Fray L. Becerra-Suarez,Ismael Fernández-Roman,Manuel G. Forero

DOI: https://doi.org/10.3390/math12091294

IF: 2.4

2024-04-25

Mathematics

Abstract:The early and accurate detection of Distributed Denial of Service (DDoS) attacks is a fundamental area of research to safeguard the integrity and functionality of organizations' digital ecosystems. Despite the growing importance of neural networks in recent years, the use of classical techniques remains relevant due to their interpretability, speed, resource efficiency, and satisfactory performance. This article presents the results of a comparative analysis of six machine learning techniques, namely, Random Forest (RF), Decision Tree (DT), AdaBoost (ADA), Extreme Gradient Boosting (XGB), Multilayer Perceptron (MLP), and Dense Neural Network (DNN), for classifying DDoS attacks. The CICDDoS2019 dataset was used, which underwent data preprocessing to remove outliers, and 22 features were selected using the Pearson correlation coefficient. The RF classifier achieved the best accuracy rate (99.97%), outperforming other classifiers and even previously published neural network-based techniques. These findings underscore the feasibility and effectiveness of machine learning algorithms in the field of DDoS attack detection, reaffirming their relevance as a valuable tool in advanced cyber defense.

mathematics

Raj Kumar Batchu,Hari Seetha

DOI: https://doi.org/10.1016/j.comnet.2021.108498

IF: 5.493

2021-12-01

Computer Networks

Abstract:In the digital era, the usage of network-connected devices is rapidly growing which leads to an increase in cyberattacks. Among them, Distributed Denial of Service (DDoS) attacks are becoming more complex to detect. Recently, several models have been reported in the literature to identify them, but it remains a challenging issue due to the significant changes in signatures and traffic rate. To address this problem, a new automatic detection methodology is developed by reducing the feature space, which in turn reduces overfitting and computational time of the model. Initially, data pre-processing is performed to improve the generalizability of the model. Next, feature selection is applied to select the most appropriate features, which helps in improving classification accuracy. Further, the performance of the model is enhanced using hyperparameter tuning by selecting the appropriate parameters for learning approaches. Finally, both the optimal features and hyperparameters are fed to various supervised learning approaches namely-Logistic regression(LR), Decision tree (DT), Gradient boost(GB), K-nearest neighbor (KNN), and Support vector machine (SVM). All these experiments are evaluated on the CICDDoS2019 dataset. The experimental results show that the GB model performed well compared to the state-of-the-art methods with an accuracy of 99.97 %.

computer science, information systems,telecommunications,engineering, electrical & electronic, hardware & architecture

Azadeh Golduzian

DOI: https://doi.org/10.48550/arXiv.2308.15674

2023-08-30

Abstract:A malicious attempt to exhaust a victim's resources to cause it to crash or halt its services is known as a distributed denial-of-service (DDoS) attack. DDOS attacks stop authorized users from accessing specific services available on the Internet. It targets varying components of a network layer and it is better to stop into layer 4 (transport layer) of the network before approaching a higher layer. This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow and suggests a method to prevent DDOS attacks. For this purpose, we used logistic regression, CNN, XGBoost, naive Bayes, AdaBoostClassifier, KNN, and random forest ML algorithms. In addition, data preprocessing was performed using three methods to identify the most relevant features. This paper explores the issue of improving the DDOS attack detection accuracy using the latest dataset named CICDDoS2019, which has over 50 million records. Because we employed an extensive dataset for this investigation, our findings are trustworthy and practical. Our target class (attack class) was imbalanced. Therefore, we used two techniques to deal with imbalanced data in machine learning. The XGboost machine learning model provided the best detection accuracy of (99.9999%) after applying the SMOTE approach to the target class, outperforming recently developed DDoS detection systems. To the best of our knowledge, no other research has worked on the most recent dataset with over 50 million records, addresses the statistical technique to select the most significant feature, has this high accuracy, and suggests ways to avoid DDOS attackI.

Cryptography and Security

Anupama Mishra,Neena Gupta,Brij B. Gupta

DOI: https://doi.org/10.1007/s11235-022-00981-4

2022-12-15

Telecommunication Systems

Abstract:Distributed denial of service attacks are common and very severe threat to various computing technology like Cloud, IoT and Blockchain because of the disruption they cause to the services that are provided. Many different types of DDoS attacks are there, each with a unique action, making it difficult for network monitoring and control systems to identify and prevent them. The objective of this research work is to explore and select a set of data to represent DDoS attack events and attack traffic information. A pre-processing phase is used to clean and transform the data, and afterwards the generation of a model of machine learning for multi-class classification is done. This is carried out to identify the various classification of different types of DDoS attacks. We have used CIC dataset for the experiment which contains all types of DDoS attack and huge in number of records. Random Forest, Support Vector Machine, Naive Bayes, Decision Tree, XGBoost, and AdaBoost are six different types of machine learning algorithms employed in this research. FRom the results, AdaBoost achieves the best accuracy of 99.87% in 27.4 s of computation time. Naive Bayes has the fastest computing time (3.2 s) with 94.15% accuracy, where as Support Vector Machine has the slowest time, a lazy learner (229m26s for training and 0.2 s for prediction) and has the low accuracy (95.73%).

telecommunications

Ahmad Hamarshe,Huthaifa I. Ashqar,Mohammad Hamarsheh

DOI: https://doi.org/10.48550/arXiv.2303.06513

IF: 5.414

2023-03-11

Machine Learning

Abstract:The concept of Software Defined Networking (SDN) represents a modern approach to networking that separates the control plane from the data plane through network abstraction, resulting in a flexible, programmable and dynamic architecture compared to traditional networks. The separation of control and data planes has led to a high degree of network resilience, but has also given rise to new security risks, including the threat of distributed denial-of-service (DDoS) attacks, which pose a new challenge in the SDN environment. In this paper, the effectiveness of using machine learning algorithms to detect distributed denial-of-service (DDoS) attacks in software-defined networking (SDN) environments is investigated. Four algorithms, including Random Forest, Decision Tree, Support Vector Machine, and XGBoost, were tested on the CICDDoS2019 dataset, with the timestamp feature dropped among others. Performance was assessed by measures of accuracy, recall, accuracy, and F1 score, with the Random Forest algorithm having the highest accuracy, at 68.9%. The results indicate that ML-based detection is a more accurate and effective method for identifying DDoS attacks in SDN, despite the computational requirements of non-parametric algorithms.

Zainab Sahib Dhahir

DOI: https://doi.org/10.62411/faith.2024-33

2024-09-30

Abstract:This is one of the greatest challenges in computer network security and cannot be dealt with without a set of most recent detection techniques. This paper lays down a new hybrid technique that combines Clustering-Based Local Outlier Factor (CBLOF) and Extreme Gradient Boosting (XGBoost) to enhance accuracy while detecting Distributed Denial of Service (DDoS) from network traffic. The proposed hybrid model utilizes a CBLOF for outlier detection as feature engineering. Over the detected anomalies, classification is to be done using XGBoost classification to attain the objective. The proposed hybrid model was tested extensively on CICIDS 2017 and CICIDS 2018 datasets Compared with traditional ones, the proposed model outperformed the traditional ones with an accuracy rate of 99.99%, precision of 100%, and F1 score reflecting perfection. These results confirm this model's efficiency in terms of known and novel attack patterns and introduce a further reliable framework for the timely detection of DDoS attacks. Even if it is computation-heavy, optimization could be made towards real-time large-scale data.

Hesham A. Sakr,Mostafa M. Fouda,Ahmed F. Ashour,Ahmed Abdelhafeez,Magda I. El-Afifi,Mohamed Refaat Abdellah

DOI: https://doi.org/10.1016/j.eij.2024.100540

IF: 4.195

2024-09-22

Egyptian Informatics Journal

Abstract:With the growing integration of IoT devices in critical infrastructure, cybersecurity threats such as Distributed Denial of Service (DDoS) attacks on Energy Hubs (EH) have become a significant concern. This study aims to address these challenges by evaluating the effectiveness of various supervised machine learning (ML) algorithms in predicting DDoS attacks targeting EH systems through IoT devices. Using the CICDDOS2019 and KDD-CUP datasets, a comprehensive analysis was conducted on several classifiers, including Decision Tree (DT), Gradient Boosting, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Random Forest. The results highlight Gradient Boosting as the most effective model, particularly for the CICDDOS2019 dataset, demonstrating superior accuracy and predictive capability. Additionally, hybrid models combining Gradient Boosting with SVM or DT showed strong performance, though with varying precision and recall. This study provides valuable insights into the selection and tailoring of ML models for specific security challenges, emphasizing the need for ongoing research to enhance the resilience of EH systems and IoT devices against evolving DDoS threats.

computer science, information systems, artificial intelligence

Nisha Ahuja,Debajyoti Mukhopadhyay,Gaurav Singal

DOI: https://doi.org/10.1007/s00779-023-01785-2

2024-01-25

Personal and Ubiquitous Computing

Abstract:Software-defined networking will be a critical component of the networking domain as it transitions from a standard networking design to an automation network. To meet the needs of the current scenario, this architecture redesign becomes mandatory. Besides, machine learning (ML) and deep learning (DL) techniques provide a significant solution in network attack detection, traffic classification, etc. The DDoS attack is still wreaking havoc. Previous work for DDoS attack detection in SDN has not yielded significant results, so the author has used the most recent deep learning technique to detect the attacks. In this paper, we aim to classify the network traffic into normal and malicious classes based on features in the available dataset by using various deep learning techniques. TCP, UDP, and ICMP traffic are considered normal; however, malicious traffic includes TCP Syn Attack, UDP Flood, and ICMP Flood, all of which are DDoS attack traffic. The major contribution of this paper is the identification of novel features for DDoS attack detection. Novel features are logged into the CSV file to create the dataset, and machine learning algorithms are trained on the created SDN dataset. Various work which has already been done for DDoS attack detection either used a non-SDN dataset or the research data is not made public. A novel hybrid machine learning model is utilized to perform the classification. The dataset used by the ML/DL algorithms is a collection of public datasets on DDoS attacks as well as an experimental DDoS dataset generated by us and publicly available on the Mendeley Data repository. A Python application performs the classification of traffic into one of the classes. From the various classifiers used, the accuracy score of 99.75% is achieved with Stacked Auto-Encoder Multi-layer Perceptron (SAE-MLP). To measure the effectiveness of the SDN-DDoS dataset, the other publicly available datasets are also evaluated against the same deep learning algorithms, and traffic classification accuracy is found to be significantly higher with the SDN-DDoS dataset. The attack detection time of 216.39 s also serve as experimental evidence.

computer science, information systems,telecommunications

Anupama Mishra

DOI: https://doi.org/10.48550/arXiv.2204.12855

2022-04-27

Abstract:DDoS attacks, also known as distributed denial of service (DDoS) attacks, have emerged as one of the most serious and fastest-growing threats on the Internet. Denial-of-service (DDoS) attacks are an example of cyber attacks that target a specific system or network in an attempt to render it inaccessible or unusable for a period of time. As a result, improving the detection of diverse types of DDoS cyber threats with better algorithms and higher accuracy while keeping the computational cost under control has become the most significant component of detecting DDoS cyber threats. In order to properly defend the targeted network or system, it is critical to first determine the sort of DDoS assault that has been launched against it. A number of ensemble classification techniques are presented in this paper, which combines the performance of various algorithms. They are then compared to existing Machine Learning Algorithms in terms of their effectiveness in detecting different types of DDoS attacks using accuracy, F1 scores, and ROC curves. The results show high accuracy and good performance.

Cryptography and Security

Manish Kumar Rajak,Dr. Ravindra Tiwari

DOI: https://doi.org/10.29070/hc5qzn85

2024-09-03

Journal of Advances and Scholarly Researches in Allied Education

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS-attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.

Md. Ashraf Uddin,Sunil Aryal,Mohamed Reda Bouadjenek,Muna Al-Hawawreh,Md. Alamin Talukder

2024-03-18

Abstract:With the increased use of network technologies like Internet of Things (IoT) in many real-world applications, new types of cyberattacks have been emerging. To safeguard critical infrastructures from these emerging threats, it is crucial to deploy an Intrusion Detection System (IDS) that can detect different types of attacks accurately while minimizing false alarms. Machine learning approaches have been used extensively in IDS and they are mainly using flat multi-class classification to differentiate normal traffic and different types of attacks. Though cyberattack types exhibit a hierarchical structure where similar granular attack subtypes can be grouped into more high-level attack types, hierarchical classification approach has not been explored well. In this paper, we investigate the effectiveness of hierarchical classification approach in IDS. We use a three-level hierarchical classification model to classify various network attacks, where the first level classifies benign or attack, the second level classifies coarse high-level attack types, and the third level classifies a granular level attack types. Our empirical results of using 10 different classification algorithms in 10 different datasets show that there is no significant difference in terms of overall classification performance (i.e., detecting normal and different types of attack correctly) of hierarchical and flat classification approaches. However, flat classification approach misclassify attacks as normal whereas hierarchical approach misclassify one type of attack as another attack type. In other words, the hierarchical classification approach significantly minimises attacks from misclassified as normal traffic, which is more important in critical systems.

Cryptography and Security,Machine Learning

Daniyal Alghazzawi,Omaimah Bamasag,Hayat Ullah,Muhammad Zubair Asghar

DOI: https://doi.org/10.3390/app112411634

2021-12-08

Applied Sciences

Abstract:DDoS (Distributed Denial of Service) attacks have now become a serious risk to the integrity and confidentiality of computer networks and systems, which are essential assets in today’s world. Detecting DDoS attacks is a difficult task that must be accomplished before any mitigation strategies can be used. The identification of DDoS attacks has already been successfully implemented using machine learning/deep learning (ML/DL). However, due to an inherent limitation of ML/DL frameworks—so-called optimal feature selection—complete accomplishment is likewise out of reach. This is a case in which a machine learning/deep learning-based system does not produce promising results for identifying DDoS attacks. At the moment, existing research on forecasting DDoS attacks has yielded a variety of unexpected predictions utilising machine learning (ML) classifiers and conventional approaches for feature encoding. These previous efforts also made use of deep neural networks to extract features without having to maintain the track of the sequence information. The current work suggests predicting DDoS attacks using a hybrid deep learning (DL) model, namely a CNN with BiLSTM (bidirectional long/short-term memory), in order to effectively anticipate DDoS attacks using benchmark data. By ranking and choosing features that scored the highest in the provided data set, only the most pertinent features were picked. Experiment findings demonstrate that the proposed CNN-BI-LSTM attained an accuracy of up to 94.52 percent using the data set CIC-DDoS2019 during training, testing, and validation.

Fizza Rizvi,Ravi Sharma,Nonita Sharma,Manik Rakhra,Arwa N. Aledaily,Wattana Viriyasitavat,Kusum Yadav,Gaurav Dhiman,Amandeep Kaur

DOI: https://doi.org/10.1007/s11042-024-18744-5

IF: 2.577

2024-03-14

Multimedia Tools and Applications

Abstract:Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to network infrastructures, exploiting vulnerabilities within existing security protocols and disrupting the seamless availability of online services. The intricate interconnections of nodes within computer networks contribute to the dynamic structure of this environment, complicating efforts to establish a secure and productive user experience. Effectively mitigating DDoS attacks in this complex networked setting remains a challenge. While current strategies primarily rely on anomaly detection and signature-based techniques, utilizing statistical analysis and predefined patterns to identify and thwart attacks, none have consistently demonstrated efficacy or reliability. Consequently, there is a compelling need for advancements in security mechanisms to address DDoS threats more effectively. This research introduces an innovative and highly efficient approach that incorporates various classification algorithms, including Random Forest, Decision Tree, Gradient Boosting, Linear SVM, Logistics, K-nearest neighbors (KNN), and AdaBoost, for DDoS attack detection. The performance of these machine learning classifiers is evaluated using key metrics such as accuracy, recall, F1-score, and precision. Remarkably, experimental results reveal outstanding accuracy rates, with Random Forest achieving the highest accuracy in detecting attacks. Additionally, a genetic algorithm is employed to select optimal features from the dataset, further enhancing the performance of the classifiers. This results in a notable 25% increase in accuracy, surpassing AdaBoost and Logistics, with K-nearest neighbors emerging as the top performer in terms of accuracy.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Fauzia Talpur,Imtiaz Ali Korejo,Aftab Ahmed Chandio,Ali Ghulam,Mir. Sajjad Hussain Talpur

DOI: https://doi.org/10.3390/s24051672

IF: 3.9

2024-03-06

Sensors

Abstract:The escalating reliance of modern society on information and communication technology has rendered it vulnerable to an array of cyber-attacks, with distributed denial-of-service (DDoS) attacks emerging as one of the most prevalent threats. This paper delves into the intricacies of DDoS attacks, which exploit compromised machines numbering in the thousands to disrupt data services and online commercial platforms, resulting in significant downtime and financial losses. Recognizing the gravity of this issue, various detection techniques have been explored, yet the quantity and prior detection of DDoS attacks has seen a decline in recent methods. This research introduces an innovative approach by integrating evolutionary optimization algorithms and machine learning techniques. Specifically, the study proposes XGB-GA Optimization, RF-GA Optimization, and SVM-GA Optimization methods, employing Evolutionary Algorithms (EAs) Optimization with Tree-based Pipelines Optimization Tool (TPOT)-Genetic Programming. Datasets pertaining to DDoS attacks were utilized to train machine learning models based on XGB, RF, and SVM algorithms, and 10-fold cross-validation was employed. The models were further optimized using EAs, achieving remarkable accuracy scores: 99.99% with the XGB-GA method, 99.50% with RF-GA, and 99.99% with SVM-GA. Furthermore, the study employed TPOT to identify the optimal algorithm for constructing a machine learning model, with the genetic algorithm pinpointing XGB-GA as the most effective choice. This research significantly advances the field of DDoS attack detection by presenting a robust and accurate methodology, thereby enhancing the cybersecurity landscape and fortifying digital infrastructures against these pervasive threats.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

Raj Kumar Batchu,Thulasi Bikku,Srinivasarao Thota,Hari Seetha,Abayomi Ayotunde Ayoade

DOI: https://doi.org/10.1038/s41598-024-77554-9

IF: 4.6

2024-11-24

Scientific Reports

Abstract:Distributed denial of service (DDoS) attack is one of the most hazardous assaults in cloud computing or networking. By depleting resources, this attack renders the services unavailable to end users and leads to significant financial and reputational damage. Hence, identifying such threats is crucial to minimize revenue loss, market share, and productivity loss and enhance the brand reputation. In this study, we implemented an effective intrusion detection system using deep learning approach. The suggested framework includes three phases: Data pre-processing, Data balancing, and Classification. First, we prepare the valid data, which is helpful for further processing. Then, we balance the given pre-processed data by Conditional generative adversarial network (CGAN), and as a result, we can minimize the bias towards the majority classes. Finally, we distinguish whether the traffic is attack or benign using a stacked sparse denoising autoencoder (SSDAE) with a firefly-black widow (FA-BW) hybrid optimization algorithm. All these experiments are validated through the CICDDoS2019 dataset and compared with well-received techniques. From these findings, we observed that the proposed strategy detects DDoS attacks significantly more accurately than other approaches. Based on our findings, this study highlights the crucial role played by advanced deep learning techniques and hybrid optimization algorithms in strengthening cybersecurity against DDoS attacks.

multidisciplinary sciences

Huseyin Polat,Onur Polat,Aydin Cetin

DOI: https://doi.org/10.3390/su12031035

IF: 3.9

2020-02-01

Sustainability

Abstract:Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

environmental sciences,environmental studies,green & sustainable science & technology

Andrew Churcher,Rehmat Ullah,Jawad Ahmad,Sadaqat ur Rehman,Fawad Masood,Mandar Gogate,Fehaid Alqahtani,Boubakr Nour,William J. Buchanan

DOI: https://doi.org/10.3390/s21020446

2021-01-10

Abstract:In recent years, there has been a massive increase in the amount of Internet of Things (IoT) devices as well as the data generated by such devices. The participating devices in IoT networks can be problematic due to their resource-constrained nature, and integrating security on these devices is often overlooked. This has resulted in attackers having an increased incentive to target IoT devices. As the number of attacks possible on a network increases, it becomes more difficult for traditional intrusion detection systems (IDS) to cope with these attacks efficiently. In this paper, we highlight several machine learning (ML) methods such as k-nearest neighbour (KNN), support vector machine (SVM), decision tree (DT), naive Bayes (NB), random forest (RF), artificial neural network (ANN), and logistic regression (LR) that can be used in IDS. In this work, ML algorithms are compared for both binary and multi-class classification on Bot-IoT dataset. Based on several parameters such as accuracy, precision, recall, F1 score, and log loss, we experimentally compared the aforementioned ML algorithms. In the case of HTTP distributed denial-of-service (DDoS) attack, the accuracy of RF is 99%. Furthermore, other simulation results-based precision, recall, F1 score, and log loss metric reveal that RF outperforms on all types of attacks in binary classification. However, in multi-class classification, KNN outperforms other ML algorithms with an accuracy of 99%, which is 4% higher than RF.

Cryptography and Security,Machine Learning

Mohammad Arafat Ullah,Arthy Anjum,Rashedul Amin Tuhin,Shamim Akhter

2024-11-21

Abstract:A distributed denial-of-service (DDoS) attack is an attempt to produce humongous traffic within a network by overwhelming a targeted server or its neighboring infrastructure with a flood of service requests ceaselessly coming from multiple remotely controlled malware-infected computers or network-connected devices. Thus, exploring DDoS attacks by recognizing their functionalities and differentiating them from normal traffic services are the primary concerns of network security issues particularly for online businesses. In modern networks, most DDoS attacks occur in the network and application layer including HTTP flood, UDP flood, SIDDOS, SMURF, SNMP flood, IP NULL, etc. The goal of this paper is to detect DDoS attacks from all service requests and classify them according to DDoS classes. In this regard, a standard dataset is collected from the internet which contains several network-related attributes and their corresponding DDoS attack class name. Two(2) different machine learning approaches, SVM and Logistic Regression, are implemented in the dataset for detecting and classifying DDoS attacks, and a comparative study is accomplished among them in terms of accuracy, precision, and recall rates. Logistic Regression and SVM both achieve 98.65% classification accuracy which is the highest achieved accuracy among other previous experiments with the same dataset.

Cryptography and Security,Machine Learning

Amran Mansoor,Mohammed Anbar,Abdullah Ahmed Bahashwan,Basim Ahmad Alabsi,Shaza Dawood Ahmed Rihan

DOI: https://doi.org/10.3390/systems11060296

2023-06-09

Systems

Abstract:The rapid growth of cloud computing has led to the development of the Software-Defined Network (SDN), which is a network strategy that offers dynamic management and improved performance. However, security threats are a growing concern, particularly with the SDN controller becoming an attractive target for malicious actors and potential Distributed Denial of Service (DDoS) attacks. Many researchers have proposed different approaches to detecting DDoS attacks. However, those approaches suffer from high false positives, leading to low accuracy, and the main reason behind this is the use of non-qualified features and non-realistic datasets. Therefore, the deep learning (DL) algorithmic technique can be utilized to detect DDoS attacks on SDN controllers. Moreover, the proposed approach involves three stages, (1) data preprocessing, (2) cross-feature selection, which aims to identify important features for DDoS detection, and (3) detection using the Recurrent Neural Networks (RNNs) model. A benchmark dataset is employed to evaluate the proposed approach via standard evaluation metrics, including false positive rate and detection accuracy. The findings indicate that the recommended approach effectively detects DDoS attacks with average detection accuracy, average precision, average FPR, and average F1-measure of 94.186 %, 92.146%, 8.114%, and 94.276%, respectively.

Manish Kumar Rajak,Ravindra Tiwari

DOI: https://doi.org/10.15680/ijircce.2024.1203507

2024-03-25

International Journal of Innovative Research in Computer and Communication Engineering

Abstract:Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high productivity to slow the consumer access services down. To detect an attack on DDoS and using machine learning algorithms. The Overseen to detect and mitigate the attack, machine learning algorithms such as Naive Bayes, decision tree, k-nearest neighbours (k-NN) and random forest are used. There are three steps: gathering information, preprocessing and feature Extraction in "Normal or DDoS" classification algorithm for detection Attack use Dataset NSL-KDD. Similar algorithms have different functions Conduct that is dependent on the features selected. DDOS- attack performance Detection is compared, and it indicates the best algorithm. Attempts at Distributed Denial of Service ( DDoS) Were the most powerful attacks of the last period. A Virtual Network. The intrusion detection system (NIDS) should be designed seamlessly to Fight the latest strategies and trends of those attackers NIDS on DDoS. In this paper, we propose an NIDS capable of detecting Current DDoS attacks, as well as new forms. The main characteristic of Our NIDS is the combination of various classifiers using an ensemble Models, with the concept of each classifier being able to target different Aspects/types of intrusions, and more effective in doing so Mechanism for protecting against new intrusions. Additionally, we perform a detailed study of and based on, DDoS attacks check the reduced set of functions [27, 28] to be essential to Enhance accuracy. We are playing with and analyzing NSL-KDD Dataset with a feature set reduced, and our proposed NIDS will Detect 99.1 per cent of active DDoS attacks. Let's compare our Tests with other methods which already exist. Our approach to NIDS has Able to learn to keep up with existing and evolving DDoS Attack trends.