scholarly journals FFSc: a novel measure for low-rate and high-rate DDoS attack detection using multivariate data analysis

2016 ◽  
pp. n/a-n/a ◽  
Author(s):  
Nazrul Hoque ◽  
Dhruba K. Bhattacharyya ◽  
Jugal K. Kalita
Keyword(s):  
Data Analysis ◽  
Multivariate Data Analysis ◽  
Multivariate Data ◽  
Attack Detection ◽  
High Rate ◽  
Ddos Attack ◽  
Ddos Attack Detection ◽  
Low Rate

scholarly journals Information Theory-based Approaches to Detect DDoS Attacks on Software-defined Networking Controller a Review

2021 ◽  
Vol 15 ◽  
pp. 83-94
Author(s):  
Mohammad A. Aladaileh ◽  
Mohammed Anbar ◽  
Iznan H. Hasbullah ◽  
Yousef K. Sanjalawe
Keyword(s):  
Information Theory ◽  
Flow Behavior ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Attack Detection ◽  
High Rate ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Ddos Attack Detection ◽  
Low Rate

The number of network users and devices has exponentially increased in the last few decades, giving rise to sophisticated security threats while processing users’ and devices’ network data. Software-Defined Networking (SDN) introduces many new features, but none is more revolutionary than separating the control plane from the data plane. The separation helps DDoS attack detection mechanisms by introducing novel features and functionalities. Since the controller is the most critical part of the SDN network, its ability to control and monitor network traffic flow behavior ensures the network functions properly and smoothly. However, the controller’s importance to the SDN network makes it an attractive target for attackers. Distributed Denial of Service (DDoS) attack is one of the major threats to network security. This paper presents a comprehensive review of information theory-based approaches to detect low-rate and high-rate DDoS attacks on SDN controllers. Additionally, this paper provides a qualitative comparison between this work and the existing reviews on DDoS attack detection approaches using various metrics to highlight this work’s uniqueness. Moreover, this paper provides in-depth discussion and insight into the existing DDoS attack detection approaches to point out their weaknesses that open the avenue for future research directions. Meanwhile, the finding of this paper can be used by other researchers to propose a new or enhanced approach to protect SDN controllers from the threats of DDoS attacks by accurately detecting both low-rate and high-rate DDoS attacks.

scholarly journals Low-Rate DDoS Attack Detection Based on Factorization Machine in Software Defined Network

IEEE Access ◽  
2020 ◽  
Vol 8 ◽  
pp. 17404-17418 ◽  
Author(s):  
Wu Zhijun ◽  
Xu Qing ◽  
Wang Jingjie ◽  
Yue Meng ◽  
Liu Liang
Keyword(s):  
Attack Detection ◽  
Software Defined Network ◽  
Ddos Attack ◽  
Factorization Machine ◽  
Ddos Attack Detection ◽  
Low Rate

scholarly journals On the use of information theory metrics for detecting DDoS attacks and flash events: an empirical analysis, comparison, and future directions

2021 ◽  
Vol 48 (4) ◽  
Author(s):  
Jagdeep Singh ◽  
◽  
Navjot Jyoti ◽  
Sunny Behal ◽  
◽  
...  
Keyword(s):  
Information Theory ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
High Rate ◽  
Ddos Attacks ◽  
Operating Characteristics ◽  
Classification Rate ◽  
Ddos Attack ◽  
Ddos Attack Detection

A Distributed Denial of Service (DDoS) attack is one of the lethal threats that can cripple down the computing and communication resources of a web server hosting Internet-based services and applications. It has motivated the researchers over the years to find diversified and robust solutions to combat against DDoS attacks and characterization of flash events (a sudden surge in the legitimate traffic) from HR-DDoS (High-Rate DDoS) attacks. In recent times, the volume of legitimate traffic has also magnified manifolds. It results in behavioral similarities of attack traffic and legitimate traffic that make it very difficult and crucial to differentiate between the two. Predominantly, Netflow-based techniques are in use for detecting and differentiating legitimate and attack traffic flows. Over the last decade, fellow researchers have extensively used distinct information theory metrics for Netflow-based DDoS defense solutions. However, a comprehensive analysis and comparison of these diversified information theory metrics used for particularly DDoS attack detection are needed for a better understanding of the defense systems based on information theory. This paper elucidates the efficacy and effectiveness of information theory-based various entropy and divergence measures in the field of DDoS attack detection. As part of the work, a generalized NetFlow-based methodology has been proposed. The proposed detection methodology has been validated using the traffic traces of various real benchmarked datasets on a set of detection system evaluation metrics such as Detection rate (Recall), Precision, F-Measure, FPR, Classification rate, and Receiver-Operating Characteristics (ROC) curves. It has concluded that generalized divergence-based information theory metrics produce more accuracy in detecting different types of attack flows in contrast to entropy-based information theory metrics.

Sign in / Sign up

Export Citation Format

Share Document