scholarly journals Review on EM-CURE Algorithm for Detection DDOS Attack

2018 ◽  
Vol 7 (01) ◽  
pp. 23386-23489
Author(s):  
Miss Priyanka P. Narode ◽  
Prof I.R. Shaikh
Keyword(s):  
Data Mining ◽  
Network Flow ◽  
Denial Of Service ◽  
Attack Detection ◽  
Cyber Attack ◽  
Data Mining Technique ◽  
Network Resource ◽  
Data Mining Techniques ◽  
Ddos Attack ◽  
Efficient Detection

Distributed Denial of Service attack (DoS attack) is a cyber attack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet. Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method because they are designed to restricted applications on limited environments.DDoS attack detection very difficult because the non-existence of predefined rules to correctly identify the genuine network flow. A combination of unsupervised data mining techniques as IDS are introduced. The Entropy Method concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from datasets. The CURE DDoS attack detection technique based on entropy gives a promising way to analyze this attack and construct an efficient detection model using a clustering data mining techniques. This approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient.

Advanced Network Data Analytics for Large-Scale DDoS Attack Detection

2017 ◽  
Vol 7 (3) ◽  
pp. 44-54 ◽  
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Large Scale ◽  
Denial Of Service ◽  
Attack Detection ◽  
Large Network ◽  
Cloud Infrastructure ◽  
Laptop Computer ◽  
Data Mining Technique ◽  
Ddos Attack ◽  
Hardware Configuration ◽  
Security Standards

Internet-enabled devices or Internet of Things as it has been prevailed are increasing exponentially every day. The lack of security standards in the manufacturing of these devices along with the haste of the manufacturers to increase their market share in this area has created a very large network of vulnerable devices that can be easily recruited as bot members and used to initiate very large volumetric Distributed Denial of Service (DDoS) attacks. The significance of the problem can be easily acknowledged due to the large number of cases regarding attacks on institutions, enterprises and even countries which have been recently revealed. In the current paper a novel method is introduced, which is based on a data mining technique that can analyze incoming IP traffic details and early warn the network administrator about a potentially developing DDoS attack. The method can scale depending on the availability of the infrastructure from a conventional laptop computer to a complex cloud infrastructure. Based on the hardware configuration as it is proved with the experiments the method can easily monitor and detect abnormal network traffic of several Gbps in real time using the minimum hardware equipment.

Advanced Network Data Analytics for Large-Scale DDoS Attack Detection

2021 ◽  
pp. 358-370
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Large Scale ◽  
Denial Of Service ◽  
Attack Detection ◽  
Large Network ◽  
Cloud Infrastructure ◽  
Data Mining Technique ◽  
Ddos Attack ◽  
Hardware Configuration ◽  
Novel Method ◽  
Security Standards

Internet-enabled devices or Internet of Things as it has been prevailed are increasing exponentially every day. The lack of security standards in the manufacturing of these devices along with the haste of the manufacturers to increase their market share in this area has created a very large network of vulnerable devices that can be easily recruited as bot members and used to initiate very large volumetric Distributed Denial of Service (DDoS) attacks. The significance of the problem can be easily acknowledged due to the large number of cases regarding attacks on institutions, enterprises and even countries which have been recently revealed. In the current paper a novel method is introduced, which is based on a data mining technique that can analyze incoming IP traffic details and early warn the network administrator about a potentially developing DDoS attack. The method can scale depending on the availability of the infrastructure from a conventional laptop computer to a complex cloud infrastructure. Based on the hardware configuration as it is proved with the experiments the method can easily monitor and detect abnormal network traffic of several Gbps in real time using the minimum hardware equipment.

scholarly journals A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Shanshan Yu ◽  
Jicheng Zhang ◽  
Ju Liu ◽  
Xiaoqing Zhang ◽  
Yafeng Li ◽  
...  
Keyword(s):  
Ensemble Learning ◽  
Denial Of Service ◽  
Attack Detection ◽  
Coarse Grained ◽  
Communication Overhead ◽  
Detection Scheme ◽  
Fine Grained ◽  
Ddos Attack ◽  
Network Status ◽  
Ddos Attack Detection

AbstractIn order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

scholarly journals Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

2018 ◽  
Vol 2018 ◽  
pp. 1-19 ◽  
Author(s):  
Jieren Cheng ◽  
Chen Zhang ◽  
Xiangyan Tang ◽  
Victor S. Sheng ◽  
Zhe Dong ◽  
...  
Keyword(s):  
Detection Method ◽  
Denial Of Service ◽  
Multiple Kernel Learning ◽  
Attack Detection ◽  
Kernel Learning ◽  
Economic Losses ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Multiple Kernel ◽  
Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

scholarly journals Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

2021 ◽  
Author(s):  
Merlin James Rukshan Dennis
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Statistical Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Learning Approach ◽  
Ddos Attack ◽  
Machine Learning Approach ◽  
Ddos Detection ◽  
Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

scholarly journals OUTLIER DETECTION METHOD USE FOR THE NETWORK FLOW ANOMALY DETECTION / IŠSKIRČIŲ RADIMO METODŲ TAIKYMAS ANOMALIJOMS KOMPIUTERIŲ TINKLO PAKETŲ SRAUTUOSE APTIKTI

2016 ◽  
Vol 8 (3) ◽  
pp. 327-333 ◽  
Author(s):  
Rimas Ciplinskas ◽  
Nerijus Paulauskas
Keyword(s):  
Anomaly Detection ◽  
Network Flow ◽  
Detection Method ◽  
Attack Detection ◽  
Detection Methods ◽  
Cyber Attack ◽  
Normal Network ◽  
New Type ◽  
Flow Detection ◽  
F Measure

New and existing methods of cyber-attack detection are constantly being developed and improved because there is a great number of attacks and the demand to protect from them. In prac-tice, current methods of attack detection operates like antivirus programs, i. e. known attacks signatures are created and attacks are detected by using them. These methods have a drawback – they cannot detect new attacks. As a solution, anomaly detection methods are used. They allow to detect deviations from normal network behaviour that may show a new type of attack. This article introduces a new method that allows to detect network flow anomalies by using local outlier factor algorithm. Accom-plished research allowed to identify groups of features which showed the best results of anomaly flow detection according the highest values of precision, recall and F-measure. Kibernetinių atakų gausa ir įvairovė bei siekis nuo jų apsisaugoti verčia nuolat kurti naujus ir tobulinti jau esamus atakų aptikimo metodus. Kaip rodo praktika, dabartiniai atakų atpažinimo metodai iš esmės veikia pagal antivirusinių programų principą, t.y. sudaromi žinomų atakų šablonai, kuriais remiantis yra aptinkamos atakos, tačiau pagrindinis tokių metodų trūkumas – negalėjimas aptikti naujų, dar nežinomų atakų. Šiai problemai spręsti yra pasitelkiami anomalijų aptikimo metodai, kurie leidžia aptikti nukrypimus nuo normalios tinklo būsenos. Straipsnyje yra pateiktas naujas metodas, leidžiantis aptikti kompiuterių tinklo paketų srauto anomalijas taikant lokalių išskirčių faktorių algoritmą. Atliktas tyrimas leido surasti požymių grupes, kurias taikant anomalūs tinklo srautai yra atpažįstami geriausiai, t. y. pasiekiamos didžiausios tikslumo, atkuriamumo ir F-mato reikšmės.

Sign in / Sign up

Export Citation Format

Share Document