS an attack promptly allows organizations to respond quickly and implement appropriate mitigation measures. Rapid response helps minimize the impact of the attack and reduce downtime, ensuring that critical systems and services remain accessible to legitimate users and by detecting and mitigating DDoS attacks, organizations can maintain the availability of their services and prevent disruption to their operations. Uninterrupted access to services enhances customer satisfaction, prevents revenue losses, and preserves the organization's reputation. While detecting DDoS attacks brings several advantages, DDoS detection systems may occasionally generate false‐positive alerts, mistakenly identifying legitimate traffic as an attack. This can lead to unnecessary disruptions or false alarms, requiring additional effort and resources for investigation and response. DDoS attacks constantly evolve, and attackers may employ new techniques or variations not yet known or accounted for by detection systems. Reducing some of these problems using the suggested method, this helps improve the system's performance and efficiency. This figure shows the "pictorial representation of the proposed detection model for DDoS attacks over the cloud sector using ensemble deep learning methods." The biggest firms throughout the world now are the ones that offer services in the cloud. One of the top problems for cloud users (CUs) and cloud service providers (CSPs) is the availability of cloud‐based services whenever needed. A distributed denial of service (DDoS) assault has been a significant threat to the security of the system in recent years. DDoS defense and detection of these attacks have become hot topics of research for academia and business. However, most approaches cannot accomplish efficient detection outcomes with few false alarms. As a result, minimizing the consequences of DDoS attacks allows CSPs to offer CUs high‐quality services. In the cloud sector, a collective deep structured algorithm is suggested to identify DDoS attacks successfully. The recommended method contains several stages: data acquisition, pre‐processing, optimal feature detection, and selection. The first step is the acquisition of data using the help of publicly available sources. Further, the input data undergoes preprocessing. Consequently, the optimal weighted feature selection takes place on the preprocessed data, where the optimization is done with the aid of the Hybrid Border Collie and Dragonfly Algorithm (HBCDA). Finally, DDoS attack detection is achieved via a novel method known as adaptive deep dilated ensemble (ADDE), which includes, one‐dimensional convolutional neural network (1DCNN), deep temporal convolutional neural network (DTCNN), recurrent neural network (RNN), and bidirectional long short‐term memory (Bi‐LSTM). For the attainment of optimal results, the parameter tuning is accomplished by using the HBCDA approach. The detection outcome is computed by using the fuzzy ranking mechanism. The validation is done for the suggested method model, and its corresponding findings are validated with conventional techniques. Hence, the suggested approach outperforms the detection performance and ensures more efficiency than traditional approaches.

telecommunications

Gottapu Sankara Rao,P. Krishna Subbarao

DOI: https://doi.org/10.17762/ijritcc.v11i9.8340

2023-10-27

International Journal on Recent and Innovation Trends in Computing and Communication

Abstract:One of the most serious threat to network security is Denial of service (DOS) attacks. Internet and computer networks are now important parts of our businesses and daily lives. Malicious actions have become more common as our reliance on computers and communication networks has grown. Network threats are a big problem in the way people communicate today. To make sure that the networks work well and that users' information is safe, the network data must be watched and analysed to find malicious activities and attacks. Flooding may be the simplest DDoS assault. Computer networks and services are vulnerable to DoS and DDoS attacks. These assaults flood target systems with malicious traffic, making them unreachable to genuine users. The work aims to enhance the resilience of network infrastructures against these attacks and ensure uninterrupted service delivery. This research develops and evaluates enhanced DoS/DDoS detection methods. DoS attacks usually stop or slow down legal computer or network use. Denial-of-service (DoS) attacks prevent genuine users from accessing and using information systems and resources. The OSI model's layers make up the computer network. Different types of DDoS strikes target different layers. The Network Layer can be broken by using ICMP Floods or Smurf Attacks. The Transport layer can be attacked using UDP Floods, TCP Connection Exhaustion, and SYN Floods. HTTP-encrypted attacks can be used to get through to the application layer. DoS/DDoS attacks are malicious attacks. Protect network data from harm. Computer network services are increasingly threatened by DoS/DDoS attacks. Machine learning may detect prior DoS/DDoS attacks. DoS/DDoS attacks proliferate online and via social media. Network security is IT's top priority. DoS and DDoS assaults include ICMP, UDP, and the more prevalent TCP flood attacks. These strikes must be identified and stopped immediately. In this work, a stacking ensemble method is suggested for detecting DoS/DDoS attacks so that our networked data doesn't get any worse. This paper used a method called "Ensemble of classifiers," in which each class uses a different way to learn. In proposed methodology Experiment#1 , I used the Home Wifi Network Traffic Collected and generated own Dataset named it as MywifiNetwork.csv, whereas in proposed methodology Experiment#2, I used the kaggle repository “NSL-KDD benchmark dataset” to perform experiments in order to find detection accuracy of dos attack detection using python language in jupyter notebook. The system detects attack-type or legitimate-type of network traffic during detection ML classification methods are used to compare how well the suggested system works. The results show that when the ensembled stacking learning model is used, 99% of the time it is able to find the problem. In proposed methodology two Experiments are implemented for comparing detection accuracy with the existing techniques. Compared to other measuring methods, we get a big step forward in finding attacks. So, our model gives a lot of faith in securing these networks. This paper will analyse the behaviour of network traffics.

Aman Rangapur,Tarun Kanakam,Ajith Jubilson

DOI: https://doi.org/10.48550/arXiv.2201.09514

2022-01-24

Abstract:Cyber-attacks have been one of the deadliest attacks in today's world. One of them is DDoS (Distributed Denial of Services). It is a cyber-attack in which the attacker attacks and makes a network or a machine unavailable to its intended users temporarily or indefinitely, interrupting services of the host that are connected to a network. To define it in simple terms, It's an attack accomplished by flooding the target machine with unnecessary requests in an attempt to overload and make the systems crash and make the users unable to use that network or a machine. In this research paper, we present the detection of DDoS attacks using neural networks, that would flag malicious and legitimate data flow, preventing network performance degradation. We compared and assessed our suggested system against current models in the field. We are glad to note that our work was 99.7\% accurate.

Cryptography and Security,Artificial Intelligence

Fizza Rizvi,Ravi Sharma,Nonita Sharma,Manik Rakhra,Arwa N. Aledaily,Wattana Viriyasitavat,Kusum Yadav,Gaurav Dhiman,Amandeep Kaur

DOI: https://doi.org/10.1007/s11042-024-18744-5

IF: 2.577

2024-03-14

Multimedia Tools and Applications

Abstract:Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to network infrastructures, exploiting vulnerabilities within existing security protocols and disrupting the seamless availability of online services. The intricate interconnections of nodes within computer networks contribute to the dynamic structure of this environment, complicating efforts to establish a secure and productive user experience. Effectively mitigating DDoS attacks in this complex networked setting remains a challenge. While current strategies primarily rely on anomaly detection and signature-based techniques, utilizing statistical analysis and predefined patterns to identify and thwart attacks, none have consistently demonstrated efficacy or reliability. Consequently, there is a compelling need for advancements in security mechanisms to address DDoS threats more effectively. This research introduces an innovative and highly efficient approach that incorporates various classification algorithms, including Random Forest, Decision Tree, Gradient Boosting, Linear SVM, Logistics, K-nearest neighbors (KNN), and AdaBoost, for DDoS attack detection. The performance of these machine learning classifiers is evaluated using key metrics such as accuracy, recall, F1-score, and precision. Remarkably, experimental results reveal outstanding accuracy rates, with Random Forest achieving the highest accuracy in detecting attacks. Additionally, a genetic algorithm is employed to select optimal features from the dataset, further enhancing the performance of the classifiers. This results in a notable 25% increase in accuracy, surpassing AdaBoost and Logistics, with K-nearest neighbors emerging as the top performer in terms of accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Amran Mansoor,Mohammed Anbar,Abdullah Ahmed Bahashwan,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.3390/systems11060296

2023-06-09

Systems

Abstract:The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

S. Muthukumar,A.K. Ashfauk Ahamed

DOI: https://doi.org/10.3233/jhs-230142

2024-03-15

Journal of High Speed Networks

Abstract:The “Distributed Denial of Service (DDoS)” threats have become a tool for the hackers, cyber swindlers, and cyber terrorists. Despite the high amount of conventional mitigation mechanisms that are present nowadays, the DDoS threats continue to enhance in severity, volume, and frequency. The DDoS attack has highly affected the availability of the networks for the previous years and still, there is no efficient defense technique against it. Moreover, the new and complex DDoS attacks are increasing on a daily basis but the traditional DDoS attack detection techniques cannot react to these threats. On the other hand, the hackers are employing very innovative strategies to initiate the threats. But, the traditional methods can become effective and reliable when combined with the deep learning-aided approaches. To solve these certain issues, a framework detection mechanism for DDoS attacks utilizes an attention-aided deep learning methodology. The primary thing is the acquisition of data from standard data online sources. Further, from the garnered data, the significant features are drawn out from the “Deep Weighted Restricted Boltzmann Machine (RBM)” using a “Deep Belief Network (DBN)”, in which the parameters are tuned by employing the recommended Enhanced Gannet Optimization Algorithm (EGOA). This feature extraction operation increases the network performance rate and also diminishes the dimensionality issues. Lastly, the acquired features are transferred to the model of “Attention and Cascaded Recurrent Neural Network (RNN) with Residual Long Short Term Memory (LSTM) (ACRNN-RLSTM)” blocks for the DDoS threat detection purpose. This designed network precisely identifies the complex and new attacks, thus it increases the trustworthiness of the network. In the end, the performance of the approach is contrasted with other traditional algorithms. Hence, the simulation outcomes are obtained that prove the system’s efficiency. Also, the outcomes displayed that the designed system overcame the conventional threat detection techniques.

Anupama Mishra,Neena Gupta,Brij B. Gupta

DOI: https://doi.org/10.1007/s11235-022-00981-4

2022-12-15

Telecommunication Systems

Abstract:Distributed denial of service attacks are common and very severe threat to various computing technology like Cloud, IoT and Blockchain because of the disruption they cause to the services that are provided. Many different types of DDoS attacks are there, each with a unique action, making it difficult for network monitoring and control systems to identify and prevent them. The objective of this research work is to explore and select a set of data to represent DDoS attack events and attack traffic information. A pre-processing phase is used to clean and transform the data, and afterwards the generation of a model of machine learning for multi-class classification is done. This is carried out to identify the various classification of different types of DDoS attacks. We have used CIC dataset for the experiment which contains all types of DDoS attack and huge in number of records. Random Forest, Support Vector Machine, Naive Bayes, Decision Tree, XGBoost, and AdaBoost are six different types of machine learning algorithms employed in this research. FRom the results, AdaBoost achieves the best accuracy of 99.87% in 27.4 s of computation time. Naive Bayes has the fastest computing time (3.2 s) with 94.15% accuracy, where as Support Vector Machine has the slowest time, a lazy learner (229m26s for training and 0.2 s for prediction) and has the low accuracy (95.73%).

telecommunications

M. Revathi,V. V. Ramalingam,B. Amutha

DOI: https://doi.org/10.1007/s11277-021-09071-1

IF: 2.017

2021-09-15

Wireless Personal Communications

Abstract:Recently, SDN has arisen as a new network platform that offers unparalleled programming that enables network operators to dynamically customize and control their networks. The attackers aim to paralyse the logical plane, the brain of the network that offers several advantages, by using the SDN controller. However, the control plane is the desirable target of security attacks on the opponents because of its characteristics. One of the most common threats is the DDOS attacks to drain network capacity by sending them heavy traffic, causing network congestion. SDN is a common area of investigation for SDN defenceand DDoS threat identification and prevention in the SDN context has been introduced to many researchers since the proposed SDN attacks. Nevertheless, security risks must be adequately secured. In this paper we suggest a discrete scalable memory based support vector machine algorithm for DDoS threat and SDN mitigation architecture for attack detection. By starting the process of attack detection the input data can gets pre-processed by using Spark standardization technique in which the missing values are replaced and the unwanted data are removed. Then the feature extractions are done using semantic multilinear component analysis algorithm. The classifier is responsible for predicting target and for this a novel discrete scalable memory based support vector machine (DSM-SVM) algorithm is used which provides high accuracy of attack prediction. Followed by attack detection the mitigation process was done, here the mitigation server can identify the threat by intelligently dropping malicious bot traffic and absorbing the rest of the traffic. Here the suggested mechanism achieves attack traffic mitigation and benign traffic dropping. We have evaluated the whole process on KDD dataset. The proposed network model was trained and then used in an SDN threat detection and mitigation environment as part of the assessment process. The entire experiment is run on a VMware-based Ubuntu virtual machine. Weka will utilize our suggested classifier model for training and evaluation, while Mininet uses a RYU controller to establish an SD Network. The findings demonstrate that the mechanism presented exceeds the other algorithms examined, by expressing 99.7% accuracy especially concerning training and testing time over KDD dataset.

telecommunications

Mahrukh Ramzan,Muhammad Shoaib,Ayesha Altaf,Shazia Arshad,Faiza Iqbal,Ángel Kuc Castilla,Imran Ashraf

DOI: https://doi.org/10.3390/s23208642

2023-10-23

Abstract:Internet security is a major concern these days due to the increasing demand for information technology (IT)-based platforms and cloud computing. With its expansion, the Internet has been facing various types of attacks. Viruses, denial of service (DoS) attacks, distributed DoS (DDoS) attacks, code injection attacks, and spoofing are the most common types of attacks in the modern era. Due to the expansion of IT, the volume and severity of network attacks have been increasing lately. DoS and DDoS are the most frequently reported network traffic attacks. Traditional solutions such as intrusion detection systems and firewalls cannot detect complex DDoS and DoS attacks. With the integration of artificial intelligence-based machine learning and deep learning methods, several novel approaches have been presented for DoS and DDoS detection. In particular, deep learning models have played a crucial role in detecting DDoS attacks due to their exceptional performance. This study adopts deep learning models including recurrent neural network (RNN), long short-term memory (LSTM), and gradient recurrent unit (GRU) to detect DDoS attacks on the most recent dataset, CICDDoS2019, and a comparative analysis is conducted with the CICIDS2017 dataset. The comparative analysis contributes to the development of a competent and accurate method for detecting DDoS attacks with reduced execution time and complexity. The experimental results demonstrate that models perform equally well on the CICDDoS2019 dataset with an accuracy score of 0.99, but there is a difference in execution time, with GRU showing less execution time than those of RNN and LSTM.

Ravindra Kumar Chouhan,Mithilesh Atulkar,Naresh Kumar Nagwani

DOI: https://doi.org/10.1007/s10489-022-03565-6

IF: 5.3

2022-06-08

Applied Intelligence

Abstract:Software Defined Network(SDN) is an emerging network architecture and is being used in many IT industries and academia. Its popularity in the present age has attracted many attacks in SDN. Distributed Denial of Service(DDoS) attack is a common issue in the domain of network security. In this work, DDoS attack detection is done using feature extraction and classification from the live traffic of SDN. An effective feature extraction mechanism will not only help in filtering the most suitable task-relevant data but also improve the performance of machine learning algorithms. To identify the best performing classifier with these extracted features, some well-known classifiers namely Support Vector Machine (SVM), Random Forest(RF), K-Nearest Neighbor, eXtreme Gradient Boosting(XGBoost) and Naive Bayes(NB) are trained and tested with the extracted features. It is found that SVM is outperforming other classifiers under some performance measuring metrics namely accuracy, precision, recall, False Alarm Rate(FAR),F1 value, and AUC value. Also, its performance is better than some other state-of-the art works so, it is selected for deployment in the SDN controller which can detect the attack in live traffic.

computer science, artificial intelligence

Naziya Aslam,Shashank Srivastava,M. M. Gore

DOI: https://doi.org/10.1007/s11277-023-10848-9

IF: 2.017

2024-01-30

Wireless Personal Communications

Abstract:Software-Defined Networking (SDN) outperforms conventional networks in terms of programmability, management, flexibility, and efficiency. This is because SDN separates the control and data planes. The centralised control of devices aids in the prevention of Distributed Denial of Service (DDoS) attacks. The controller has a larger network perspective and has the ability to filter network traffic in order to detect harmful flows. The separation of the control and data planes provided benefits, but it is vulnerable to DDoS attacks. DDoS assaults are difficult to detect and resist in real-time. This is only possible if appropriate features for attack detection are chosen. We intend to employ feature selection methods such as BORUTA, IRelief, Random Forest, Information Gain and Chi-Square Test to obtain the most relevant features for DDoS detection. Moreover, we have devised a strategy to detect and mitigate DDoS attack using tracebacking approach through ONOS Flood Defender (OFD) Application. The application effectively detects different DDoS attack traffic using XGBoost and Multilayer Perceptron algorithms with 99% accuracy and least testing times without adding unnecessary load to the system and mitigates the attack in approximately 3.2 s using tracebacking approach. We have performed our experiment on four benchmark datasets CIC-DoS 2017, CIC-DDoS 2019, CIC-IDS 2018 and InSDN. We have evaluated the trade-off between detection accuracy and testing time in order to determine the most effective detection model for addressing DDoS attacks on SDN networks.

telecommunications

Ivandro Ortet Lopes,Deqing Zou,Francis A. Ruambo,Saeed Akbar,Bin Yuan

DOI: https://doi.org/10.1155/2021/5710028

IF: 1.968

2021-01-01

Security and Communication Networks

Abstract:Distributed Denial of Service (DDoS) is a predominant threat to the availability of online services due to their size and frequency. However, developing an effective security mechanism to protect a network from this threat is a big challenge because DDoS uses various attack approaches coupled with several possible combinations. Furthermore, most of the existing deep learning- (DL-) based models pose a high processing overhead or may not perform well to detect the recently reported DDoS attacks as these models use outdated datasets for training and evaluation. To address the issues mentioned earlier, we propose CyDDoS, an integrated intrusion detection system (IDS) framework, which combines an ensemble of feature engineering algorithms with the deep neural network. The ensemble feature selection is based on five machine learning classifiers used to identify and extract the most relevant features used by the predictive model. This approach improves the model performance by processing only a subset of relevant features while reducing the computation requirement. We evaluate the model performance based on CICDDoS2019, a modern and realistic dataset consisting of normal and DDoS attack traffic. The evaluation considers different validation metrics such as accuracy, precision, F1-Score, and recall to argue the effectiveness of the proposed framework against state-of-the-art IDSs.

Qian Li,Linhai Meng,Yuan Zhang,Jinyao Yan

DOI: https://doi.org/10.1007/978-981-13-8138-6_17

2019-01-01

Abstract:A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. It has caused great harm to the security of the network environment. This paper develops a novel framework called PCA-RNN (Principal Component Analysis-Recurrent Neural Network) to identify DDoS attacks. In order to comprehensively understand the network traffic, we select most network characteristics to describe the traffic. We further use the PCA algorithm to reduce the dimensions of the features in order to reduce the time complexity of detection. By applying PCA, the prediction time can be significantly reduced while most of the original information can still be contained. Data after dimensions reduction is fed into RNN to train and get detection model. Evaluation result shows that for the real dataset, PCA-RNN can achieve significant performance improvement in terms of accuracy, sensitivity, precision, and F-score compared to the several existing DDoS attacks detection methods.

B. B. Gupta,R. C. Joshi,Manoj Misra

DOI: https://doi.org/10.48550/arXiv.1204.5592

2012-04-25

Abstract:Denial of service (DoS) attacks and more particularly the distributed ones (DDoS) are one of the latest threat and pose a grave danger to users, organizations and infrastructures of the Internet. Several schemes have been proposed on how to detect some of these attacks, but they suffer from a range of problems, some of them being impractical and others not being effective against these attacks. This paper reports the design principles and evaluation results of our proposed framework that autonomously detects and accurately characterizes a wide range of flooding DDoS attacks in ISP network. Attacks are detected by the constant monitoring of propagation of abrupt traffic changes inside ISP network. For this, a newly designed flow-volume based approach (FVBA) is used to construct profile of the traffic normally seen in the network, and identify anomalies whenever traffic goes out of profile. Consideration of varying tolerance factors make proposed detection system scalable to the varying network conditions and attack loads in real time. Six-sigma method is used to identify threshold values accurately for malicious flows characterization. FVBA has been extensively evaluated in a controlled test-bed environment. Detection thresholds and efficiency is justified using receiver operating characteristics (ROC) curve. For validation, KDD 99, a publicly available benchmark dataset is used. The results show that our proposed system gives a drastic improvement in terms of detection and false alarm rate.

Cryptography and Security

Amany I Hassan,Eman Abd El Reheem,Shawkat K Guirguis

DOI: https://doi.org/10.1038/s41598-024-67984-w

2024-08-06

Abstract:Software-defined networks (SDNs) have been growing rapidly due to their ability to provide an efficient network management approach compared to traditional methods. However, one of the major challenges facing SDNs is the threat of Distributed Denial of Service (DDoS) attacks, which can severely impact network availability. Detecting and mitigating such attacks is challenging, given the constantly evolving range of attack techniques. In this paper, a novel hybrid approach is proposed that combines statistical methods with machine-learning capabilities to address the detection and mitigation of DDoS attacks in SDN environments. The statistical phase of the approach utilizes an entropy-based detection mechanism, while the machine-learning phase employs a clustering mechanism to analyze the impact of active users on the entropy of the system. The k-means algorithm is used for clustering. The proposed approach was experimentally evaluated using three modern datasets, namely, CIC-IDS2017, CSE-CIC-2018, and CICIDS2019. The results demonstrate the effectiveness of the system in detecting and blocking sudden and rapid attacks, highlighting the potential of the proposed approach to significantly enhance security against DDoS attacks in SDN environments.

Ashfaq Ahmad Najar,Manohar Naik Sugali,Faisal Rasheed Lone,Azra Nazir

DOI: https://doi.org/10.1002/cpe.8157

2024-06-04

Concurrency and Computation Practice and Experience

Abstract:Summary Among the recent network security issues, Distributed Denial of Service (DDoS) attack is one of the most dangerous threats in today's cyberspace that can disrupt essential services. These attacks compromise network security by flooding the target with malicious traffic. Several researchers have designed effective DDoS detection mechanisms using machine learning (ML) and deep learning (DL)‐based techniques. However, existing detection approaches paid less attention to issues such as class imbalance, multi‐classification, or computational cost of the models, especially time. In this study, we propose a novel framework for detecting and classifying DDoS attacks with high accuracy and low computational cost. To address the class imbalance, we employ random sampling, while feature selection techniques such as low information gain, quasi‐constant elimination, and principal component analysis are utilized for optimal feature selection and reduction. Our proposed CNN‐based model achieves outstanding performance, boasting an accuracy of 99.99% for binary classification and 98.44% for multi‐classification. The proposed model is compared to existing works and baseline line models and found to be effective in binary and multi‐classification.

computer science, theory & methods, software engineering

Abdulsalam O. Alzahrani,Mohammed J. F. Alenazi

DOI: https://doi.org/10.3390/fi13050111

2021-04-28

Future Internet

Abstract:Software-defined Networking (SDN) has recently developed and been put forward as a promising and encouraging solution for future internet architecture. Managed, the centralized and controlled network has become more flexible and visible using SDN. On the other hand, these advantages bring us a more vulnerable environment and dangerous threats, causing network breakdowns, systems paralysis, online banking frauds and robberies. These issues have a significantly destructive impact on organizations, companies or even economies. Accuracy, high performance and real-time systems are essential to achieve this goal successfully. Extending intelligent machine learning algorithms in a network intrusion detection system (NIDS) through a software-defined network (SDN) has attracted considerable attention in the last decade. Big data availability, the diversity of data analysis techniques, and the massive improvement in the machine learning algorithms enable the building of an effective, reliable and dependable system for detecting different types of attacks that frequently target networks. This study demonstrates the use of machine learning algorithms for traffic monitoring to detect malicious behavior in the network as part of NIDS in the SDN controller. Different classical and advanced tree-based machine learning techniques, Decision Tree, Random Forest and XGBoost are chosen to demonstrate attack detection. The NSL-KDD dataset is used for training and testing the proposed methods; it is considered a benchmarking dataset for several state-of-the-art approaches in NIDS. Several advanced preprocessing techniques are performed on the dataset in order to extract the best form of the data, which produces outstanding results compared to other systems. Using just five out of 41 features of NSL-KDD, a multi-class classification task is conducted by detecting whether there is an attack and classifying the type of attack (DDoS, PROBE, R2L, and U2R), accomplishing an accuracy of 95.95%.