scholarly journals A HMM-R Approach to Detect L-DDoS Attack Adaptively on SDN Controller

2018 ◽  
Vol 10 (9) ◽  
pp. 83 ◽  
Author(s):  
Wentao Wang ◽  
Xuan Ke ◽  
Lingxia Wang
Keyword(s):  
Data Center ◽  
False Positive ◽  
Data Flow ◽  
Denial Of Service ◽  
True Positive ◽  
Ddos Attacks ◽  
Data Center Network ◽  
Data Packets ◽  
Positive Rate ◽  
Sdn Controller

A data center network is vulnerable to suffer from concealed low-rate distributed denial of service (L-DDoS) attacks because its data flow has the characteristics of data flow delay, diversity, and synchronization. Several studies have proposed addressing the detection of L-DDoS attacks, most of them are only detect L-DDoS attacks at a fixed rate. These methods cause low true positive and high false positive in detecting multi-rate L-DDoS attacks. Software defined network (SDN) is a new network architecture that can centrally control the network. We use an SDN controller to collect and analyze data packets entering the data center network and calculate the Renyi entropies base on IP of data packets, and then combine them with the hidden Markov model to get a probability model HMM-R to detect L-DDoS attacks at different rates. Compared with the four common attack detection algorithms (KNN, SVM, SOM, BP), HMM-R is superior to them in terms of the true positive rate, the false positive rate, and the adaptivity.

scholarly journals PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Electronics ◽  
2020 ◽  
Vol 9 (11) ◽  
pp. 1894
Author(s):  
Chun Guo ◽  
Zihua Song ◽  
Yuan Ping ◽  
Guowei Shen ◽  
Yuhei Cui ◽  
...  
Keyword(s):  
False Positive ◽  
Detection Method ◽  
False Positive Rate ◽  
True Positive Rate ◽  
Remote Access ◽  
Detection Methods ◽  
Security Threats ◽  
True Positive ◽  
Trojan Detection ◽  
Positive Rate

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

2017 ◽  
Vol 7 (3) ◽  
pp. 59-75 ◽  
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Data Center ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Design Data ◽  
Application Performance ◽  
Server Virtualization ◽  
Security Officers ◽  
Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

Comparing Single Tier and Three Tier Infrastructure Designs against DDoS Attacks

2021 ◽  
pp. 541-558
Author(s):  
Akashdeep Bhardwaj ◽  
Sam Goundar
Keyword(s):  
Data Center ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Design Data ◽  
Application Performance ◽  
Server Virtualization ◽  
Security Officers ◽  
Cloud Environments

With the rise in cyber-attacks on cloud environments like Brute Force, Malware or Distributed Denial of Service attacks, information security officers and data center administrators have a monumental task on hand. Organizations design data center and service delivery with the aim of catering to maximize device provisioning & availability, improve application performance, ensure better server virtualization and end up securing data centers using security solutions at internet edge protection level. These security solutions prove to be largely inadequate in times of a DDoS cyber-attack. In this paper, traditional data center design is reviewed and compared to the proposed three tier data center. The resilience to withstand against DDoS attacks is measured for Real User Monitoring parameters, compared for the two infrastructure designs and the data is validated using T-Test.

The performance of delta check methods.

1979 ◽  
Vol 25 (12) ◽  
pp. 2034-2037 ◽  
Author(s):  
L B Sheiner ◽  
L A Wheeler ◽  
J K Moore
Keyword(s):  
False Positive ◽  
False Positive Rate ◽  
True Positive Rate ◽  
True Positive ◽  
Discriminant Functions ◽  
Linear Discriminant ◽  
Operating Rate ◽  
Positive Rate ◽  
The Relationship

Abstract The percentage of mislabeled specimens detected (true-positive rate) and the percentage of correctly labeled specimens misidentified (false-positive rate) were computed for three previously proposed delta check methods and two linear discriminant functions. The true-positive rate was computed from a set of pairs of specimens, each having one member replaced by a member from another pair chosen at random. The relationship between true-positive and false-positive rates was similar among the delta check methods tested, indicating equal performance for all of them over the range of false-positive rate of interest. At a practical false-positive operating rate of about 5%, delta check methods detect only about 50% of mislabeled specimens; even if the actual mislabeling rate is moderate (e.g., 1%), only abot 10% of specimens flagged a by a delta check will actually have been mislabeled.

scholarly journals Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)

2018 ◽  
Vol 218 ◽  
pp. 02012 ◽  
Author(s):  
Mohammad A. AL-Adaileh ◽  
Mohammed Anbar ◽  
Yung-Wey Chong ◽  
Ahmed Al-Ani
Keyword(s):  
Statistical Analysis ◽  
Denial Of Service ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Ddos Attacks ◽  
Large Area ◽  
Network Resources ◽  
Network Resource ◽  
High Bandwidth ◽  
Sdn Controller

Software-defined networkings (SDNs) have grown rapidly in recent years be-cause of SDNs are widely used in managing large area networks and securing networks from Distributed Denial of Services (DDoS) attacks. SDNs allow net-works to be monitored and managed through centralized controller. Therefore, SDN controllers are considered as the brain of networks and are considerably vulnerable to DDoS attacks. Thus, SDN controller suffer from several challenges that exhaust network resources. For SDN controller, the main target of DDoS attacks is to prevent legitimate users from using a network resource or receiving their services. Nevertheless, some approaches have been proposed to detect DDoS attacks through the examination of the traffic behavior of networks. How-ever, these approaches take too long to process all incoming packets, thereby leading to high bandwidth consumption and delays in the detection of DDoS at-tacks. In addition, most existing approaches for the detection of DDoS attacks suffer from high positive/negative false rates and low detection accuracy. This study proposes a new approach to detecting DDoS attacks. The approach is called the statistical-based approach for detecting DDoS against the controllers of software-defined networks. The proposed approach is designed to detect the presence of DDoS attacks accurately, reduce false positive/negative flow rates, and minimize the complexity of targeting SDN controllers according to a statistical analysis of packet features. The proposed approach passively captures net-work traffic, filters traffic, and selects the most significant features that contribute to DDoS attack detection. The general stages of the proposed approach are (i) da-ta preprocessing, (ii) statistical analysis, (iii) correlation identification between two vectors, and (iv) rule-based DDoS detection.

scholarly journals Detection of DoS Attacks Using ARFIMA Modeling of GOOSE Communication in IEC 61850 Substations

Energies ◽  
2020 ◽  
Vol 13 (19) ◽  
pp. 5176
Author(s):  
Ghada Elbez ◽  
Hubert B. Keller ◽  
Atul Bohara ◽  
Klara Nahrstedt ◽  
Veit Hagenmeyer
Keyword(s):  
False Positive ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Statistical Hypothesis ◽  
Physical Security ◽  
Dos Attacks ◽  
Iec 61850 ◽  
Detection Delay ◽  
Positive Rate ◽  
Arfima Model

Integration of Information and Communication Technology (ICT) in modern smart grids (SGs) offers many advantages including the use of renewables and an effective way to protect, control and monitor the energy transmission and distribution. To reach an optimal operation of future energy systems, availability, integrity and confidentiality of data should be guaranteed. Research on the cyber-physical security of electrical substations based on IEC 61850 is still at an early stage. In the present work, we first model the network traffic data in electrical substations, then, we present a statistical Anomaly Detection (AD) method to detect Denial of Service (DoS) attacks against the Generic Object Oriented Substation Event (GOOSE) network communication. According to interpretations on the self-similarity and the Long-Range Dependency (LRD) of the data, an Auto-Regressive Fractionally Integrated Moving Average (ARFIMA) model was shown to describe well the GOOSE communication in the substation process network. Based on this ARFIMA-model and in view of cyber-physical security, an effective model-based AD method is developed and analyzed. Two variants of the statistical AD considering statistical hypothesis testing based on the Generalized Likelihood Ratio Test (GLRT) and the cumulative sum (CUSUM) are presented to detect flooding attacks that might affect the availability of the data. Our work presents a novel AD method, with two different variants, tailored to the specific features of the GOOSE traffic in IEC 61850 substations. The statistical AD is capable of detecting anomalies at unknown change times under the realistic assumption of unknown model parameters. The performance of both variants of the AD method is validated and assessed using data collected from a simulation case study. We perform several Monte-Carlo simulations under different noise variances. The detection delay is provided for each detector and it represents the number of discrete time samples after which an anomaly is detected. In fact, our statistical AD method with both variants (CUSUM and GLRT) has around half the false positive rate and a smaller detection delay when compared with two of the closest works found in the literature. Our AD approach based on the GLRT detector has the smallest false positive rate among all considered approaches. Whereas, our AD approach based on the CUSUM test has the lowest false negative rate thus the best detection rate. Depending on the requirements as well as the costs of false alarms or missed anomalies, both variants of our statistical detection method can be used and are further analyzed using composite detection metrics.

scholarly journals MITIGATING SLOW HYPERTEXT TRANSFER PROTOCOL DISTRIBUTED DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORKS

2021 ◽  
Vol 20 (Number 3) ◽  
pp. 277-304
Author(s):  
Oluwatobi Shadrach Akanji ◽  
Opeyemi Aderiike Abisoye ◽  
Mohammed Awwal Iliyasu
Keyword(s):  
Genetic Algorithm ◽  
Support Vector Machine ◽  
Denial Of Service ◽  
Receiver Operating Curve ◽  
Support Vector ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Positive Rate ◽  
Hypertext Transfer Protocol ◽  
Transfer Protocol

Distributed Denial of Service (DDoS) attacks has been one of the persistent forms of attacks on information technology infrastructure connected to public networks due to the ease of access to DDoS attack tools. Researchers have been able to develop several techniques to curb volumetric DDoS which overwhelms the target with a large number of request packets. However, compared to slow DDoS, limited number of research has been executed on mitigating slow DDoS. Attackers have resorted to slow DDoS because it mimics the behaviour of a slow legitimate client thereby causing service unavailability. This paper provides the scholarly community with an approach to boosting service availability in web servers under slow Hypertext Transfer Protocol (HTTP) DDoS attacks through attack detection using Genetic Algorithm and Support Vector Machine which facilitates attack mitigation in a Software-Defined Networking (SDN) environment simulated in GNS3. Genetic algorithm was used to select the Netflow features which indicates the presence of an attack and also determine the appropriate regularization parameter, C, and gamma parameter for the Support Vector Machine classifier. Results obtained showed that the classifier had detection accuracy, Area Under Receiver Operating Curve (AUC), true positive rate, false positive rate and a false negative rate of 99.89%, 99.89%, 99.95%, 0.18%, and 0.05% respectively. Also, the algorithm for subsequent implementation of the selective adaptive bubble burst mitigation mechanism was presented. This study contributes to the ongoing research in detecting and mitigating slow HTTP DDoS attacks with emphasis on the use of machine learning classification and meta-heuristic algorithms.

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

To scan or not to scan: An evaluation of preoperative MRI use in primary breast cancer assessments.

2020 ◽  
Vol 38 (15_suppl) ◽  
pp. e14146-e14146
Author(s):  
Tesia McKenzie ◽  
Davina Matinho ◽  
Olivia Scott ◽  
Arbaz Khan ◽  
Mila Lachica ◽  
...  
Keyword(s):  
Breast Cancer ◽  
Surgical Treatment ◽  
False Positive ◽  
Primary Breast Cancer ◽  
True Positive ◽  
Newly Diagnosed ◽  
Mri Findings ◽  
Positive Rate ◽  
The Impact

e14146 Background: Breast cancer (BC) is the most common invasive cancer in adult females.The role of preoperative MRI in assessing the extent of primary breast cancer remains controversial. This study’s objective is to determine if MRIs performed after the diagnosis of invasive/non-invasive-breast cancer will identify additional breast cancers. We hypothesize that preoperative MRIs will result in the discovery of additional significant lesions, leading to changes in surgical treatment. Methods: A retrospective study of 389 BC patient charts were reviewed, dated from January 2000- July 2019. Files were collected from an office in the Breast Cancer Surgery Department. Information on each patient’s imaging studies, treatment, demographics, surgery, and pathology were collected and stored in anonline cloud system. Summary statistics, including proportions, percentages, and difference of proportion hypothesis tests were utilized to interpret the data. All statistical tests were conducted at a 95% confidence interval. Results: We reviewed the charts of 335 patients that met eligibility criteria. In 221 newly diagnosed cancers, a preoperative MRI was taken before treatment. 127 cancers (57.5%)showed additional finding.In BC patients with additional preoperative MRI findings, we observed 61.4%true positive and 38.6%false positive results. These values are comparable to prior studies.We determined that the treatment plan was altered in 17.6%of all patients who received an MRI and in 30.7%of patients with a true positive MRI finding, which is also consistent with previous literature.A majority of the treatment changes were from Lumpectomy to Mastectomy. Conclusions: Literature on MRI use in BC diagnosis exists; our study differs by focusing on newly diagnosed breast cancers.We discovered 35.3% of preoperative MRIs identified a true additional finding in known breast cancer. In addition, our true positive rate (61.4%) and false positive rate (22.2%) of MRI findings is comparable to those of previous studies. Plans were changed in 30.7% of additional findings supporting the idea that preoperative MRI studies are useful when organizing surgical treatment. Further studies to demonstrate the impact on local recurrence rates and overall survival, may clarify the true role of pre-operative MRI in these cases.

DDoS Detection and Prevention Based on Joint Entropy and Conditional Entropy

2011 ◽  
Vol 474-476 ◽  
pp. 2129-2133
Author(s):  
Yong Hao Gu ◽  
Wei Ming Wu
Keyword(s):  
False Positive ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Conditional Entropy ◽  
High Sensitivity ◽  
Joint Entropy ◽  
Positive Rate ◽  
Single Attribute ◽  
Ddos Detection ◽  
The Stability

Distributed Denial of Service (DDoS) imposes a very serious threat to the stability of the Internet. Compared with many detection approaches, detecting DDoS attacks based on entropy has advantages such as simplicity, high sensitivity and low false positive rate. But the method with single attribute entropy has high false positive rate when detecting attribute forged attacks. This paper presents a detecting method based on joint entropy and a filtering way based on conditional entropy. The efficiency of this scheme is validated with simulation on the research lab network.

Sign in / Sign up

Export Citation Format

Share Document