Anomaly-Based Method for Detecting Multiple Classes of Network Attacks

The article discusses the problem of detecting network attacks on a web server. The attention is focused on two common types of attacks: “denial of service” and “code injection”. A review and an analysis of various attack detection techniques are conducted. A new lightweight approach to detect attacks as anomalies is proposed. It is based on recognition of the dynamic response of the web server during requests processing. An autoencoder is implemented for dynamic response anomaly recognition. A case study with the MyBB web server is described. Several flood attacks and SQL injection attack are modeled and successfully detected by the proposed method. The efficiency of the detection algorithm is evaluated, and the advantages and disadvantages of the proposed approach are analyzed.

Download Full-text

Automated Detection of SQL Injection Attack on Blockchain-Based Database

Advances in Library and Information Science - Handbook of Research on Library Response to the COVID-19 Pandemic ◽

10.4018/978-1-7998-6449-3.ch017 ◽

2021 ◽

pp. 321-341

Author(s):

Keshav Sinha ◽

Amit Kumar Keshari

Keyword(s):

Network Analysis ◽

Denial Of Service ◽

Automated Detection ◽

Distributed Environment ◽

Sql Injection ◽

Insider Attack ◽

Challenging Tasks ◽

Sql Injection Attack ◽

The Web

In the era of computing, where the data are stored in a cloud or distributed environment, the privacy of data is one of the challenging tasks. The attacks like denial of service attacks (DoS), insider attack compromised the security of the system. In this chapter, the authors discussed a blockchain-based database, where data are encrypted and stored. The Web API is used as an interface for the storage and sharing of data in the blockchain system. There are several types of attacks that are performed by the adversary on the database to destroy the vulnerability of the system. Here, the authors are mainly focused on the SQL injection attack which is performed by the adversary on Web API. To cope with this problem, they present the case study based on the Snort and Moloch for automated detection of SQL attack, network analysis, and testing of the system.

Download Full-text

An Enhanced Way of Distributed Denial of Service Attack Detection by Applying Machine Learning Algorithms in Cloud Computing

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.9317 ◽

2020 ◽

Vol 17 (8) ◽

pp. 3765-3769

Author(s):

N. P. Ponnuviji ◽

M. Vigilson Prem

Keyword(s):

Machine Learning ◽

Cloud Computing ◽

Denial Of Service ◽

Learning Algorithms ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Distributed Denial Of Service ◽

Detection Techniques ◽

Network Bandwidth ◽

Ddos Attack

Cloud Computing has revolutionized the Information Technology by allowing the users to use variety number of resources in different applications in a less expensive manner. The resources are allocated to access by providing scalability flexible on-demand access in a virtual manner, reduced maintenance with less infrastructure cost. The majority of resources are handled and managed by the organizations over the internet by using different standards and formats of the networking protocols. Various research and statistics have proved that the available and existing technologies are prone to threats and vulnerabilities in the protocols legacy in the form of bugs that pave way for intrusion in different ways by the attackers. The most common among attacks is the Distributed Denial of Service (DDoS) attack. This attack targets the cloud’s performance and cause serious damage to the entire cloud computing environment. In the DDoS attack scenario, the compromised computers are targeted. The attacks are done by transmitting a large number of packets injected with known and unknown bugs to a server. A huge portion of the network bandwidth of the users’ cloud infrastructure is affected by consuming enormous time of their servers. In this paper, we have proposed a DDoS Attack detection scheme based on Random Forest algorithm to mitigate the DDoS threat. This algorithm is used along with the signature detection techniques and generates a decision tree. This helps in the detection of signature attacks for the DDoS flooding attacks. We have also used other machine learning algorithms and analyzed based on the yielded results.

Download Full-text

A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning

Journal of Electrical and Computer Engineering ◽

10.1155/2017/4975343 ◽

2017 ◽

Vol 2017 ◽

pp. 1-9 ◽

Cited By ~ 14

Author(s):

Bin Jia ◽

Xiaohong Huang ◽

Rujun Liu ◽

Yan Ma

Keyword(s):

Ensemble Learning ◽

Detection Method ◽

Detection System ◽

Detection Algorithm ◽

Attack Detection ◽

True Negative ◽

Detection Techniques ◽

Ddos Attack ◽

Accuracy And Precision ◽

Ddos Attack Detection

The explosive growth of network traffic and its multitype on Internet have brought new and severe challenges to DDoS attack detection. To get the higher True Negative Rate (TNR), accuracy, and precision and to guarantee the robustness, stability, and universality of detection system, in this paper, we propose a DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning and design a heuristic detection algorithm based on Singular Value Decomposition (SVD) to construct our detection system. Experimental results show that our detection method is excellent in TNR, accuracy, and precision. Therefore, our algorithm has good detective performance for DDoS attack. Through the comparisons with Random Forest, k-Nearest Neighbor (k-NN), and Bagging comprising the component classifiers when the three algorithms are used alone by SVD and by un-SVD, it is shown that our model is superior to the state-of-the-art attack detection techniques in system generalization ability, detection stability, and overall detection performance.

Download Full-text

A Classification Detection Algorithm Based on Joint Entropy Vector against Application-Layer DDoS Attack

Security and Communication Networks ◽

10.1155/2018/9463653 ◽

2018 ◽

Vol 2018 ◽

pp. 1-8 ◽

Cited By ~ 5

Author(s):

Yuntao Zhao ◽

Wenbo Zhang ◽

Yongxin Feng ◽

Bo Yu

Keyword(s):

Denial Of Service ◽

Detection Algorithm ◽

Attack Detection ◽

Training Data ◽

Joint Entropy ◽

Application Layer ◽

Accurate Identification ◽

Data Set ◽

Ddos Attack ◽

The Web

The application-layer distributed denial of service (AL-DDoS) attack makes a great threat against cyberspace security. The attack detection is an important part of the security protection, which provides effective support for defense system through the rapid and accurate identification of attacks. According to the attacker’s different URL of the Web service, the AL-DDoS attack is divided into three categories, including a random URL attack and a fixed and a traverse one. In order to realize identification of attacks, a mapping matrix of the joint entropy vector is constructed. By defining and computing the value of EUPI and jEIPU, a visual coordinate discrimination diagram of entropy vector is proposed, which also realizes data dimension reduction from N to two. In terms of boundary discrimination and the region where the entropy vectors fall in, the class of AL-DDoS attack can be distinguished. Through the study of training data set and classification, the results show that the novel algorithm can effectively distinguish the web server DDoS attack from normal burst traffic.

Download Full-text

Denial-of-service attack-detection techniques

IEEE Internet Computing ◽

10.1109/mic.2006.5 ◽

2006 ◽

Vol 10 (1) ◽

pp. 82-89 ◽

Cited By ~ 200

Author(s):

G. Carl ◽

G. Kesidis ◽

R.R. Brooks ◽

Suresh Rai

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Detection Techniques ◽

Denial Of Service Attack ◽

Service Attack

Download Full-text

PERFORMANCE ANALYSIS OF AGENT BASED DISTRIBUTED DEFENSE MECHANISMS AGAINST DDOS ATTACKS

International Journal of Computing ◽

10.47839/ijc.17.1.945 ◽

2018 ◽

pp. 15-24 ◽

Cited By ~ 1

Author(s):

Karanbir Singh ◽

Kanwalvir Singh Dhindsa ◽

Bharat Bhushan

Keyword(s):

Defense Mechanisms ◽

Denial Of Service ◽

Detection Algorithm ◽

Attack Detection ◽

Ddos Attacks ◽

Defense System ◽

Internet Service ◽

Agent Based ◽

Related Information ◽

Edge Router

The current internet infrastructure is susceptible to distributed denial of service (DDoS) attacks and has no built in mechanism to defend against them. The research on these kinds of attacks and their defense is significant for the security and reliability of the internet. We have already proposed a collaborative agent based distributed DDoS defense scheme which detect and prevents against DDoS attacks in ISP (Internet Service Provider) boundaries. The actual task of defense is carried out by agents and coordinators in each ISP. The defense system works by inspecting incoming traffic on edge router and identify the happening of DDoS attacks. The agent’s implements an entropy-threshold based detection algorithm. The coordinators share attack related information with neighboring ISPs in order to achieve distributed defense. The performance of defense system is evaluated on the basis of some identified metrics. The effectiveness of the defense system is evaluated in the presence and absence of defense system. The result indicates that the proposed defense system does accurate attack detection with very few false positives and false negatives.

Download Full-text

Analisis Perbandingan Kinerja Snort Dan Suricata Sebagai Intrusion Detection System Dalam Mendeteksi Serangan Syn Flood Pada Web Server Apache

Respati ◽

10.35842/jtir.v15i2.343 ◽

2020 ◽

Vol 15 (2) ◽

pp. 6

Author(s):

Lukman Lukman ◽

Melati Suci

Keyword(s):

Network Security ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Detection System ◽

Denial Of Service ◽

Web Server ◽

Attack Detection ◽

Web Servers ◽

Server Software ◽

The Web

INTISARIKeamanan jaringan pada web server merupakan bagian yang paling penting untuk menjamin integritas dan layanan bagi pengguna. Web server sering kali menjadi target serangan yang mengakibatkan kerusakan data. Salah satunya serangan SYN Flood merupakan jenis serangan Denial of Service (DOS) yang memberikan permintaan SYN secara besar-besaran kepada web server.Untuk memperkuat keamanan jaringan web server penerapan Intrusion Detection System (IDS) digunakan untuk mendeteksi serangan, memantau dan menganalisa serangan pada web server. Software IDS yang sering digunakan yaitu IDS Snort dan IDS Suricata yang memiliki kelebihan dan kekurangannya masing-masing. Tujuan penelitian kali ini untuk membandingkan kedua IDS menggunakan sistem operasi linux dengan pengujian serangan menggunakan SYN Flood yang akan menyerang web server kemudian IDS Snort dan Suricata yang telah terpasang pada web server akan memberikan peringatan jika terjadi serangan. Dalam menentukan hasil perbandingan, digunakan parameter-parameter yang akan menjadi acuan yaitu jumlah serangan yang terdeteksi dan efektivitas deteksi serangan dari kedua IDS tersebut.Kata kunci: Keamanan jaringan, Web Server, IDS, SYN Flood, Snort, Suricata. ABSTRACTNetwork security on the web server is the most important part to guarantee the integrity and service for users. Web servers are often the target of attacks that result in data damage. One of them is the SYN Flood attack which is a type of Denial of Service (DOS) attack that gives a massive SYN request to the web server.To strengthen web server network security, the application of Intrusion Detection System (IDS) is used to detect attacks, monitor and analyze attacks on web servers. IDS software that is often used is IDS Snort and IDS Suricata which have their respective advantages and disadvantages.The purpose of this study is to compare the two IDS using the Linux operating system with testing the attack using SYN Flood which will attack the web server then IDS Snort and Suricata that have been installed on the web server will give a warning if an attack occurs. In determining the results of the comparison, the parameters used will be the reference, namely the number of attacks detected and the effectiveness of attack detection from the two IDS.Keywords: Network Security, Web Server, IDS, SYN Flood, Snort, Suricata.

Download Full-text

Implementation of Machine Learning Algorithms on CICIDS-2017 Dataset for Intrusion Detection Using WEKA

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.c4587.098319 ◽

2019 ◽

Vol 8 (3) ◽

pp. 2195-2207 ◽

Cited By ~ 1

Keyword(s):

Intrusion Detection ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Classification Algorithms ◽

Brute Force ◽

Detection Techniques ◽

Detection Systems ◽

Brute Force Attack ◽

Feature Selection Techniques

For protecting and securing the network, with Intrusion Detection Systems through hidden intrusion has become a popular and important issue in the network security domain. Detection of attacks is the first step to secure any system. In this paper, the main focus is on seven different attacks, including Brute Force attack, Heartbleed/Denial-of-service (DoS), Web Attack, Infiltration, Botnet, Port Scan and Distributed Denial of Service (DDoS). We rely on features derived from CICIDS-2017 Dataset for these attacks. By using various subset based feature selection techniques performance of attack has been identified for many features. Using these techniques, it has been determined the appropriate group of attributes for finding every attack with related classification algorithms. Simulations of these techniques present that unwanted feature can be removed from attack detection techniques and find the most valuable set of attributes for a definite classification algorithm with discretization and without discretization, which improve the performance of IDS.

Download Full-text

Distributed Denial of Service Attack Detection Techniques for Mobile Ad Hoc Networks

International Journal of Computer Sciences and Engineering ◽

10.26438/ijcse/v6i8.907914 ◽

2018 ◽

Vol 6 (8) ◽

pp. 907-914

Author(s):

A. Chaudhary ◽

G. Shrimal ◽

R. Rautela

Keyword(s):

Mobile Ad Hoc Networks ◽

Ad Hoc ◽

Denial Of Service ◽

Attack Detection ◽

Distributed Denial Of Service ◽

Detection Techniques ◽

Denial Of Service Attack ◽

Service Attack ◽

Mobile Ad Hoc ◽

Hoc Networks

Download Full-text

Defensive Mechanism Against DDoS Attack to Preserve Resource Availability for IoT Applications

International Journal of Handheld Computing Research ◽

10.4018/ijhcr.2017100104 ◽

2017 ◽

Vol 8 (4) ◽

pp. 40-51

Author(s):

Manimaran Aridoss

Keyword(s):

Virtual Machines ◽

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Ddos Attacks ◽

Detection Techniques ◽

Iot Applications ◽

Cloud Server ◽

The Status ◽

Defensive Mechanism

The major challenge of Internet of Things (IoT) generated data is its hypervisor level vulnerabilities. Malicious VM deployment and termination are so simple due to its multitenant shared nature and distributed elastic cloud features. These features enable the attackers to launch Distributed Denial of Service attacks to degrade cloud server performance. Attack detection techniques are applied to the VMs that are used by malicious tenants to hold the cloud resources by launching DDoS attacks at data center subnets. Traditional dataflow-based attack detection methods rely on the similarities of incoming requests which consist of IP and TCP header information flows. The proposed approach classifies the status patterns of malicious VMs and ideal VMs to identify the attackers. In this article, information theory is used to calculate the entropy value of the malicious virtual machines for detecting attack behaviors. Experimental results prove that the proposed system works well against DDoS attacks in IoT applications.

Download Full-text