Deep learning model for distributed denial of service (DDoS) detection

Distributed denial of service (DDoS) attacks is one of the serious threats in the domain of cybersecurity where it affects the availability of online services by disrupting access to its legitimate users. The consequences of such attacks could be millions of dollars in worth since all of the online services are relying on high availability. The magnitude of DDoS attacks is ever increasing as attackers are smart enough to innovate their attacking strategies to expose vulnerabilities in the intrusion detection models or mitigation mechanisms. The history of DDoS attacks reflects that network and transport layers of the OSI model were the initial target of the attackers, but the recent history from the cybersecurity domain proves that the attacking momentum has shifted toward the application layer of the OSI model which presents a high degree of difficulty distinguishing the attack and benign traffics that make the combat against application-layer DDoS attack a sophisticated task. Striding for high accuracy with high DDoS classification recall is key for any DDoS detection mechanism to keep the reliability and trustworthiness of such a system. In this paper, a deep learning approach for application-layer DDoS detection is proposed by using an autoencoder to perform the feature selection and Deep neural networks to perform the attack classification. A popular benchmark dataset CIC DoS 2017 is selected by extracting the most appealing features from the packet flows. The proposed model has achieved an accuracy of 99.83% with a detection rate of 99.84% while maintaining the false-negative rate of 0.17%, which has the heights accuracy rate among the literature reviewed so far.

Download Full-text

HULK and DDoS Attacks in Web Applications with Detection Mechanism

International Journal of Emerging Research in Management and Technology ◽

10.23956/ijermt.v6i6.268 ◽

2018 ◽

Vol 6 (6) ◽

pp. 192

Author(s):

Amit Sharma

Keyword(s):

Web Applications ◽

Denial Of Service ◽

Single Server ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Mechanism ◽

Plan Execution ◽

Social Affair ◽

Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

Download Full-text

Towards Effective Detection of Recent DDoS Attacks: A Deep Learning Approach

Security and Communication Networks ◽

10.1155/2021/5710028 ◽

2021 ◽

Vol 2021 ◽

pp. 1-14

Author(s):

Ivandro Ortet Lopes ◽

Deqing Zou ◽

Francis A Ruambo ◽

Saeed Akbar ◽

Bin Yuan

Keyword(s):

Deep Learning ◽

Intrusion Detection System ◽

State Of The Art ◽

Detection System ◽

Denial Of Service ◽

Model Performance ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Validation Metrics ◽

High Processing

Distributed Denial of Service (DDoS) is a predominant threat to the availability of online services due to their size and frequency. However, developing an effective security mechanism to protect a network from this threat is a big challenge because DDoS uses various attack approaches coupled with several possible combinations. Furthermore, most of the existing deep learning- (DL-) based models pose a high processing overhead or may not perform well to detect the recently reported DDoS attacks as these models use outdated datasets for training and evaluation. To address the issues mentioned earlier, we propose CyDDoS, an integrated intrusion detection system (IDS) framework, which combines an ensemble of feature engineering algorithms with the deep neural network. The ensemble feature selection is based on five machine learning classifiers used to identify and extract the most relevant features used by the predictive model. This approach improves the model performance by processing only a subset of relevant features while reducing the computation requirement. We evaluate the model performance based on CICDDoS2019, a modern and realistic dataset consisting of normal and DDoS attack traffic. The evaluation considers different validation metrics such as accuracy, precision, F1-Score, and recall to argue the effectiveness of the proposed framework against state-of-the-art IDSs.

Download Full-text

DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning

The Computer Journal ◽

10.1093/comjnl/bxz064 ◽

2019 ◽

Vol 63 (7) ◽

pp. 983-994 ◽

Cited By ~ 4

Author(s):

Muhammad Asad ◽

Muhammad Asim ◽

Talha Javed ◽

Mirza O Beg ◽

Hasan Mujtaba ◽

...

Keyword(s):

Neural Network ◽

Network Architecture ◽

Denial Of Service ◽

Smart Devices ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Tangible Computing ◽

Network Bandwidth ◽

Feed Forward Back Propagation

Abstract At the advent of advanced wireless technology and contemporary computing paradigms, Distributed Denial of Service (DDoS) attacks on Web-based services have not only increased exponentially in number, but also in the degree of sophistication; hence the need for detecting these attacks within the ocean of communication packets is extremely important. DDoS attacks were initially projected toward the network and transport layers. Over the years, attackers have shifted their offensive strategies toward the application layer. The application layer attacks are potentially more detrimental and stealthier because of the attack traffic and the benign traffic flows being indistinguishable. The distributed nature of these attacks is difficult to combat as they may affect tangible computing resources apart from network bandwidth consumption. In addition, smart devices connected to the Internet can be infected and used as botnets to launch DDoS attacks. In this paper, we propose a novel deep neural network-based detection mechanism that uses feed-forward back-propagation for accurately discovering multiple application layer DDoS attacks. The proposed neural network architecture can identify and use the most relevant high level features of packet flows with an accuracy of 98% on the state-of-the-art dataset containing various forms of DDoS attacks.

Download Full-text

Neural Network-Based Approach for Detection and Mitigation of DDoS Attacks in SDN Environments

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2020070104 ◽

2020 ◽

Vol 14 (3) ◽

pp. 50-71

Author(s):

Oussama Hannache ◽

Mohamed Chaouki Batouche

Keyword(s):

Neural Network ◽

Performance Metrics ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Analysis Method ◽

Organizational Network ◽

Ddos Attack ◽

Data Plane ◽

Ddos Detection

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.

Download Full-text

A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed

ISRN Communications and Networking ◽

10.1155/2014/259831 ◽

2014 ◽

Vol 2014 ◽

pp. 1-15 ◽

Cited By ~ 11

Author(s):

Monika Sachdeva ◽

Krishan Kumar

Keyword(s):

Research Laboratory ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Cyber Defense ◽

Ddos Attack ◽

Defense Technology ◽

Different Types ◽

Ddos Detection ◽

Flash Event

The detection of distributed denial of service (DDoS) attacks is one of the hardest problems confronted by the network security researchers. Flash event (FE), which is caused by a large number of legitimate requests, has similar characteristics to those of DDoS attacks. Moreover DDoS attacks and FEs require altogether different handling procedures. So discriminating DDoS attacks from FEs is very important. But the research involving DDoS detection has not laid enough emphasis on including FEs scenarios in the experiments. In this paper, we are using traffic cluster entropy as detection metric not only to detect DDoS attacks but also to distinguish DDoS attacks from FEs. We have validated our approach on cyber-defense technology experimental research laboratory (DETER) testbed. Different emulation scenarios are created on DETER using mix of legitimate, flash, and different types of attacks at varying strengths. It is found that, when flash event is triggered, source address entropy increases but the corresponding traffic cluster entropy does not increase. However, when DDoS attack is launched, traffic cluster entropy also increases along with source address entropy. An analysis of live traces on DETER testbed clearly manifests supremacy of our approach.

Download Full-text

Low-Rate DDoS Attack Detection Using Expectation of Packet Size

Security and Communication Networks ◽

10.1155/2017/3691629 ◽

2017 ◽

Vol 2017 ◽

pp. 1-14 ◽

Cited By ~ 12

Author(s):

Lu Zhou ◽

Mingchao Liao ◽

Cao Yuan ◽

Haoyu Zhang

Keyword(s):

Denial Of Service ◽

False Negative ◽

Attack Detection ◽

Detection Sensitivity ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Packet Size ◽

Tolerance Factors ◽

Ddos Attack Detection ◽

Low Rate

Low-rate Distributed Denial-of-Service (low-rate DDoS) attacks are a new challenge to cyberspace, as the attackers send a large amount of attack packets similar to normal traffic, to throttle legitimate flows. In this paper, we propose a measurement—expectation of packet size—that is based on the distribution difference of the packet size to distinguish two typical low-rate DDoS attacks, the constant attack and the pulsing attack, from legitimate traffic. The experimental results, obtained using a series of real datasets with different times and different tolerance factors, are presented to demonstrate the effectiveness of the proposed measurement. In addition, extensive experiments are performed to show that the proposed measurement can detect the low-rate DDoS attacks not only in the short and long terms but also for low packet rates and high packet rates. Furthermore, the false-negative rates and the adjudication distance can be adjusted based on the detection sensitivity requirements.

Download Full-text

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Sensors ◽

10.3390/s20143820 ◽

2020 ◽

Vol 20 (14) ◽

pp. 3820

Author(s):

Abdul Ghafar Jaafar ◽

Saiful Adli Ismail ◽

Mohd Shahidan Abdullah ◽

Nazri Kama ◽

Azri Azmi ◽

...

Keyword(s):

Critical Analysis ◽

Denial Of Service ◽

Web Server ◽

Recent Analysis ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Ddos Attack ◽

Client Request ◽

Attack Patterns

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

Download Full-text

Securing an Internet of Things from Distributed Denial of Service and Mirai Botnet Attacks Using a Novel Hybrid Detection and Mitigation Mechanism

International Journal of Intelligent Engineering and Systems ◽

10.22266/ijies2021.0228.12 ◽

2021 ◽

Vol 14 (1) ◽

pp. 113-123

Author(s):

M Karthik ◽

◽

M Krishnan ◽

Keyword(s):

Internet Of Things ◽

Denial Of Service ◽

False Negative ◽

False Negative Rate ◽

Detection Accuracy ◽

Distributed Denial Of Service ◽

African Buffalo ◽

Attack Model ◽

Ddos Attack ◽

Hybrid Detection

Internet of Things (IoT) has become more familiar in all applications and industrial fields such as medical, military, transportation, etc. It has some limitations because of the attack model in the transmission or communication channel. Moreover, one of the deadliest attacks is known as a Distributed Denial of Service Attack (DDoS). The Presence of DDoS in network layer cause huge damage in data transmission channel that ends in data loss or collapse. To address this issue the current research focused on an innovative detection and mitigation of Mirai and DDoS attack in IoT environment. Initially, number of IoT devices is arranged with the help of a novel Hybrid Strawberry and African Buffalo Optimization (HSBABO). Consequently, the types of DDoS attacks are launched in the developed IoT network. Moreover, the presence of strawberry and African Buffalo fitness is utilized to detect and specify the attack types. Subsequently a novel MCELIECE encryption with Cloud Shield scheme is developed to prevent the low and high rate DDoS attack in the Internet of Things. Finally, the proposed model attained 94% of attack detection accuracy, 3% of false negative rate and 5.5% of false positive rate.

Download Full-text

Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f6986.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 208-212

Keyword(s):

Machine Learning ◽

Defense Mechanisms ◽

Defense Mechanism ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Network Environment ◽

Ddos Attacks ◽

Application Layer ◽

New Approach ◽

Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

Download Full-text

Application Layer Distributed Denial of Service Attacks Defense Techniques : A review

Academic Journal of Nawroz University ◽

10.25007/ajnu.v7n4a279 ◽

2018 ◽

Vol 7 (4) ◽

pp. 113 ◽

Cited By ~ 1

Author(s):

Subhi R. M. Zeebaree ◽

Karzan H. Sharif ◽

Roshna M. Mohammed Amin

Keyword(s):

Denial Of Service ◽

The Internet ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Application Layer ◽

Detection Techniques ◽

Clear View ◽

Methods And Techniques ◽

Experimental Approaches ◽

Detection Mechanisms

Currently distributed denial of service (DDoS) is the most sever attack that effect on the internet convenience. The main goal of these attacks is to prevent normal users from accessing the internet services such as web servers. However the more challenge and difficult types to detect is application layer DDoS attacks because of using legitimate client to create connection with victims. In this paper we give a review on application layer DDoS attacks defense or detection mechanisms. Furthermore, we summarize several experimental approaches on detection techniques of application layer DDoS attacks. The main goal of this paper is to get a clear view and detailed summary of the recent algorithms, methods and techniques presented to tackle these serious types of attacks.

Download Full-text