DDOS Attack Detection Strategies in Cloud A Comparative Stud

2017 ◽  
pp. 35-42
Author(s):  
◽  
◽  
Keyword(s):  
Information Technology ◽  
Attack Detection ◽  
Cyber Attacks ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Huge Number ◽  
Ddos Attack ◽  
Ddos Attack Detection ◽  
Detection Strategies ◽  
Hot Target

Cloud is known as a highly-available platform that has become most popular among businesses for all information technology needs. Being a widely used platform, it’s also a hot target for cyber-attacks. Distributed Denial of Services (DDoS) is a great threat to a cloud in which cloud bandwidth, resources, and applications are attacked to cause service unavailability. In a DDoS attack, multiple botnets attack victim using spoofed IPs with a huge number of requests to a server. Since its discovery in 1980, numerous methods have been proposed for detection and prevention of network anomalies. This study provides a background of DDoS attack detection methods in past decade and a survey of some of the latest proposed strategies to detect DDoS attacks in the cloud, the methods are further compared for their detection accuracy.

Detecting DDoS Attacks on Multiple Network Hosts

2019 ◽  
pp. 121-139 ◽  
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Distributed Denial Of Service ◽  
Secondary Sources ◽  
Ddos Attack ◽  
Timely Fashion ◽  
Multiple Network ◽  
Ddos Attack Detection ◽  
Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

scholarly journals RT-SAD: Real-Time Sketch-Based Adaptive DDoS Detection for ISP Network

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Haibin Shi ◽  
Guang Cheng ◽  
Ying Hu ◽  
Fuzhou Wang ◽  
Haoxuan Ding
Keyword(s):  
Real Time ◽  
High Speed ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Network Environment ◽  
The Real ◽  
Feature Extraction Method ◽  
Ddos Attack ◽  
High Speed Network ◽  
Ddos Attack Detection

With the great changes in network scale and network topology, the difficulty of DDoS attack detection increases significantly. Most of the methods proposed in the past rarely considered the real-time, adaptive ability, and other practical issues in the real-world network attack detection environment. In this paper, we proposed a real-time adaptive DDoS attack detection method RT-SAD, based on the response to the external network when attacked. We designed a feature extraction method based on sketch and an adaptive updating algorithm, which makes the method suitable for the high-speed network environment. Experiment results show that our method can detect DDoS attacks using sampled Netflowunder high-speed network environment, with good real-time performance, low resource consumption, and high detection accuracy.

scholarly journals Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing

2018 ◽  
Vol 2018 ◽  
pp. 1-14 ◽  
Author(s):  
Jieren Cheng ◽  
Mengyang Li ◽  
Xiangyan Tang ◽  
Victor S. Sheng ◽  
Yifu Liu ◽  
...  
Keyword(s):  
Genetic Algorithm ◽  
Cloud Computing ◽  
Random Forest ◽  
Decision Tree ◽  
Attack Detection ◽  
Detection Methods ◽  
Cloud Environment ◽  
Ddos Attack ◽  
Correlation Degree ◽  
Ddos Attack Detection

Distributed denial-of-service (DDoS) has caused major damage to cloud computing, and the false- and missing-alarm rates of existing DDoS attack-detection methods are relatively high in cloud environment. In this paper, we propose a DDoS attack-detection method with enhanced random forest (RF) optimized by genetic algorithm based on flow correlation degree (FCD) feature. We define the FCD feature according to the asymmetric and semidirectivity interaction characteristics and use the two-tuples FCD feature consisting of packet-statistical degree (PSD) and semidirectivity interaction abnormality (SDIA) to describe the features of attack flow and normal flow. Then we use a genetic algorithm based on the FCD feature sequences to optimize two key parameters of the decision tree in the RF: the maximum number of decision trees and the maximum depth of every single decision tree. We apply the trained RF model with optimized parameters to generate the classifier to be used for DDoS attack-detection. The experiment shows that the proposed method can effectively detect DDoS attacks in cloud environment with a higher accuracy rate and lower false- and missing-alarm rates compared to existing DDoS attack-detection methods.

scholarly journals An Enhanced Deep Autoencoder-based Approach for DDoS Attack Detection

2020 ◽  
Vol 15 ◽  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
False Positive ◽  
Denial Of Service ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Ddos Attack ◽  
High Detection ◽  
Sparse Autoencoder ◽  
Ddos Attack Detection

Intrusion detection systems play a crucial role in preventing security threats and defending networks from attacks. Among the attacks, distributed Denial-of-Service (DDoS) attacks literally get into the network and, in addition, they are terribly troublesome to avoid. With the advent of unknown threats, traditional machine learning approaches are impacted by lower detection rates and higher false-positive rates. As a result, the DDoS detection system requires an over-performing machine learning classifier with minimal false-positive and high detection accuracy. In this context, we propose an Improved Deep Sparse Autoencoder-based Framework (EDSA) for DDoS Attack Detection with a cost minimization strategy. The sparse autoencoder is used for dataset extraction functionality, while the softmax layer is used for traffic classification as malicious or bengin. However, intrusion detection includes the risk elements of inaccurate prediction; hence, we have used research metrics such as accuracy, precision, detection rate and specificity for our model analysis. The proposed solution uses the CICDDoS 2019 datasets and demonstrates high detection accuracy with a much less false positives percentage.

Detecting DDoS Attacks on Multiple Network Hosts

2021 ◽  
pp. 89-103
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Distributed Denial Of Service ◽  
Secondary Sources ◽  
Ddos Attack ◽  
Timely Fashion ◽  
Multiple Network ◽  
Ddos Attack Detection ◽  
Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

Sign in / Sign up

Export Citation Format

Share Document