scholarly journals Distributed Denial of Service (DDoS) Attacks Detection System for OpenStack-based Private Cloud

2020 ◽  
Vol 167 ◽  
pp. 2297-2307 ◽  
Author(s):  
Karan B. Virupakshar ◽  
Manjunath Asundi ◽  
Kishor Channal ◽  
Pooja Shettar ◽  
Somashekar Patil ◽  
...  
Keyword(s):  
Detection System ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Private Cloud

scholarly journals Towards Effective Detection of Recent DDoS Attacks: A Deep Learning Approach

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Ivandro Ortet Lopes ◽  
Deqing Zou ◽  
Francis A Ruambo ◽  
Saeed Akbar ◽  
Bin Yuan
Keyword(s):  
Deep Learning ◽  
Intrusion Detection System ◽  
State Of The Art ◽  
Detection System ◽  
Denial Of Service ◽  
Model Performance ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Validation Metrics ◽  
High Processing

Distributed Denial of Service (DDoS) is a predominant threat to the availability of online services due to their size and frequency. However, developing an effective security mechanism to protect a network from this threat is a big challenge because DDoS uses various attack approaches coupled with several possible combinations. Furthermore, most of the existing deep learning- (DL-) based models pose a high processing overhead or may not perform well to detect the recently reported DDoS attacks as these models use outdated datasets for training and evaluation. To address the issues mentioned earlier, we propose CyDDoS, an integrated intrusion detection system (IDS) framework, which combines an ensemble of feature engineering algorithms with the deep neural network. The ensemble feature selection is based on five machine learning classifiers used to identify and extract the most relevant features used by the predictive model. This approach improves the model performance by processing only a subset of relevant features while reducing the computation requirement. We evaluate the model performance based on CICDDoS2019, a modern and realistic dataset consisting of normal and DDoS attack traffic. The evaluation considers different validation metrics such as accuracy, precision, F1-Score, and recall to argue the effectiveness of the proposed framework against state-of-the-art IDSs.

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals A Survey of DDOS Attacks Using Machine Learning Techniques

2020 ◽  
Vol 184 ◽  
pp. 01052
Author(s):  
M Arshi ◽  
MD Nasreen ◽  
Karanam Madhavi
Keyword(s):  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Machine Learning Techniques ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Safe Operation ◽  
Current Form ◽  
Learning Techniques ◽  
Essential Services

The DDoS attacks are the most destructive attacks that interrupt the safe operation of essential services delivered by the internet community’s different organizations. DDOS stands for Distributed Denial Of Service attacks. These attacks are becoming more complex and expected to expand in number day after day, rendering detecting and combating these threats challenging. Hence, an advanced intrusion detection system (IDS) is required to identify and recognize an- anomalous internet traffic behaviour. Within this article the process is supported on the latest dataset containing the current form of DDoS attacks including (HTTP flood, SIDDoS). This study combines well-known grouping methods such as Naïve Bayes, Multilayer Perceptron (MLP), and SVM, Decision trees.

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals Hybrid Intrusion Detection System for DDoS Attacks

2016 ◽  
Vol 2016 ◽  
pp. 1-8 ◽  
Author(s):  
Özge Cepheli ◽  
Saliha Büyükçorak ◽  
Güneş Karabulut Kurt
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Hybrid Detection ◽  
Security Problem

Distributed denial-of-service (DDoS) attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS), for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

scholarly journals Distributed Denial-of-Service Prediction on IoT Framework by Learning Techniques

2020 ◽  
Vol 10 (1) ◽  
pp. 220-230
Author(s):  
Shubhra Dwivedi ◽  
Manu Vardhan ◽  
Sarsij Tripathi
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Information Gain ◽  
Learning Algorithm ◽  
Detection System ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Support Vector ◽  
Distributed Denial Of Service ◽  
Ddos Attacks

AbstractDistributed denial-of-service (DDoS) attacks on the Internet of Things (IoT) pose a serious threat to several web-based networks. The intruder’s ability to deal with the power of various cooperating devices to instigate an attack makes its administration even more multifaceted. This complexity can be further increased while lots of intruders attempt to overload an attack against a device. To counter and defend against modern DDoS attacks, several effective and powerful techniques have been used in the literature, such as data mining and artificial intelligence for the intrusion detection system (IDS), but they have some limitations. To overcome the existing limitations, in this study, we propose an intrusion detection mechanism that is an integration of a filter-based selection technique and a machine learning algorithm, called information gain-based intrusion detection system (IGIDS). In addition, IGIDS selects the most relevant features from the original IDS datasets that can help to distinguish typical low-speed DDoS attacks and, then, the selected features are passed on to the classifiers, i.e. support vector machine (SVM), decision tree (C4.5), naïve Bayes (NB) and multilayer perceptron (MLP) to detect attacks. The publicly available datasets as KDD Cup 99, CAIDA DDOS Attack 2007, CONFICKER worm, and UNINA traffic traces, are used for our experimental study. From the results of the simulation, it is clear that IGIDS with C4.5 acquires high detection and accuracy with a low false-positive rate.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Sign in / Sign up

Export Citation Format

Share Document