scholarly journals Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

2010 ◽  
Vol 2010 ◽  
pp. 1-14 ◽  
Author(s):  
Zhengmin Xia ◽  
Songnian Lu ◽  
Junhua Tang
Keyword(s):  
Change Point ◽  
Detection Method ◽  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Hurst Parameter ◽  
Test Results ◽  
Self Similarity ◽  
Ddos Detection ◽  
Detection Evaluation

Distributed denial-of-service (DDoS) flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li's work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.

scholarly journals Detection of DDoS Attacks in Software Defined Networking Using Entropy

2021 ◽  
Vol 12 (1) ◽  
pp. 370
Author(s):  
Cong Fan ◽  
Nitheesh Murugan Kaliyamurthy ◽  
Shi Chen ◽  
He Jiang ◽  
Yiwen Zhou ◽  
...  
Keyword(s):  
Detection Method ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Attack Detection ◽  
Detection Methods ◽  
Network Architectures ◽  
Security Threats ◽  
Ddos Attacks ◽  
Internet Users ◽  
Detection Effect

Software Defined Networking (SDN) is one of the most commonly used network architectures in recent years. With the substantial increase in the number of Internet users, network security threats appear more frequently, which brings more concerns to SDN. Distributed denial of Service (DDoS) attacks are one of the most dangerous and frequent attacks in software defined networks. The traditional attack detection method using entropy has some defects such as slow attack detection and poor detection effect. In order to solve this problem, this paper proposed a method of fusion entropy, which detects attacks by measuring the randomness of network events. This method has the advantages of fast attack detection speed and obvious decrease in entropy value. The complementarity of information entropy and log energy entropy is effectively utilized. The experimental results show that the entropy value of the attack scenarios 91.25% lower than normal scenarios, which has greater advantages and significance compared with other attack detection methods.

scholarly journals Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

2018 ◽  
Vol 2018 ◽  
pp. 1-19 ◽  
Author(s):  
Jieren Cheng ◽  
Chen Zhang ◽  
Xiangyan Tang ◽  
Victor S. Sheng ◽  
Zhe Dong ◽  
...  
Keyword(s):  
Detection Method ◽  
Denial Of Service ◽  
Multiple Kernel Learning ◽  
Attack Detection ◽  
Kernel Learning ◽  
Economic Losses ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Multiple Kernel ◽  
Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

scholarly journals Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

2021 ◽  
Author(s):  
Merlin James Rukshan Dennis
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Statistical Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Learning Approach ◽  
Ddos Attack ◽  
Machine Learning Approach ◽  
Ddos Detection ◽  
Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

scholarly journals OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

2016 ◽  
Vol 8 (3) ◽  
pp. 327-333 ◽  
Author(s):  
Rimas Ciplinskas ◽  
Nerijus Paulauskas
Keyword(s):  
Anomaly Detection ◽  
Network Flow ◽  
Detection Method ◽  
Attack Detection ◽  
Detection Methods ◽  
Cyber Attack ◽  
Normal Network ◽  
New Type ◽  
Flow Detection ◽  
F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

Traffic Classification Features and its Application in DDoS Detection

2013 ◽  
Vol 380-384 ◽  
pp. 2673-2676
Author(s):  
Ze Yu Xiong
Keyword(s):  
Detection Method ◽  
Single Point ◽  
Attack Detection ◽  
Traffic Classification ◽  
Ddos Attacks ◽  
Detection Scheme ◽  
Ddos Detection ◽  
Point Detection ◽  
Ddos Attack Detection ◽  
Collaborative Detection

DDoS attacks have relatively low proportion of normal flow in the boundary network at the attack traffic,In this paper,we establish DDoS attack detection method based on defense stage and defensive position, and design and implement collaborative detection of DDoS attacks. Simulation results show that our approach has good timeliness, accuracy and scalability than the single-point detection and route-based distributed detection scheme.

Multi-Aspect DDOS Detection System for Securing Cloud Network

2019 ◽  
pp. 1952-1983
Author(s):  
Pourya Shamsolmoali ◽  
Masoumeh Zareapoor ◽  
M.Afshar Alam
Keyword(s):  
Cloud Computing ◽  
Detection System ◽  
Denial Of Service ◽  
Complex Form ◽  
Internet Security ◽  
Detection Methods ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Ddos Detection ◽  
Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

Detecting DDoS Attacks on Multiple Network Hosts

2019 ◽  
pp. 121-139 ◽  
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Distributed Denial Of Service ◽  
Secondary Sources ◽  
Ddos Attack ◽  
Timely Fashion ◽  
Multiple Network ◽  
Ddos Attack Detection ◽  
Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

scholarly journals Improving Distributed Denial of Service (DDOS) Detection using Entropy Method in Software Defined Network (SDN)

2017 ◽  
Vol 8 (4) ◽  
pp. 215
Author(s):  
Maman Abdurohman ◽  
Dani Prasetiawan ◽  
Fazmah Arif Yulianto
Keyword(s):  
Denial Of Service ◽  
Entropy Method ◽  
Attack Detection ◽  
New Method ◽  
Sudden Increase ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
Ddos Detection ◽  
Ddos Attack Detection

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.

scholarly journals Application of Lightweight Convolutional Neural Network for Damage Detection of Conveyor Belt

2021 ◽  
Vol 11 (16) ◽  
pp. 7282
Author(s):  
Mengchao Zhang ◽  
Yuan Zhang ◽  
Manshan Zhou ◽  
Kai Jiang ◽  
Hao Shi ◽  
...  
Keyword(s):  
Damage Detection ◽  
Working Conditions ◽  
Detection Method ◽  
Conveyor Belt ◽  
Detection Methods ◽  
Test Accuracy ◽  
Test Results ◽  
Test Speed ◽  
Conveyor Belts ◽  
Belt Conveyors

Aiming at the problem that mining conveyor belts are easily damaged under severe working conditions, the paper proposed a deep learning-based conveyor belt damage detection method. To further explore the possibility of the application of lightweight CNNs in the detection of conveyor belt damage, the paper deeply integrates the MobileNet and Yolov4 network to achieve the lightweight of Yolov4, and performs a test on the exiting conveyor belt damage dataset containing 3000 images. The test results show that the lightweight network can effectively detect the damage of the conveyor belt, with the fastest test speed 70.26 FPS, and the highest test accuracy 93.22%. Compared with the original Yolov4, the accuracy increased by 3.5% with the speed increased by 188%. By comparing other existing detection methods, the strong generalization ability of the model is verified, which provides technical support and empirical reference for the visual monitoring and intelligent development of belt conveyors.

Modeling and Simulation of Low Rate of Denial of Service Attacks

2014 ◽  
Vol 484-485 ◽  
pp. 1063-1066
Author(s):  
Kui Liang Xia
Keyword(s):  
High Efficiency ◽  
Denial Of Service ◽  
Research Work ◽  
Attack Detection ◽  
Detection Methods ◽  
Dos Attacks ◽  
Denial Of Service Attack ◽  
Service Attack ◽  
User Data ◽  
Low Rate

The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.

Sign in / Sign up

Export Citation Format

Share Document