Distributed Denial of Service (DDoS) detection by traffic pattern analysis

2012 ◽  
Vol 7 (4) ◽  
pp. 346-358 ◽  
Author(s):  
Theerasak Thapngam ◽  
Shui Yu ◽  
Wanlei Zhou ◽  
S. Kami Makki
Keyword(s):  
Pattern Analysis ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Traffic Pattern ◽  
Ddos Detection

scholarly journals Improving Distributed Denial of Service (DDOS) Detection using Entropy Method in Software Defined Network (SDN)

2017 ◽  
Vol 8 (4) ◽  
pp. 215
Author(s):  
Maman Abdurohman ◽  
Dani Prasetiawan ◽  
Fazmah Arif Yulianto
Keyword(s):  
Denial Of Service ◽  
Entropy Method ◽  
Attack Detection ◽  
New Method ◽  
Sudden Increase ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
Ddos Detection ◽  
Ddos Attack Detection

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.

Neural Network-Based Approach for Detection and Mitigation of DDoS Attacks in SDN Environments

2020 ◽  
Vol 14 (3) ◽  
pp. 50-71
Author(s):  
Oussama Hannache ◽  
Mohamed Chaouki Batouche
Keyword(s):  
Neural Network ◽  
Performance Metrics ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Analysis Method ◽  
Organizational Network ◽  
Ddos Attack ◽  
Data Plane ◽  
Ddos Detection

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.

scholarly journals A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed

2014 ◽  
Vol 2014 ◽  
pp. 1-15 ◽  
Author(s):  
Monika Sachdeva ◽  
Krishan Kumar
Keyword(s):  
Research Laboratory ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Cyber Defense ◽  
Ddos Attack ◽  
Defense Technology ◽  
Different Types ◽  
Ddos Detection ◽  
Flash Event

The detection of distributed denial of service (DDoS) attacks is one of the hardest problems confronted by the network security researchers. Flash event (FE), which is caused by a large number of legitimate requests, has similar characteristics to those of DDoS attacks. Moreover DDoS attacks and FEs require altogether different handling procedures. So discriminating DDoS attacks from FEs is very important. But the research involving DDoS detection has not laid enough emphasis on including FEs scenarios in the experiments. In this paper, we are using traffic cluster entropy as detection metric not only to detect DDoS attacks but also to distinguish DDoS attacks from FEs. We have validated our approach on cyber-defense technology experimental research laboratory (DETER) testbed. Different emulation scenarios are created on DETER using mix of legitimate, flash, and different types of attacks at varying strengths. It is found that, when flash event is triggered, source address entropy increases but the corresponding traffic cluster entropy does not increase. However, when DDoS attack is launched, traffic cluster entropy also increases along with source address entropy. An analysis of live traces on DETER testbed clearly manifests supremacy of our approach.

Enhanced-Adaptive Pattern Attack Recognition Technique (E-APART) Against EDoS Attacks in Cloud Computing

2015 ◽  
Vol 17 (3) ◽  
pp. 41-55
Author(s):  
Rohit Thaper ◽  
Amandeep Verma
Keyword(s):  
Cloud Computing ◽  
Pattern Analysis ◽  
Denial Of Service ◽  
Cloud Services ◽  
Distributed Denial Of Service ◽  
Cloud Platform ◽  
Edos Attacks ◽  
The Cost ◽  
Adaptive Pattern ◽  
Recognition Technique

Cloud Computing is most widely used in current technology. It provides a higher availability of resources to greater number of end users. In the cloud era, security has develop a reformed source of worries. Distributed Denial of Service (DDoS) and Economical Denial of Sustainability (EDoS) are attacks that can affect the ‘pay-per-use' model. This model automatically scales the resources according to the demand of consumers. The functionality of this model is to mitigate the EDoS attack by some tactical attacker/s, group of attackers or zombie machine network (BOTNET) to minimize the availability of the target resources, which directly or indirectly reduces the profits and increase the cost for the cloud operators. This paper presents a model called Enhanced-APART which is step further of the authors' previous model (APART) that can be used to mitigate the EDoS attack from the cloud platform and shows the nature of the attack. Enhanced-APART model offers pre-shared security mechanism to ensure the access of legitimate users on the cloud services. It also performs pattern analysis in order to detect the EDoS caused by BOTNET mechanism and includes time-based and key-sharing post-setup authentication scheme to prevent the replication or replay attacks and thus results in mitigation of EDoS attack.

scholarly journals Deep learning model for distributed denial of service (DDoS) detection

2022 ◽  
Vol 9 (2) ◽  
pp. 109-118
Author(s):  
Chaminda Tennakoon ◽  
◽  
Subha Fernando ◽  
Keyword(s):  
Deep Learning ◽  
Denial Of Service ◽  
False Negative ◽  
False Negative Rate ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Online Services ◽  
Ddos Detection ◽  
Osi Model

Distributed denial of service (DDoS) attacks is one of the serious threats in the domain of cybersecurity where it affects the availability of online services by disrupting access to its legitimate users. The consequences of such attacks could be millions of dollars in worth since all of the online services are relying on high availability. The magnitude of DDoS attacks is ever increasing as attackers are smart enough to innovate their attacking strategies to expose vulnerabilities in the intrusion detection models or mitigation mechanisms. The history of DDoS attacks reflects that network and transport layers of the OSI model were the initial target of the attackers, but the recent history from the cybersecurity domain proves that the attacking momentum has shifted toward the application layer of the OSI model which presents a high degree of difficulty distinguishing the attack and benign traffics that make the combat against application-layer DDoS attack a sophisticated task. Striding for high accuracy with high DDoS classification recall is key for any DDoS detection mechanism to keep the reliability and trustworthiness of such a system. In this paper, a deep learning approach for application-layer DDoS detection is proposed by using an autoencoder to perform the feature selection and Deep neural networks to perform the attack classification. A popular benchmark dataset CIC DoS 2017 is selected by extracting the most appealing features from the packet flows. The proposed model has achieved an accuracy of 99.83% with a detection rate of 99.84% while maintaining the false-negative rate of 0.17%, which has the heights accuracy rate among the literature reviewed so far.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing

2001 ◽  
Author(s):  
David Mankins ◽  
Rajesh Krishnan ◽  
Ceilyn Boyd ◽  
John Zao ◽  
Michael Frentz
Keyword(s):  
Denial Of Service ◽  
Denial Of Service Attacks ◽  
Distributed Denial Of Service ◽  
Resource Pricing ◽  
Dynamic Resource
Sign in / Sign up

Export Citation Format

Share Document