Weighted Fuzzy Clustering for Online Detection of Application DDoS Attacks in Encrypted Network Traffic

2016 ◽  
pp. 326-338 ◽  
Author(s):  
Mikhail Zolotukhin ◽  
Tero Kokkonen ◽  
Timo Hämäläinen ◽  
Jarmo Siltanen
Keyword(s):  
Fuzzy Clustering ◽  
Network Traffic ◽  
Ddos Attacks ◽  
Online Detection

scholarly journals Detection System of HTTP DDoS Attacks in a Cloud Environment Based on Information Theoretic Entropy and Random Forest

2018 ◽  
Vol 2018 ◽  
pp. 1-13 ◽  
Author(s):  
Mohamed Idhammad ◽  
Karim Afdel ◽  
Mustapha Belouch
Keyword(s):  
Random Forest ◽  
Network Traffic ◽  
Learning Algorithm ◽  
Detection System ◽  
Cloud Services ◽  
Detection Accuracy ◽  
Cloud Environment ◽  
Ddos Attacks ◽  
Information Theoretic ◽  
Computing Services

Cloud Computing services are often delivered through HTTP protocol. This facilitates access to services and reduces costs for both providers and end-users. However, this increases the vulnerabilities of the Cloud services face to HTTP DDoS attacks. HTTP request methods are often used to address web servers’ vulnerabilities and create multiple scenarios of HTTP DDoS attack such as Low and Slow or Flooding attacks. Existing HTTP DDoS detection systems are challenged by the big amounts of network traffic generated by these attacks, low detection accuracy, and high false positive rates. In this paper we present a detection system of HTTP DDoS attacks in a Cloud environment based on Information Theoretic Entropy and Random Forest ensemble learning algorithm. A time-based sliding window algorithm is used to estimate the entropy of the network header features of the incoming network traffic. When the estimated entropy exceeds its normal range the preprocessing and the classification tasks are triggered. To assess the proposed approach various experiments were performed on the CIDDS-001 public dataset. The proposed approach achieves satisfactory results with an accuracy of 99.54%, a FPR of 0.4%, and a running time of 18.5s.

scholarly journals Evaluation of Takagi-Sugeno-Kang fuzzy method in entropy-based detection of DDoS attacks

2018 ◽  
Vol 15 (1) ◽  
pp. 139-162 ◽  
Author(s):  
Miodrag Petkovic ◽  
Ilija Basicevic ◽  
Dragan Kukolj ◽  
Miroslav Popovic
Keyword(s):  
Network Traffic ◽  
Fuzzy System ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Sudden Change ◽  
Change Point Detection ◽  
Statistical Characteristics ◽  
Ddos Attacks ◽  
Detection Process ◽  
Takagi Sugeno

The detection of distributed denial of service (DDoS) attacks based on internet traffic anomalies is a method which is general in nature and can detect unknown or zero-day attacks. One of the statistical characteristics used for this purpose is network traffic entropy: a sudden change in entropy may indicate a DDoS attack. However, this approach often gives false positives, and this is the main obstacle to its wider deployment within network security equipment. In this paper, we propose a new, two-step method for detection of DDoS attacks. This method combines the approaches of network traffic entropy and the Takagi-Sugeno-Kang fuzzy system. In the first step, the detection process calculates the entropy distribution of the network packets. In the second step, the Takagi-Sugeno-Kang fuzzy system (TSK-FS) method is applied to these entropy values. The performance of the TSK-FS method is compared with that of the typically used approach, in which cumulative sum (CUSUM) change point detection is applied directly to entropy time series. The results show that the TSK-FS DDoS detector reaches enhanced sensitivity and robustness in the detection process, achieving a high true-positive detection rate and a very low false-positive rate. As it is based on entropy, this combined method retains its generality and is capable of detecting various types of attack.

Cluster-Based Countermeasures for DDoS Attacks

2016 ◽  
pp. 206-227
Author(s):  
Mohammad Jabed Morshed Chowdhury ◽  
Dileep Kumar G
Keyword(s):  
Unsupervised Learning ◽  
Network Traffic ◽  
Denial Of Service ◽  
Security Threats ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Real Progress ◽  
Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

scholarly journals A DDoS Attacks Detection Based on Conditional Heteroscedastic Time Series Models

2015 ◽  
Vol 20 (1) ◽  
pp. 23-33 ◽  
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski ◽  
Piotr Grad
Keyword(s):  
Time Series ◽  
Maximum Likelihood ◽  
Present Article ◽  
Network Traffic ◽  
Statistical Models ◽  
Likelihood Function ◽  
Estimation Error ◽  
Time Series Models ◽  
Ddos Attacks ◽  
Network Infrastructure

Abstract Dynamic development of various systems providing safety and protection to network infrastructure from novel, unknown attacks is currently an intensively explored and developed domain. In the present article there is presented an attempt to redress the problem by variability estimation with the use of conditional variation. The predictions of this variability were based on the estimated conditional heteroscedastic statistical models ARCH, GARCH and FIGARCH. The method used for estimating the parameters of the exploited models was determined by calculating maximum likelihood function. With the use of compromise between conciseness of representation and the size of estimation error there has been selected as a sparingly parameterized form of models. In order to detect an attack-/anomaly in the network traffic there were used differences between the actual network traffic and the estimated model of the traffic. The presented research confirmed efficacy of the described method and cogency of the choice of statistical models.

Online detection of network traffic anomalies using behavioral distance

2009 ◽  
Author(s):  
Hemant Sengar ◽  
Xinyuan Wang ◽  
Haining Wang ◽  
Duminda Wijesekera ◽  
Sushil Jajodia
Keyword(s):  
Network Traffic ◽  
Online Detection

scholarly journals Long-Memory Dependence Statistical Models for DDoS Attacks Detection

2015 ◽  
Vol 20 (4) ◽  
pp. 31-40
Author(s):  
Tomasz Andrysiak ◽  
Łukasz Saganowski ◽  
Mirosław Maszewski ◽  
Piotr Grad
Keyword(s):  
Network Traffic ◽  
Long Memory ◽  
Statistical Models ◽  
Likelihood Function ◽  
Information Criteria ◽  
Abnormal Behavior ◽  
Ddos Attacks ◽  
Network Attack ◽  
Function Selection ◽  
Selection Of

Abstract DDoS attacks detection method based on modelling the variability with the use of conditional average and variance in examined time series is proposed in this article. Variability predictions of the analyzed network traffic are realized by estimated statistical models with long-memory dependence ARFIMA, Adaptive ARFIMA, FIGARCH and Adaptive FIGARCH. We propose simple parameter estimation models with the use of maximum likelihood function. Selection of sparingly parameterized form of the models is realized by means of information criteria representing a compromise between brevity of representation and the extent of the prediction error. In the described method we propose using statistical relations between the forecasted and analyzed network traffic in order to detect abnormal behavior possibly being a result of a network attack. Performed experiments confirmed effectiveness of the analyzed method and cogency of the statistical models.

Sign in / Sign up

Export Citation Format

Share Document