Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

10.32920/ryerson.14657556.v1 ◽

2021 ◽

Author(s):

Merlin James Rukshan Dennis

Keyword(s):

Machine Learning ◽

Random Forest ◽

Statistical Approach ◽

Denial Of Service ◽

Attack Detection ◽

Learning Approach ◽

Ddos Attack ◽

Machine Learning Approach ◽

Ddos Detection ◽

Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

Download Full-text

Application Layer DDOS Attack Detection Using Hybrid Machine Learning Approach

International Journal of Security and Its Applications ◽

10.14257/ijsia.2017.11.4.07 ◽

2017 ◽

Vol 11 (4) ◽

pp. 85-96 ◽

Cited By ~ 1

Author(s):

Rizwan ur Rahman ◽

Deepak Singh Tomar ◽

Jijin A.V.

Keyword(s):

Machine Learning ◽

Attack Detection ◽

Learning Approach ◽

Application Layer ◽

Ddos Attack ◽

Machine Learning Approach ◽

Hybrid Machine ◽

Ddos Attack Detection

Download Full-text

Improving Distributed Denial of Service (DDOS) Detection using Entropy Method in Software Defined Network (SDN)

ComTech Computer Mathematics and Engineering Applications ◽

10.21512/comtech.v8i4.3902 ◽

2017 ◽

Vol 8 (4) ◽

pp. 215

Author(s):

Maman Abdurohman ◽

Dani Prasetiawan ◽

Fazmah Arif Yulianto

Keyword(s):

Denial Of Service ◽

Entropy Method ◽

Attack Detection ◽

New Method ◽

Sudden Increase ◽

Software Defined Network ◽

Distributed Denial Of Service ◽

Ddos Attack ◽

Ddos Detection ◽

Ddos Attack Detection

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.

Download Full-text

Comparative Study on TCP SYN Flood DDoS Attack Detection: A Machine Learning Algorithm Based Approach

WSEAS TRANSACTIONS ON SYSTEMS AND CONTROL ◽

10.37394/23203.2021.16.54 ◽

2021 ◽

Vol 16 ◽

pp. 584-591

Author(s):

S. Sumathi ◽

R. Rajesh

Keyword(s):

Machine Learning ◽

Learning Algorithm ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Algorithm ◽

Distributed Denial Of Service ◽

Ddos Attack ◽

Research Goal ◽

Ddos Attack Detection ◽

F Measure

A most common attack on the internet network is a Distributed Denial of Service (DDoS) attack, which involves occupying computational resources and bandwidth to suppress services to potential clients. The attack scenario is to massively flood the packets. The attack is called a denial of service (DoS) if the attack originates from a single server, and a distributed denial of service (DDoS) if the attack originates from multiple servers. Control and mitigation of DDoS attacks have been a research goal for many scholars for over a decade, and they have achieved in delivering a few major DDoS detection and protection techniques. In the current state of internet use, how quickly and early a DDoS attack can be detected in broadcasting network transactions remains a key research goal. After the development of a machine learning algorithm, many potential methods of DDoS attack detection have been developed. The work presents the results of various experiments carried out using data mining and machine learning algorithms as well as a combination of these algorithms on the commonly available dataset named CAIDA for TCP SYN flood attack detection. Also, this work analysis the various performance metrics such as false positive rate, precision, recall, F-measure and receiver operating characteristic (ROC) using various machine learning algorithm. One-R(OR) with an ideal FPR value of 0.05 and recall value of 0.95,decision stump(DS) with an ideal precision value of o.93,PART with an excellent F-measure value of 0.91 are some of the performance metric values while performing TCP SYN flood attack detection.

Download Full-text

An Enhanced Deep Autoencoder-based Approach for DDoS Attack Detection

WSEAS TRANSACTIONS ON SYSTEMS AND CONTROL ◽

10.37394/23203.2020.15.72 ◽

2020 ◽

Vol 15 ◽

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

False Positive ◽

Denial Of Service ◽

Attack Detection ◽

Detection Accuracy ◽

Ddos Attack ◽

High Detection ◽

Sparse Autoencoder ◽

Ddos Attack Detection

Intrusion detection systems play a crucial role in preventing security threats and defending networks from attacks. Among the attacks, distributed Denial-of-Service (DDoS) attacks literally get into the network and, in addition, they are terribly troublesome to avoid. With the advent of unknown threats, traditional machine learning approaches are impacted by lower detection rates and higher false-positive rates. As a result, the DDoS detection system requires an over-performing machine learning classifier with minimal false-positive and high detection accuracy. In this context, we propose an Improved Deep Sparse Autoencoder-based Framework (EDSA) for DDoS Attack Detection with a cost minimization strategy. The sparse autoencoder is used for dataset extraction functionality, while the softmax layer is used for traffic classification as malicious or bengin. However, intrusion detection includes the risk elements of inaccurate prediction; hence, we have used research metrics such as accuracy, precision, detection rate and specificity for our model analysis. The proposed solution uses the CICDDoS 2019 datasets and demonstrates high detection accuracy with a much less false positives percentage.

Download Full-text

SMO-RF:A machine learning approach by random forest for predicting class imbalancing followed by SMOTE

Materials Today Proceedings ◽

10.1016/j.matpr.2020.12.891 ◽

2021 ◽

Author(s):

Ankur Goyal ◽

Likhita Rathore ◽

Avinash Sharma

Keyword(s):

Machine Learning ◽

Random Forest ◽

Learning Approach ◽

Machine Learning Approach

Download Full-text

A Deep Learning Approach Combining Autoencoder with One-class SVM for DDoS Attack Detection in SDNs

2020 IEEE Eighth International Conference on Communications and Networking (ComNet) ◽

10.1109/comnet47917.2020.9306073 ◽

2020 ◽

Author(s):

Lotfi Mhamdi ◽

Desmond McLernon ◽

Fadi El-moussa ◽

Syed Ali Raza Zaidi ◽

Mounir Ghogho ◽

...

Keyword(s):

Deep Learning ◽

Attack Detection ◽

Learning Approach ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-021-01957-9 ◽

2021 ◽

Vol 2021 (1) ◽

Author(s):

Shanshan Yu ◽

Jicheng Zhang ◽

Ju Liu ◽

Xiaoqing Zhang ◽

Yafeng Li ◽

...

Keyword(s):

Ensemble Learning ◽

Denial Of Service ◽

Attack Detection ◽

Coarse Grained ◽

Communication Overhead ◽

Detection Scheme ◽

Fine Grained ◽

Ddos Attack ◽

Network Status ◽

Ddos Attack Detection

AbstractIn order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

Download Full-text