DIAMOND: A Structured Coevolution Feature Optimization Method for LDDoS Detection in SDN-IoT

Software-defined networking for IoT (SDN-IoT) has become popular owing to its utility in smart applications. However, IoT devices are limited in computing resources, which makes them vulnerable to Low-rate Distributed Denial of Service (LDDoS). It is worth noting that LDDoS attacks are extremely stealthy and can evade the monitoring of traditional detection methods. Therefore, how to choose the optimal features to improve the detection performance of LDDoS attack detection methods is a key problem. In this paper, we propose DIAMOND, a structured coevolution feature optimization method for LDDoS detection in SDN-IoT. DIAMOND is consisted of a reachable count sorting clustering algorithm, a group structuring method, a comutation strategy, and a cocrossover strategy. By analysing the information of SDN-IoT network features in the solution space, the relationship between different SDN-IoT network features and the optimal solution is explored in DIAMOND. Then, the individuals with associated SDN-IoT network features are divided into different subpopulations, and a structural tree is generated. Further, multiple structural trees evolve in concert with each other. The evaluation results show that DIAMOND can effectively select optimal low-dimension feature sets and improve the performance of the LDDoS detection method, in terms of detection precision and response time.

Download Full-text

Detecting DDoS Attacks on Multiple Network Hosts

Developments in Information Security and Cybernetic Wars - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-8304-2.ch006 ◽

2019 ◽

pp. 121-139 ◽

Cited By ~ 1

Author(s):

Konstantinos F. Xylogiannopoulos ◽

Panagiotis Karampelas ◽

Reda Alhajj

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Distributed Denial Of Service ◽

Secondary Sources ◽

Ddos Attack ◽

Timely Fashion ◽

Multiple Network ◽

Ddos Attack Detection ◽

Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

Download Full-text

Attack Detection in IoT using Machine Learning

Engineering, Technology & Applied Science Research ◽

10.48084/etasr.4202 ◽

2021 ◽

Vol 11 (3) ◽

pp. 7273-7278

Author(s):

M. Anwer ◽

M. U. Farooq ◽

S. M. Khan ◽

W. Waseemullah

Keyword(s):

Machine Learning ◽

Network Traffic ◽

Learning Algorithm ◽

Attack Detection ◽

Supervised Machine Learning ◽

Detection Methods ◽

Support Vector ◽

Web Traffic ◽

Local Networks ◽

Iot Devices

Many researchers have examined the risks imposed by the Internet of Things (IoT) devices on big companies and smart towns. Due to the high adoption of IoT, their character, inherent mobility, and standardization limitations, smart mechanisms, capable of automatically detecting suspicious movement on IoT devices connected to the local networks are needed. With the increase of IoT devices connected through internet, the capacity of web traffic increased. Due to this change, attack detection through common methods and old data processing techniques is now obsolete. Detection of attacks in IoT and detecting malicious traffic in the early stages is a very challenging problem due to the increase in the size of network traffic. In this paper, a framework is recommended for the detection of malicious network traffic. The framework uses three popular classification-based malicious network traffic detection methods, namely Support Vector Machine (SVM), Gradient Boosted Decision Trees (GBDT), and Random Forest (RF), with RF supervised machine learning algorithm achieving far better accuracy (85.34%). The dataset NSL KDD was used in the recommended framework and the performances in terms of training, predicting time, specificity, and accuracy were compared.

Download Full-text

Architecture for Secure Communication Among IoT Devices with Ethereum Blockchain

10.3233/apc210250 ◽

2021 ◽

Author(s):

Bawankar Chetan D ◽

Sanjeev Kumar Sharma

Keyword(s):

Internet Of Things ◽

Information Transmission ◽

Open System ◽

Secure Communication ◽

Denial Of Service ◽

Peer To Peer ◽

System Innovation ◽

Distributed Denial Of Service ◽

Iot Devices ◽

The Relationship

The paper aims to clarify the relationship between Internet-of-Things devices and Ethereum blockchain. It proposes the arrangement to ensure information transmission among parties in an open system of IoT must be secure using Ethereum. The accompanying joining strategy utilized terminal gadgets as system innovation and Ethereum blockchain stage that delivered back-end, which guarantees high security, accessibility, and protection, supplanting conventional back-end frameworks. The following issues should be considered to prevent the malicious hub from attacking, resist distributed denial-of-service attacks, and prevent firmware backdoor access. This paper proposed a system in which the Peer-to-Peer authentication model, where every IoT node in the system must be authenticated and verified by the proposed framework. The paper provides empirical insights into IoT nodes manufactured in bulk, and they are remaining with their default username and password.

Download Full-text

A comparative analysis of metaheuristic algorithms in fuzzy modelling for phishing attack detection

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v23.i2.pp1146-1158 ◽

2021 ◽

Vol 23 (2) ◽

pp. 1146

Author(s):

Noor Syahirah Nordin ◽

Mohd Arfian Ismail ◽

Tole Sutikno ◽

Shahreen Kasim ◽

Rohayanti Hassan ◽

...

Keyword(s):

Comparative Analysis ◽

Cyber Security ◽

Fuzzy System ◽

Optimal Solution ◽

Optimization Method ◽

Complex Problem ◽

Attack Detection ◽

Metaheuristic Algorithms ◽

Metaheuristic Algorithm ◽

Fuzzy Modelling

<div>Phishing attack is a well-known cyber security attack that happens to many people around the world. The increasing and never-ending case of phishing attack has led to more automated approaches in detecting phishing attack. One of the methods is applying fuzzy system. Fuzzy system is a rule-based system that utilize fuzzy sets and fuzzy logic concept to solve problems. However, it is hard to achieve optimal solution when applied to complex problem where the process of identify the fuzzy parameter becomes more complicated. To cater this issue, an optimization method is needed to identify the parameter of fuzzy automatically. The optimization method derives from the metaheuristic algorithm. Therefore, the aim of this study is to make a comparative analysis between the metaheuristic algorithms in fuzzy modelling. The study was conducted to analyse which algorithm performed better when applied in two datasets: website phishing dataset (WPD) and phishing websites dataset (PWD). Then the results were obtained to show the performance of every metaheuristic algorithm in terms of convergence speed and four metrics including accuracy, recall, precision, and f-measure. </div>

Download Full-text

Modeling and Simulation of Low Rate of Denial of Service Attacks

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.484-485.1063 ◽

2014 ◽

Vol 484-485 ◽

pp. 1063-1066

Author(s):

Kui Liang Xia

Keyword(s):

High Efficiency ◽

Denial Of Service ◽

Research Work ◽

Attack Detection ◽

Detection Methods ◽

Dos Attacks ◽

Denial Of Service Attack ◽

Service Attack ◽

User Data ◽

Low Rate

The low-rate denial of service attack is more applicable to the network in recent years as a means of attack, which is different from the traditional field type DoS attacks at the network end system or network using adaptive mechanisms exist loopholes flow through the low-rate periodic attacks on the implementation of high-efficiency attacked by an intruder and not be found, resulting in loss of user data or a computer deadlock. LDos attack since there has been extensive attention of researchers, the attack signature analysis and detection methods to prevent network security have become an important research topic. Some have been proposed for the current attacks were classified LDoS describe and model, and then in NS-2 platform for experimental verification, and then LDoS attack detection to prevent difficulties are discussed and summarized for the future such attacks detection method research work to provide a reference.

Download Full-text

Note on Studying Change Point of LRD Traffic Based on Li's Detection of DDoS Flood Attacking

Mathematical Problems in Engineering ◽

10.1155/2010/962435 ◽

2010 ◽

Vol 2010 ◽

pp. 1-14 ◽

Cited By ~ 4

Author(s):

Zhengmin Xia ◽

Songnian Lu ◽

Junhua Tang

Keyword(s):

Change Point ◽

Detection Method ◽

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Hurst Parameter ◽

Test Results ◽

Self Similarity ◽

Ddos Detection ◽

Detection Evaluation

Distributed denial-of-service (DDoS) flood attacks remain great threats to the Internet. To ensure network usability and reliability, accurate detection of these attacks is critical. Based on Li's work on DDoS flood attack detection, we propose a DDoS detection method by monitoring the Hurst variation of long-range dependant traffic. Specifically, we use an autoregressive system to estimate the Hurst parameter of normal traffic. If the actual Hurst parameter varies significantly from the estimation, we assume that DDoS attack happens. Meanwhile, we propose two methods to determine the change point of Hurst parameter that indicates the occurrence of DDoS attacks. The detection rate associated with one method and false alarm rate for the other method are also derived. The test results on DARPA intrusion detection evaluation data show that the proposed approaches can achieve better detection performance than some well-known self-similarity-based detection methods.

Download Full-text

IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

Mathematical Biosciences and Engineering ◽

10.3934/mbe.2022059 ◽

2021 ◽

Vol 19 (2) ◽

pp. 1280-1303

Author(s):

Jiushuang Wang ◽

◽

Ying Liu ◽

Huifen Feng

Keyword(s):

Internet Of Things ◽

Firefly Algorithm ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Detection Scheme ◽

Ddos Attack ◽

Improved Firefly Algorithm ◽

Iot Devices ◽

Ddos Attack Detection

<abstract><p>Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.</p></abstract>

Download Full-text

DDoS attack detection using deep learning

IAES International Journal of Artificial Intelligence (IJ-AI) ◽

10.11591/ijai.v10.i2.pp382-388 ◽

2021 ◽

Vol 10 (2) ◽

pp. 382

Author(s):

Thapanarath Khempetch ◽

Pongpisit Wuttidittachotti

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Ddos Attack ◽

Attack Surface ◽

Iot Devices ◽

Ddos Attack Detection ◽

Flow Of Information

<span id="docs-internal-guid-58e12f40-7fff-ea30-01f6-fbbed132b03c"><span>Nowadays, IoT devices are widely used both in daily life and in corporate and industrial environments. The use of these devices has increased dramatically and by 2030 it is estimated that their usage will rise to 125 billion devices causing enormous flow of information. It is likely that it will also increase distributed denial-of-service (DDoS) attack surface. As IoT devices have limited resources, it is impossible to add additional security structures to it. Therefore, the risk of DDoS attacks by malicious people who can take control of IoT devices, remain extremely high. In this paper, we use the CICDDoS2019 dataset as a dataset that has improved the bugs and introducing a new taxonomy for DDoS attacks, including new classification based on flows network. We propose DDoS attack detection using the deep neural network (DNN) and long short-term memory (LSTM) algorithm. Our results show that it can detect more than 99.90% of all three types of DDoS attacks. The results indicate that deep learning is another option for detecting attacks that may cause disruptions in the future.</span></span>

Download Full-text

Detection of DDoS Attacks in Software Defined Networking Using Entropy

Applied Sciences ◽

10.3390/app12010370 ◽

2021 ◽

Vol 12 (1) ◽

pp. 370

Author(s):

Cong Fan ◽

Nitheesh Murugan Kaliyamurthy ◽

Shi Chen ◽

He Jiang ◽

Yiwen Zhou ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Software Defined Networking ◽

Attack Detection ◽

Detection Methods ◽

Network Architectures ◽

Security Threats ◽

Ddos Attacks ◽

Internet Users ◽

Detection Effect

Software Defined Networking (SDN) is one of the most commonly used network architectures in recent years. With the substantial increase in the number of Internet users, network security threats appear more frequently, which brings more concerns to SDN. Distributed denial of Service (DDoS) attacks are one of the most dangerous and frequent attacks in software defined networks. The traditional attack detection method using entropy has some defects such as slow attack detection and poor detection effect. In order to solve this problem, this paper proposed a method of fusion entropy, which detects attacks by measuring the randomness of network events. This method has the advantages of fast attack detection speed and obvious decrease in entropy value. The complementarity of information entropy and log energy entropy is effectively utilized. The experimental results show that the entropy value of the attack scenarios 91.25% lower than normal scenarios, which has greater advantages and significance compared with other attack detection methods.

Download Full-text

An Overview of Distributed Denial of Service Traffic Detection Approaches

PROMET - Traffic&Transportation ◽

10.7307/ptt.v31i4.3082 ◽

2019 ◽

Vol 31 (4) ◽

pp. 453-464

Author(s):

Ivan Cvitić ◽

Dragan Peraković ◽

Marko Periša ◽

Siniša Husnjak

Keyword(s):

Critical Infrastructure ◽

Detection System ◽

Autonomous Vehicle ◽

Denial Of Service ◽

Model Development ◽

Detection Methods ◽

Future Research ◽

Distributed Denial Of Service ◽

Negative Consequences ◽

Iot Devices

The availability of information and communication (IC) resources is a growing problem caused by the increase in the number of users, IC services, and the capacity constraints. IC resources need to be available to legitimate users at the required time. The availability is of crucial importance in IC environments such as smart city, autonomous vehicle, or critical infrastructure management systems. In the mentioned and similar environments the unavailability of resources can also have negative consequences on people's safety. The distributed denial of service (DDoS) attacks and traffic that such attacks generate, represent a growing problem in the last decade. Their goal is to disable access to the resources for legitimate users. This paper analyses the trends of such traffic which indicates the importance of its detection methods research. The paper also provides an overview of the currently used approaches used in detection system and model development. Based on the analysis of the previous research, the disadvantages of the used approaches have been identified which opens the space and gives the direction for future research. Besides the mentioned this paper highlights a DDoS traffic generated through Internet of things (IoT) devices as an evolving threat that needs to be taken into consideration in the future studies.

Download Full-text