BDF-SDN: A Big Data Framework for DDoS Attack Detection in Large-Scale SDN-Based Cloud

There are many problems in traditional Distributed Denial of Service (DDoS) attack detection such as low accuracy, low detection speed and so on, which is not suitable for the real time detecting and processing of DDoS attacks in big data environment. This paper proposed a novel DDoS attack detection system based on Spark framework including 3 main algorithms. Based on information entropy, the first one can effectively warn all kinds of DDoS attacks in advance according to the information entropy change of data stream source IP address and destination IP address; With the help of designed dynamic sampling K-Means algorithm, this new detection system improves the attack detection accuracy effectively; Through running dynamic sampling K-Means parallelization algorithm, which can quickly and effectively detect a variety of DDoS attacks in big data environment. The experiment results show that this system can not only early warn DDoS attacks effectively, but also can detect all kinds of DDoS attacks in real time, with low false rate.

Download Full-text

DDoS attack detection method based on network abnormal behaviour in big data environment

International Journal of Computational Science and Engineering ◽

10.1504/ijcse.2020.110182 ◽

2020 ◽

Vol 23 (1) ◽

pp. 22

Author(s):

Jing Chen ◽

Xiangyan Tang ◽

Jieren Cheng ◽

Fengkai Wang ◽

Ruomeng Xu

Keyword(s):

Big Data ◽

Detection Method ◽

Attack Detection ◽

Abnormal Behaviour ◽

Ddos Attack ◽

Data Environment ◽

Ddos Attack Detection

Download Full-text

A Novel Real-Time DDoS Attack Detection Mechanism Based on MDRA Algorithm in Big Data

Mathematical Problems in Engineering ◽

10.1155/2016/1467051 ◽

2016 ◽

Vol 2016 ◽

pp. 1-10 ◽

Cited By ~ 7

Author(s):

Bin Jia ◽

Yan Ma ◽

Xiaohong Huang ◽

Zhaowen Lin ◽

Yi Sun

Keyword(s):

Big Data ◽

Real Time ◽

Network Traffic ◽

Rapid Development ◽

Computing Time ◽

Attack Detection ◽

Attack Behavior ◽

Detection Mechanism ◽

Ddos Attack ◽

Ddos Attack Detection

In the wake of the rapid development and wide application of information technology and Internet, our society has come into the information explosion era. Meanwhile, it brings in new and severe challenges to the field of network attack behavior detection due to the explosive growth and high complexity of network traffic. Therefore, an effective and efficient detection mechanism that can detect attack behavior from large scale of network traffic plays an important role. In this paper, we focus on how to distinguish the attack traffic from normal data flows in Big Data and propose a novel real-time DDoS attack detection mechanism based on Multivariate Dimensionality Reduction Analysis (MDRA). In this mechanism, we first reduce the dimensionality of multiple characteristic variables in a network traffic record by Principal Component Analysis (PCA). Then, we analyze the correlation of the lower dimensional variables. Finally, the attack traffic can be differentiated from the normal traffic by MDRA and Mahalanobis distance (MD). Compared with previous research methods, our experimental results show that higher precision rate is achieved and it approximates to 100% in True Negative Rate (TNR) for detection; CPU computing time is one-eightieth and memory resource consumption is one-third of the previous detection method based on Multivariate Correlation Analysis (MCA); computing complexity is constant.

Download Full-text

DDoS Attack Simulation and Machine Learning-Based Detection Approach in Internet of Things Experimental Environment

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2021070101 ◽

2021 ◽

Vol 15 (3) ◽

pp. 1-18

Author(s):

Hongsong Chen ◽

Caixia Meng ◽

Jingjiu Chen

Keyword(s):

Machine Learning ◽

Internet Of Things ◽

Network Traffic ◽

Large Scale ◽

Learning Algorithms ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Ddos Attack ◽

Experimental Environment ◽

Ddos Attack Detection

Aiming at the problem of DDoS attack detection in internet of things (IoT) environment, statistical and machine-learning algorithms are proposed to model and analyze the network traffic of DDoS attack. Docker-based virtualization platform is designed and configured to collect IoT network traffic data. Then the packet-level, flow-level, and second-level network traffic datasets are generated, and the importance of features in different traffic datasets are sorted. By SKlearn and TensorFlow machine-learning software framework, different machine learning algorithms are researched and compared. In packet-level DDoS attack detection, KNN algorithm achieves the best results; the accuracy is 92.8%. In flow-level DDoS attack detection, the voting algorithm achieves the best results; the accuracy is 99.8%. In second-level DDoS attack detection, the RNN algorithm behaves best results; the accuracy is 97.1%. The DDoS attack detection method combined with statistical analysis and machine-learning can effectively detect large-scale DDoS attacks on the internet of things simulation experimental environment.

Download Full-text

Online Internet Traffic Monitoring and DDoS Attack Detection Using Big Data Frameworks

2018 14th International Wireless Communications & Mobile Computing Conference (IWCMC) ◽

10.1109/iwcmc.2018.8450335 ◽

2018 ◽

Cited By ~ 4

Author(s):

Baojun Zhou ◽

Jie Li ◽

Yusheng Ji ◽

Mohsen Guizani

Keyword(s):

Big Data ◽

Internet Traffic ◽

Traffic Monitoring ◽

Attack Detection ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

Real-Time DDoS Attack Detection System Using Big Data Approach

Sustainability ◽

10.3390/su131910743 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10743

Author(s):

Mazhar Javed Awan ◽

Umar Farooq ◽

Hafiz Muhammad Aqeel Babar ◽

Awais Yasin ◽

Haitham Nobanee ◽

...

Keyword(s):

Machine Learning ◽

Big Data ◽

Real Time ◽

Denial Of Service ◽

Attack Detection ◽

Testing Time ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Attack ◽

Data Framework

Currently, the Distributed Denial of Service (DDoS) attack has become rampant, and shows up in various shapes and patterns, therefore it is not easy to detect and solve with previous solutions. Classification algorithms have been used in many studies and have aimed to detect and solve the DDoS attack. DDoS attacks are performed easily by using the weaknesses of networks and by generating requests for services for software. Real-time detection of DDoS attacks is difficult to detect and mitigate, but this solution holds significant value as these attacks can cause big issues. This paper addresses the prediction of application layer DDoS attacks in real-time with different machine learning models. We applied the two machine learning approaches Random Forest (RF) and Multi-Layer Perceptron (MLP) through the Scikit ML library and big data framework Spark ML library for the detection of Denial of Service (DoS) attacks. In addition to the detection of DoS attacks, we optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework (Spark ML). We achieved a mean accuracy of 99.5% of the models both with and without big data approaches. However, in training and testing time, the big data approach outperforms the non-big data approach due to that the Spark computations in memory are in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively. Using a big data tool (Apache Spark), the maximum intermediate training and testing time in minutes was 34.11 and 0.46, respectively, using a non-big data approach. We also achieved these results using the big data approach. We can detect an attack in real-time in few milliseconds.

Download Full-text