scholarly journals Distinguishing flooding distributed denial of service from flash crowds using four data mining approaches

2017 ◽  
Vol 14 (3) ◽  
pp. 839-856
Author(s):  
Bin Kong ◽  
Kun Yang ◽  
Degang Sun ◽  
Meimei Li ◽  
Zhixin Shi
Keyword(s):  
Data Mining ◽  
Denial Of Service ◽  
High Accuracy ◽  
Entropy Method ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Extensive Analysis ◽  
Significant Damage ◽  
New Feature ◽  
Flash Crowds

Flooding Distributed Denial of Service (DDoS) attacks can cause significant damage to Internet. These attacks have many similarities to Flash Crowds (FCs) and are always difficult to distinguish. To solve this issue, this paper first divides existing methods into two categories to clarify existing researches. Moreover, after conducting an extensive analysis, a new feature set is concluded to profile DDoS and FC. Along with this feature set, this paper proposes a new method that employs Data Mining approaches to discriminate between DDoS attacks and FCs. Experiments are conducted to evaluate the proposed method based on two realworld datasets. The results demonstrate that the proposed method could achieve a high accuracy (more than 98%). Additionally, compared with a traditional entropy method, the proposed method still demonstrates better performance.

Data Mining Techniques for Distributed Denial of Service Attacks Detection in the Internet of Things

2016 ◽  
pp. 275-334 ◽  
Author(s):  
Pheeha Machaka ◽  
Fulufhelo Nelwamondo
Keyword(s):  
Data Mining ◽  
Internet Of Things ◽  
Denial Of Service ◽  
Current Data ◽  
The Internet ◽  
Denial Of Service Attacks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Data Mining Techniques ◽  
The Internet Of Things

This chapter reviews the evolution of the traditional internet into the Internet of Things (IoT). The characteristics and application of the IoT are also reviewed, together with its security concerns in terms of distributed denial of service attacks. The chapter further investigates the state-of-the-art in data mining techniques for Distributed Denial of Service (DDoS) attacks targeting the various infrastructures. The chapter explores the characteristics and pervasiveness of DDoS attacks. It also explores the motives, mechanisms and techniques used to execute a DDoS attack. The chapter further investigates the current data mining techniques that are used to combat and detect these attacks, their advantages and disadvantages are explored. Future direction of the research is also provided.

scholarly journals A Hybrid Model for Detecting DDoS Attacks in Wide Area Networks

2019 ◽  
Vol 8 (2) ◽  
pp. 3488-3493
Keyword(s):  
Denial Of Service ◽  
Hybrid Approach ◽  
Wide Area ◽  
Wide Area Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Ddos Attack ◽  
Comprehensive Framework ◽  
Flash Crowds

Wide Area Networks (WANs) are subjected massive Denial of Service (DoS) attacks known as Distributed Denial of Service (DDoS) attacks. There are many distributed computing use cases in the real world. They include banking, insurance, e-Commerce and a host of other applications. In distributed environments, these applications are targeted by adversaries for launching DDoS attacks of various kinds. Such attacks cause the servers to be very busy answering fake traffic from the compromised nodes used by attackers from behind the scene. Large number of computers over Internet are compromised by attackers and through such machines DDoS attack is made. The server machines that provide services to genuine users become victims of such attacks. Detecting DDoS attacks is difficult in the presence of flash crowds that resembles DDoS traffic. As there are different kinds of DDoS attacks, it is understood, from the literature, that there is need for further research to have a comprehensive framework for detecting different kinds of DDoS attacks. In this paper we proposed a hybrid approach for detecting various kinds of DDoS attacks and simulation study is made to have proof of the concept. The results of the experiments revealed that the proposed methodology is useful to detect DDoS attacks in wide area networks.

Data Mining Techniques for Distributed Denial of Service Attacks Detection in the Internet of Things

2020 ◽  
pp. 561-608
Author(s):  
Pheeha Machaka ◽  
Fulufhelo Nelwamondo
Keyword(s):  
Data Mining ◽  
Internet Of Things ◽  
Denial Of Service ◽  
Current Data ◽  
The Internet ◽  
Denial Of Service Attacks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Data Mining Techniques ◽  
The Internet Of Things

This chapter reviews the evolution of the traditional internet into the Internet of Things (IoT). The characteristics and application of the IoT are also reviewed, together with its security concerns in terms of distributed denial of service attacks. The chapter further investigates the state-of-the-art in data mining techniques for Distributed Denial of Service (DDoS) attacks targeting the various infrastructures. The chapter explores the characteristics and pervasiveness of DDoS attacks. It also explores the motives, mechanisms and techniques used to execute a DDoS attack. The chapter further investigates the current data mining techniques that are used to combat and detect these attacks, their advantages and disadvantages are explored. Future direction of the research is also provided.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

scholarly journals Mathematical model on distributed denial of service attack through Internet of things in a network

2019 ◽  
Vol 8 (1) ◽  
pp. 486-495 ◽  
Author(s):  
Bimal Kumar Mishra ◽  
Ajit Kumar Keshri ◽  
Dheeresh Kumar Mallick ◽  
Binay Kumar Mishra
Keyword(s):  
Mathematical Model ◽  
Internet Of Things ◽  
Equilibrium Points ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Denial Of Service Attack ◽  
Different Types ◽  
Service Attack ◽  
Iot Devices

Abstract Internet of Things (IoT) opens up the possibility of agglomerations of different types of devices, Internet and human elements to provide extreme interconnectivity among them towards achieving a completely connected world of things. The mainstream adaptation of IoT technology and its widespread use has also opened up a whole new platform for cyber perpetrators mostly used for distributed denial of service (DDoS) attacks. In this paper, under the influence of internal and external nodes, a two - fold epidemic model is developed where attack on IoT devices is first achieved and then IoT based distributed attack of malicious objects on targeted resources in a network has been established. This model is mainly based on Mirai botnet made of IoT devices which came into the limelight with three major DDoS attacks in 2016. The model is analyzed at equilibrium points to find the conditions for their local and global stability. Impact of external nodes on the over-all model is critically analyzed. Numerical simulations are performed to validate the vitality of the model developed.

scholarly journals Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

2017 ◽  
Vol 7 (1.1) ◽  
pp. 230
Author(s):  
C. Vasan Sai Krishna ◽  
Y. Bhuvana ◽  
P. Pavan Kumar ◽  
R. Murugan
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Computing Power ◽  
Server Side ◽  
Ddos Attack ◽  
Client Machine ◽  
Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

scholarly journals Towards Effective Detection of Recent DDoS Attacks: A Deep Learning Approach

2021 ◽  
Vol 2021 ◽  
pp. 1-14
Author(s):  
Ivandro Ortet Lopes ◽  
Deqing Zou ◽  
Francis A Ruambo ◽  
Saeed Akbar ◽  
Bin Yuan
Keyword(s):  
Deep Learning ◽  
Intrusion Detection System ◽  
State Of The Art ◽  
Detection System ◽  
Denial Of Service ◽  
Model Performance ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Validation Metrics ◽  
High Processing

Distributed Denial of Service (DDoS) is a predominant threat to the availability of online services due to their size and frequency. However, developing an effective security mechanism to protect a network from this threat is a big challenge because DDoS uses various attack approaches coupled with several possible combinations. Furthermore, most of the existing deep learning- (DL-) based models pose a high processing overhead or may not perform well to detect the recently reported DDoS attacks as these models use outdated datasets for training and evaluation. To address the issues mentioned earlier, we propose CyDDoS, an integrated intrusion detection system (IDS) framework, which combines an ensemble of feature engineering algorithms with the deep neural network. The ensemble feature selection is based on five machine learning classifiers used to identify and extract the most relevant features used by the predictive model. This approach improves the model performance by processing only a subset of relevant features while reducing the computation requirement. We evaluate the model performance based on CICDDoS2019, a modern and realistic dataset consisting of normal and DDoS attack traffic. The evaluation considers different validation metrics such as accuracy, precision, F1-Score, and recall to argue the effectiveness of the proposed framework against state-of-the-art IDSs.

Sign in / Sign up

Export Citation Format

Share Document