Distributed Denial of Service (DDoS) detection by traffic pattern analysis

Theerasak Thapngam; Shui Yu; Wanlei Zhou; S. Kami Makki

doi:10.1007/s12083-012-0173-3

Improving Distributed Denial of Service (DDOS) Detection using Entropy Method in Software Defined Network (SDN)

ComTech Computer Mathematics and Engineering Applications ◽

10.21512/comtech.v8i4.3902 ◽

2017 ◽

Vol 8 (4) ◽

pp. 215

Author(s):

Maman Abdurohman ◽

Dani Prasetiawan ◽

Fazmah Arif Yulianto

Keyword(s):

Denial Of Service ◽

Entropy Method ◽

Attack Detection ◽

New Method ◽

Sudden Increase ◽

Software Defined Network ◽

Distributed Denial Of Service ◽

Ddos Attack ◽

Ddos Detection ◽

Ddos Attack Detection

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.

Download Full-text

Neural Network-Based Approach for Detection and Mitigation of DDoS Attacks in SDN Environments

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2020070104 ◽

2020 ◽

Vol 14 (3) ◽

pp. 50-71

Author(s):

Oussama Hannache ◽

Mohamed Chaouki Batouche

Keyword(s):

Neural Network ◽

Performance Metrics ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Analysis Method ◽

Organizational Network ◽

Ddos Attack ◽

Data Plane ◽

Ddos Detection

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.

Download Full-text

A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed

ISRN Communications and Networking ◽

10.1155/2014/259831 ◽

2014 ◽

Vol 2014 ◽

pp. 1-15 ◽

Cited By ~ 11

Author(s):

Monika Sachdeva ◽

Krishan Kumar

Keyword(s):

Research Laboratory ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Cyber Defense ◽

Ddos Attack ◽

Defense Technology ◽

Different Types ◽

Ddos Detection ◽

Flash Event

The detection of distributed denial of service (DDoS) attacks is one of the hardest problems confronted by the network security researchers. Flash event (FE), which is caused by a large number of legitimate requests, has similar characteristics to those of DDoS attacks. Moreover DDoS attacks and FEs require altogether different handling procedures. So discriminating DDoS attacks from FEs is very important. But the research involving DDoS detection has not laid enough emphasis on including FEs scenarios in the experiments. In this paper, we are using traffic cluster entropy as detection metric not only to detect DDoS attacks but also to distinguish DDoS attacks from FEs. We have validated our approach on cyber-defense technology experimental research laboratory (DETER) testbed. Different emulation scenarios are created on DETER using mix of legitimate, flash, and different types of attacks at varying strengths. It is found that, when flash event is triggered, source address entropy increases but the corresponding traffic cluster entropy does not increase. However, when DDoS attack is launched, traffic cluster entropy also increases along with source address entropy. An analysis of live traces on DETER testbed clearly manifests supremacy of our approach.

Download Full-text

Enhanced-Adaptive Pattern Attack Recognition Technique (E-APART) Against EDoS Attacks in Cloud Computing

Journal of Cases on Information Technology ◽

10.4018/jcit.2015070105 ◽

2015 ◽

Vol 17 (3) ◽

pp. 41-55

Author(s):

Rohit Thaper ◽

Amandeep Verma

Keyword(s):

Cloud Computing ◽

Pattern Analysis ◽

Denial Of Service ◽

Cloud Services ◽

Distributed Denial Of Service ◽

Cloud Platform ◽

Edos Attacks ◽

The Cost ◽

Adaptive Pattern ◽

Recognition Technique

Cloud Computing is most widely used in current technology. It provides a higher availability of resources to greater number of end users. In the cloud era, security has develop a reformed source of worries. Distributed Denial of Service (DDoS) and Economical Denial of Sustainability (EDoS) are attacks that can affect the ‘pay-per-use' model. This model automatically scales the resources according to the demand of consumers. The functionality of this model is to mitigate the EDoS attack by some tactical attacker/s, group of attackers or zombie machine network (BOTNET) to minimize the availability of the target resources, which directly or indirectly reduces the profits and increase the cost for the cloud operators. This paper presents a model called Enhanced-APART which is step further of the authors' previous model (APART) that can be used to mitigate the EDoS attack from the cloud platform and shows the nature of the attack. Enhanced-APART model offers pre-shared security mechanism to ensure the access of legitimate users on the cloud services. It also performs pattern analysis in order to detect the EDoS caused by BOTNET mechanism and includes time-based and key-sharing post-setup authentication scheme to prevent the replication or replay attacks and thus results in mitigation of EDoS attack.

Download Full-text

A Novel Distributed Denial of Service (DDoS) Detection Method in Software Defined Networks

IEEE Transactions on Industry Applications ◽

10.1109/tia.2020.3001535 ◽

2020 ◽

pp. 1-1

Author(s):

Afsaneh Banitalebi Dehkordi ◽

Mohammadreza Soltanaghaei

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Software Defined Networks ◽

Distributed Denial Of Service ◽

Ddos Detection

Download Full-text

Deep learning model for distributed denial of service (DDoS) detection

International Journal of ADVANCED AND APPLIED SCIENCES ◽

10.21833/ijaas.2022.02.012 ◽

2022 ◽

Vol 9 (2) ◽

pp. 109-118

Author(s):

Chaminda Tennakoon ◽

◽

Subha Fernando ◽

Keyword(s):

Deep Learning ◽

Denial Of Service ◽

False Negative ◽

False Negative Rate ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Online Services ◽

Ddos Detection ◽

Osi Model

Distributed denial of service (DDoS) attacks is one of the serious threats in the domain of cybersecurity where it affects the availability of online services by disrupting access to its legitimate users. The consequences of such attacks could be millions of dollars in worth since all of the online services are relying on high availability. The magnitude of DDoS attacks is ever increasing as attackers are smart enough to innovate their attacking strategies to expose vulnerabilities in the intrusion detection models or mitigation mechanisms. The history of DDoS attacks reflects that network and transport layers of the OSI model were the initial target of the attackers, but the recent history from the cybersecurity domain proves that the attacking momentum has shifted toward the application layer of the OSI model which presents a high degree of difficulty distinguishing the attack and benign traffics that make the combat against application-layer DDoS attack a sophisticated task. Striding for high accuracy with high DDoS classification recall is key for any DDoS detection mechanism to keep the reliability and trustworthiness of such a system. In this paper, a deep learning approach for application-layer DDoS detection is proposed by using an autoencoder to perform the feature selection and Deep neural networks to perform the attack classification. A popular benchmark dataset CIC DoS 2017 is selected by extracting the most appealing features from the packet flows. The proposed model has achieved an accuracy of 99.83% with a detection rate of 99.84% while maintaining the false-negative rate of 0.17%, which has the heights accuracy rate among the literature reviewed so far.

Download Full-text

Web-Based Three-Layer Protection Mechanism Against Distributed Denial of Service

Journal of Automation and Information Sciences ◽

10.1615/jautomatinfscien.v51.i9.30 ◽

2019 ◽

Vol 51 (9) ◽

pp. 24-31

Author(s):

Askar T. Rakhmanov ◽

Shukhrat K. Kamalov ◽

Komil F. Kerimov

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Web Based ◽

Protection Mechanism

Download Full-text

HULK and DDoS Attacks in Web Applications with Detection Mechanism

International Journal of Emerging Research in Management and Technology ◽

10.23956/ijermt.v6i6.268 ◽

2018 ◽

Vol 6 (6) ◽

pp. 192

Author(s):

Amit Sharma

Keyword(s):

Web Applications ◽

Denial Of Service ◽

Single Server ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Mechanism ◽

Plan Execution ◽

Social Affair ◽

Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Download Full-text

Controlling Distributed Denial-of-Service Attacks through Dynamic Path Identifiers

International Journal of Computer Sciences and Engineering ◽

10.26438/ijcse/v6i7.10851093 ◽

2018 ◽

Vol 6 (7) ◽

pp. 1085-1093

Author(s):

N. Vijay ◽

M. Sakthivel

Keyword(s):

Denial Of Service ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Dynamic Path

Download Full-text

Mitigating Distributed Denial of Service Attacks with Dynamic Resource Pricing

10.21236/ada406438 ◽

2001 ◽

Cited By ~ 10

Author(s):

David Mankins ◽

Rajesh Krishnan ◽

Ceilyn Boyd ◽

John Zao ◽

Michael Frentz

Keyword(s):

Denial Of Service ◽

Denial Of Service Attacks ◽

Distributed Denial Of Service ◽

Resource Pricing ◽

Dynamic Resource

Download Full-text