Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Users and Internet service providers (ISPs) are constantly affected by denial-of-service (DoS) attacks. This cyber threat continues to grow even with the development of new protection technologies. Developing mechanisms to detect this threat is a current challenge in network security. This article presents a machine learning- (ML-) based DoS detection system. The proposed approach makes inferences based on signatures previously extracted from samples of network traffic. The experiments were performed using four modern benchmark datasets. The results show an online detection rate (DR) of attacks above 96%, with high precision (PREC) and low false alarm rate (FAR) using a sampling rate (SR) of 20% of network traffic.

Download Full-text

A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression

Proceedings ◽

10.3390/proceedings2020063051 ◽

2020 ◽

Vol 63 (1) ◽

pp. 51

Author(s):

Swathi Sambangi ◽

Lakshmeeswari Gondi

Keyword(s):

Machine Learning ◽

Denial Of Service ◽

Classification Problem ◽

Attack Detection ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Multiple Sources ◽

Denial Of Service Attack ◽

Network Bandwidth

The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.

Download Full-text

Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics

Bulletin of Electrical Engineering and Informatics ◽

10.11591/eei.v6i2.605 ◽

2017 ◽

Vol 6 (2) ◽

pp. 140-148 ◽

Cited By ~ 2

Author(s):

Abdul Fadlil ◽

Imam Riadi ◽

Sukma Aji

Keyword(s):

Network Traffic ◽

Naive Bayes ◽

Detection System ◽

Denial Of Service ◽

Naïve Bayes ◽

Attack Detection ◽

Ddos Attacks ◽

Great Loss ◽

New Approach ◽

Internet Users

Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.

Download Full-text

Deep Reinforcement Learning for Building Honeypots against Runtime DOS Attack

10.21203/rs.3.rs-207770/v1 ◽

2021 ◽

Author(s):

Selvakumar Veluchamy ◽

RubaSoundar Kathavarayan

Keyword(s):

Reinforcement Learning ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Dos Attack ◽

Dos Attacks ◽

Server Side ◽

Intelligent Decision Making ◽

Deep Recurrent Neural Network ◽

And Performance

Abstract Honeypot is a network environment used to protect the legitimate network resources from attacks. Honeypot creates an environment that impresses attackers to inject their activities to steal resources. This is a way to detect the attacks by doing attack detection procedures. In this work, Denial of Service (DoS) attacks are effectively detected by proposed honeypot system. Machine Learning (ML) and Deep Learning (DL) methods evolve in many areas to build intelligent decision making systems. This work uses DL approaches and secures event validation procedures for finding predicting DoS attacks. The proposed system called Deep Adaptive Reinforcement Learning for Honeypots (DARLH) is implemented to monitor internal and external DoS attacks. In the honeypot environment, the proposed DARLH system implements DARL based IDS (Intrusion Detection System) agents and Deep Recurrent Neural Network (DRNN) based IDS agents for monitoring multiple runtime DoS attacks. These techniques support for dynamic IDS against DoS attack. In addition, the DARLH creates protected poison distribution and server side supervision system for keeping the monitoring events legitimate. This work is implemented and performance is evaluated. The results are compared with existing systems like GNBH, BCH and RNSG. In this comparison, the proposed system provides 5–10% better results than other systems.

Download Full-text

Machine Learning-Based Distributed Denial of Service Attack Detection on Intrusion Detection System Regarding to Feature Selection

International Journal of Artificial Intelligence Research ◽

10.29099/ijair.v4i1.156 ◽

2020 ◽

Vol 4 (1) ◽

Author(s):

Ahmad Azhari ◽

Arif Wirawan Muhammad ◽

Cik Feresa Mohd Foozy

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Policy Development ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Techniques ◽

Ddos Attacks ◽

Detection Techniques

Distributed Service Denial (DDoS) is a type of network attack, which each year increases in volume and intensity. DDoS attacks also form part of the major types of cyber security threats so far. Early detection plays a key role in avoiding the catastrophic effects on server infrastructure from DDoS attacks. Detection techniques in the traditional Intrusion Detection System (IDS) are far from perfect compared to a number of modern techniques and tools used by attackers, because the traditional IDS only uses signature-based detection or anomaly-based detection models and causes a lot of false positive flags, since the flow of computer network data packets has complex properties in terms of both size and source. Based on the deficiency in the ordinary IDS, this study aims to detect DDoS attacks by using machine learning techniques to enhance IDS policy development. According to the experiment the selection of features plays an important role in the precision of the detection results and in the performance of machine learning in classification problems. The combination of seven key selected dataset features used as an input neural network classifier in this study provides the highest accuracy value at 97.76%.

Download Full-text

GOF-SLFN- An Intelligent Attack Detection System against Denial of Service (DoS) attacks based on Glow Worm Swarm optimized Single Layer Feed Forward Networks for vehicular Cyber Physical Systems (VCPS)

IOP Conference Series Materials Science and Engineering ◽

10.1088/1757-899x/925/1/012001 ◽

2020 ◽

Vol 925 ◽

pp. 012001

Author(s):

Rama Mercy Sam Sigamani ◽

Padmavathi Ganapathi

Keyword(s):

Detection System ◽

Denial Of Service ◽

Single Layer ◽

Cyber Physical Systems ◽

Attack Detection ◽

Dos Attacks ◽

Feed Forward ◽

Physical Systems

Download Full-text

Searching for optimal machine learning algorithm for network traffic classification in intrusion detection system

ITM Web of Conferences ◽

10.1051/itmconf/20182100027 ◽

2018 ◽

Vol 21 ◽

pp. 00027

Author(s):

Alicja Gerka

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Network Traffic ◽

Detection System ◽

Learning Algorithms ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Support Vector ◽

Traffic Classification ◽

Network Traffic Classification

The main problem associated with the development of an effective network behaviour anomaly detection-based IDS model is the selection of the optimal network traffic classification method. This article presents the results of simulation research on the effectiveness of the use of machine learning algorithms in the network attacks detection. The research part of the work concerned finding the optimal method of network packets classification possible to implement in the intrusion detection system’s attack detection module. During the research, the performance of three machine learning algorithms (Artificial Neural Network, Support Vector Machine and Naïve Bayes Classifier) has been compared using a dataset from the KDD Cup competition. Attention was also paid to the relationship between the values of algorithm parameters and their effectiveness. The work also contains an short analysis of the state of cybersecurity in Poland.

Download Full-text

Performance Evaluation of Machine Learning Techniques for DOS Detection in Wireless Sensor Network

International Journal of Network Security & Its Applications ◽

10.5121/ijnsa.2021.13202 ◽

2021 ◽

Vol 13 (2) ◽

pp. 21-29

Author(s):

Lama Alsulaiman ◽

Saad Al-Ahmadi

Keyword(s):

Machine Learning ◽

Detection System ◽

Denial Of Service ◽

Machine Learning Algorithms ◽

Machine Learning Techniques ◽

Wireless Sensor ◽

Security Threats ◽

Dos Attacks ◽

Machine Learning Classification ◽

Learning Techniques

The nature of Wireless Sensor Networks (WSN) and the widespread of using WSN introduce many security threats and attacks. An effective Intrusion Detection System (IDS) should be used to detect attacks. Detecting such an attack is challenging, especially the detection of Denial of Service (DoS) attacks. Machine learning classification techniques have been used as an approach for DoS detection. This paper conducted an experiment using Waikato Environment for Knowledge Analysis (WEKA)to evaluate the efficiency of five machine learning algorithms for detecting flooding, grayhole, blackhole, and scheduling at DoS attacks in WSNs. The evaluation is based on a dataset, called WSN-DS. The results showed that the random forest classifier outperforms the other classifiers with an accuracy of 99.72%.

Download Full-text

Real-Time DDoS Attack Detection System Using Big Data Approach

Sustainability ◽

10.3390/su131910743 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10743

Author(s):

Mazhar Javed Awan ◽

Umar Farooq ◽

Hafiz Muhammad Aqeel Babar ◽

Awais Yasin ◽

Haitham Nobanee ◽

...

Keyword(s):

Machine Learning ◽

Big Data ◽

Real Time ◽

Denial Of Service ◽

Attack Detection ◽

Testing Time ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Attack ◽

Data Framework

Currently, the Distributed Denial of Service (DDoS) attack has become rampant, and shows up in various shapes and patterns, therefore it is not easy to detect and solve with previous solutions. Classification algorithms have been used in many studies and have aimed to detect and solve the DDoS attack. DDoS attacks are performed easily by using the weaknesses of networks and by generating requests for services for software. Real-time detection of DDoS attacks is difficult to detect and mitigate, but this solution holds significant value as these attacks can cause big issues. This paper addresses the prediction of application layer DDoS attacks in real-time with different machine learning models. We applied the two machine learning approaches Random Forest (RF) and Multi-Layer Perceptron (MLP) through the Scikit ML library and big data framework Spark ML library for the detection of Denial of Service (DoS) attacks. In addition to the detection of DoS attacks, we optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework (Spark ML). We achieved a mean accuracy of 99.5% of the models both with and without big data approaches. However, in training and testing time, the big data approach outperforms the non-big data approach due to that the Spark computations in memory are in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively. Using a big data tool (Apache Spark), the maximum intermediate training and testing time in minutes was 34.11 and 0.46, respectively, using a non-big data approach. We also achieved these results using the big data approach. We can detect an attack in real-time in few milliseconds.

Download Full-text

Deteksi Serangan Denial of Service di Situs Web dengan Wireshark Menggunakan Metode IDS Berbasis Anomali

JELIKU (Jurnal Elektronik Ilmu Komputer Udayana) ◽

10.24843/jlk.2020.v08.i04.p02 ◽

2020 ◽

Vol 8 (4) ◽

pp. 375

Author(s):

Finandito Adhana ◽

I Ketut Gede Suhartana

Keyword(s):

Intrusion Detection ◽

Network Traffic ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Dos Attack ◽

Dos Attacks ◽

Data Packets ◽

Anomaly Pattern ◽

Suspicious Activity

Denial of Service (DoS) attacks are increasingly dangerous. This DoS attack works by sending data packets continuously so that the target being attacked cannot be operated anymore. DoS attacks attack the most websites, thus making the website inaccessible. An anomaly based intrusion detection system (IDS) is a method used to detect suspicious activity in a system or network on the basis of anomaly pattern arising from such interference. Wireshark is software used to analyze network traffic packets that have various kinds of tools for network professionals.

Download Full-text