scholarly journals Advanced Support Vector Machine- (ASVM-) Based Detection for Distributed Denial of Service (DDoS) Attack on Software Defined Networking (SDN)

2019 ◽  
Vol 2019 ◽  
pp. 1-12 ◽  
Author(s):  
Myo Myint Oo ◽  
Sinchai Kamolphiwong ◽  
Thossaporn Kamolphiwong ◽  
Sangsuree Vasupongayya
Keyword(s):  
Support Vector Machine ◽  
Denial Of Service ◽  
Detection Technique ◽  
Support Vector ◽  
Testing Time ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Training Time ◽  
Ddos Attack ◽  
Advanced Support

Software Defined Networking (SDN) has many advantages over a traditional network. The great advantage of SDN is that the network control is physically separated from forwarding devices. SDN can solve many security issues of a legacy network. Nevertheless, SDN has many security vulnerabilities. The biggest issue of SDN vulnerabilities is Distributed Denial of Service (DDoS) attack. The DDoS attack on SDN becomes an important problem, and varieties of methods had been applied for detection and mitigation purposes. The objectives of this paper are to propose a detection method of DDoS attacks by using SDN based technique that will disturb the legitimate user's activities at the minimum and to propose Advanced Support Vector Machine (ASVM) technique as an enhancement of existing Support Vector Machine (SVM) algorithm to detect DDoS attacks. ASVM technique is a multiclass classification method consisting of three classes. In this paper, we can successfully detect two types of flooding-based DDoS attacks. Our detection technique can reduce the training time as well as the testing time by using two key features, namely, the volumetric and the asymmetric features. We evaluate the results by measuring a false alarm rate, a detection rate, and accuracy. The detection accuracy of our detection technique is approximately 97% with the fastest training time and testing time.

scholarly journals MITIGATING SLOW HYPERTEXT TRANSFER PROTOCOL DISTRIBUTED DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORKS

2021 ◽  
Vol 20 (Number 3) ◽  
pp. 277-304
Author(s):  
Oluwatobi Shadrach Akanji ◽  
Opeyemi Aderiike Abisoye ◽  
Mohammed Awwal Iliyasu
Keyword(s):  
Genetic Algorithm ◽  
Support Vector Machine ◽  
Denial Of Service ◽  
Receiver Operating Curve ◽  
Support Vector ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Positive Rate ◽  
Hypertext Transfer Protocol ◽  
Transfer Protocol

Distributed Denial of Service (DDoS) attacks has been one of the persistent forms of attacks on information technology infrastructure connected to public networks due to the ease of access to DDoS attack tools. Researchers have been able to develop several techniques to curb volumetric DDoS which overwhelms the target with a large number of request packets. However, compared to slow DDoS, limited number of research has been executed on mitigating slow DDoS. Attackers have resorted to slow DDoS because it mimics the behaviour of a slow legitimate client thereby causing service unavailability. This paper provides the scholarly community with an approach to boosting service availability in web servers under slow Hypertext Transfer Protocol (HTTP) DDoS attacks through attack detection using Genetic Algorithm and Support Vector Machine which facilitates attack mitigation in a Software-Defined Networking (SDN) environment simulated in GNS3. Genetic algorithm was used to select the Netflow features which indicates the presence of an attack and also determine the appropriate regularization parameter, C, and gamma parameter for the Support Vector Machine classifier. Results obtained showed that the classifier had detection accuracy, Area Under Receiver Operating Curve (AUC), true positive rate, false positive rate and a false negative rate of 99.89%, 99.89%, 99.95%, 0.18%, and 0.05% respectively. Also, the algorithm for subsequent implementation of the selective adaptive bubble burst mitigation mechanism was presented. This study contributes to the ongoing research in detecting and mitigating slow HTTP DDoS attacks with emphasis on the use of machine learning classification and meta-heuristic algorithms.

scholarly journals Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

2020 ◽  
Vol 12 (3) ◽  
pp. 1035 ◽  
Author(s):  
Huseyin Polat ◽  
Onur Polat ◽  
Aydin Cetin
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Denial Of Service ◽  
Attack Detection ◽  
Critical Threshold ◽  
Support Vector ◽  
Ddos Attacks ◽  
Selection Methods ◽  
Training Time ◽  
Ddos Attack

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

scholarly journals Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

2017 ◽  
Vol 7 (1.1) ◽  
pp. 230
Author(s):  
C. Vasan Sai Krishna ◽  
Y. Bhuvana ◽  
P. Pavan Kumar ◽  
R. Murugan
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Computing Power ◽  
Server Side ◽  
Ddos Attack ◽  
Client Machine ◽  
Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Cluster-Based Countermeasures for DDoS Attacks

2016 ◽  
pp. 206-227
Author(s):  
Mohammad Jabed Morshed Chowdhury ◽  
Dileep Kumar G
Keyword(s):  
Unsupervised Learning ◽  
Network Traffic ◽  
Denial Of Service ◽  
Security Threats ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Real Progress ◽  
Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Defending against Distributed Denial of Service

2011 ◽  
pp. 121-129
Author(s):  
Yang Xiang ◽  
Wanlei Zhou
Keyword(s):  
Web Sites ◽  
Credit Card ◽  
Denial Of Service ◽  
Online Gambling ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Web Traffic ◽  
Internet Applications ◽  
Ddos Attack ◽  
Interactive Advertising

Recently the notorious Distributed Denial of Service (DDoS) attacks made people aware of the importance of providing available data and services securely to users. A DDoS attack is characterized by an explicit attempt from an attacker to prevent legitimate users of a service from using the desired resource (CERT, 2006). For example, in February 2000, many Web sites such as Yahoo, Amazon.com, eBuy, CNN.com, Buy. com, ZDNet, E*Trade, and Excite.com were all subject to total or regional outages by DDoS attacks. In 2002, a massive DDoS attack briefly interrupted Web traffic on nine of the 13 DNS “root” servers that control the Internet (Naraine, 2002). In 2004, a number of DDoS attacks assaulted the credit card processor Authorize. net, the Web infrastructure provider Akamai Systems, the interactive advertising company DoubleClick (left that company’s servers temporarily unable to deliver ads to thousands of popular Web sites), and many online gambling sites (Arnfield, 2004). Nowadays, Internet applications face serious security problems caused by DDoS attacks. For example, according to CERT/CC Statistics 1998-2005 (CERT, 2006), computer-based vulnerabilities reported have increased exponentially since 1998. Effective approaches to defeat DDoS attacks are desperately demanded (Cisco, 2001; Gibson, 2002).

scholarly journals Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

2020 ◽  
Vol 14 (1) ◽  
pp. 17-34
Author(s):  
Maryam Ghanbari ◽  
Witold Kinsner
Keyword(s):  
Smart Grid ◽  
Input Data ◽  
Denial Of Service ◽  
Support Vector ◽  
Discrete Wavelet ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Infrastructure Services ◽  
Distinguishing Features

Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.

scholarly journals A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

2019 ◽  
Vol 9 (21) ◽  
pp. 4633 ◽  
Author(s):  
Jian Zhang ◽  
Qidi Liang ◽  
Rui Jiang ◽  
Xi Li
Keyword(s):  
Success Rate ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Feature Analysis ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Detection Capability ◽  
Ddos Attack ◽  
Attack Mitigation ◽  
Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

scholarly journals Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

2021 ◽  
Author(s):  
◽  
Jarrod Bakker
Keyword(s):  
Denial Of Service ◽  
Network Control ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Network Information ◽  
Ddos Attack ◽  
Machine Learning Methods ◽  
Attack Scenario ◽  
And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals Detection and Prevention Algorithm of DDoS Attack Over the IOT Networks

TEM Journal ◽  
2020 ◽  
pp. 899-906
Keyword(s):  
Denial Of Service ◽  
The Other ◽  
High Rate ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Huge Number ◽  
Security Issues ◽  
Ddos Attack ◽  
Legitimate User ◽  
The Impact

One of the most notorious security issues in the IoT is the Distributed Denial of Service (DDoS) attack. Using a large number of agents, DDoS attack floods the host server with a huge number of requests causing interrupting and blocking the legitimate user requests. This paper proposes a detection and prevention algorithm for DDoS attacks. It is divided into two parts, one for detecting the DDoS attack in the IoT end devices and the other for mitigating the impact of the attack placed on the border router. Also, it has the ability to differentiate the High-rate from the Lowrate DDoS attack accurately and defend against these two types of attacks. It is implemented and tested against different scenarios to dissect their efficiency in detecting and mitigating the DDoS attack.

Sign in / Sign up

Export Citation Format

Share Document