scholarly journals Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Sensors ◽  
2020 ◽  
Vol 20 (20) ◽  
pp. 5845
Author(s):  
João Paulo Abreu Maranhão ◽  
João Paulo Carvalho Lustosa da Costa ◽  
Edison Pignaton de Freitas ◽  
Elnaz Javidi ◽  
Rafael Timóteo de Sousa Júnior
Keyword(s):  
Machine Learning ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Denial Of Service ◽  
Attack Detection ◽  
Gradient Boosting ◽  
Distributed Denial Of Service ◽  
Machine Learning Classification ◽  
Ddos Attack

In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.

scholarly journals The Use of Ensemble Models for Multiple Class and Binary Class Classification for Improving Intrusion Detection Systems

Sensors ◽  
2020 ◽  
Vol 20 (9) ◽  
pp. 2559 ◽  
Author(s):  
Celestine Iwendi ◽  
Suleman Khan ◽  
Joseph Henry Anajemba ◽  
Mohit Mittal ◽  
Mamdouh Alenezi ◽  
...  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
False Alarm ◽  
False Alarm Rate ◽  
Detection Rate ◽  
Detection System ◽  
Denial Of Service ◽  
Intrusion Detection Systems ◽  
Ensemble Models ◽  
Detection Systems

The pursuit to spot abnormal behaviors in and out of a network system is what led to a system known as intrusion detection systems for soft computing besides many researchers have applied machine learning around this area. Obviously, a single classifier alone in the classifications seems impossible to control network intruders. This limitation is what led us to perform dimensionality reduction by means of correlation-based feature selection approach (CFS approach) in addition to a refined ensemble model. The paper aims to improve the Intrusion Detection System (IDS) by proposing a CFS + Ensemble Classifiers (Bagging and Adaboost) which has high accuracy, high packet detection rate, and low false alarm rate. Machine Learning Ensemble Models with base classifiers (J48, Random Forest, and Reptree) were built. Binary classification, as well as Multiclass classification for KDD99 and NSLKDD datasets, was done while all the attacks were named as an anomaly and normal traffic. Class labels consisted of five major attacks, namely Denial of Service (DoS), Probe, User-to-Root (U2R), Root to Local attacks (R2L), and Normal class attacks. Results from the experiment showed that our proposed model produces 0 false alarm rate (FAR) and 99.90% detection rate (DR) for the KDD99 dataset, and 0.5% FAR and 98.60% DR for NSLKDD dataset when working with 6 and 13 selected features.

An Enhanced Way of Distributed Denial of Service Attack Detection by Applying Machine Learning Algorithms in Cloud Computing

2020 ◽  
Vol 17 (8) ◽  
pp. 3765-3769
Author(s):  
N. P. Ponnuviji ◽  
M. Vigilson Prem
Keyword(s):  
Machine Learning ◽  
Cloud Computing ◽  
Denial Of Service ◽  
Learning Algorithms ◽  
Attack Detection ◽  
Machine Learning Algorithms ◽  
Distributed Denial Of Service ◽  
Detection Techniques ◽  
Network Bandwidth ◽  
Ddos Attack

Cloud Computing has revolutionized the Information Technology by allowing the users to use variety number of resources in different applications in a less expensive manner. The resources are allocated to access by providing scalability flexible on-demand access in a virtual manner, reduced maintenance with less infrastructure cost. The majority of resources are handled and managed by the organizations over the internet by using different standards and formats of the networking protocols. Various research and statistics have proved that the available and existing technologies are prone to threats and vulnerabilities in the protocols legacy in the form of bugs that pave way for intrusion in different ways by the attackers. The most common among attacks is the Distributed Denial of Service (DDoS) attack. This attack targets the cloud’s performance and cause serious damage to the entire cloud computing environment. In the DDoS attack scenario, the compromised computers are targeted. The attacks are done by transmitting a large number of packets injected with known and unknown bugs to a server. A huge portion of the network bandwidth of the users’ cloud infrastructure is affected by consuming enormous time of their servers. In this paper, we have proposed a DDoS Attack detection scheme based on Random Forest algorithm to mitigate the DDoS threat. This algorithm is used along with the signature detection techniques and generates a decision tree. This helps in the detection of signature attacks for the DDoS flooding attacks. We have also used other machine learning algorithms and analyzed based on the yielded results.

scholarly journals Comparative Study on TCP SYN Flood DDoS Attack Detection: A Machine Learning Algorithm Based Approach

2021 ◽  
Vol 16 ◽  
pp. 584-591
Author(s):  
S. Sumathi ◽  
R. Rajesh
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Denial Of Service ◽  
Attack Detection ◽  
Machine Learning Algorithm ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
Research Goal ◽  
Ddos Attack Detection ◽  
F Measure

A most common attack on the internet network is a Distributed Denial of Service (DDoS) attack, which involves occupying computational resources and bandwidth to suppress services to potential clients. The attack scenario is to massively flood the packets. The attack is called a denial of service (DoS) if the attack originates from a single server, and a distributed denial of service (DDoS) if the attack originates from multiple servers. Control and mitigation of DDoS attacks have been a research goal for many scholars for over a decade, and they have achieved in delivering a few major DDoS detection and protection techniques. In the current state of internet use, how quickly and early a DDoS attack can be detected in broadcasting network transactions remains a key research goal. After the development of a machine learning algorithm, many potential methods of DDoS attack detection have been developed. The work presents the results of various experiments carried out using data mining and machine learning algorithms as well as a combination of these algorithms on the commonly available dataset named CAIDA for TCP SYN flood attack detection. Also, this work analysis the various performance metrics such as false positive rate, precision, recall, F-measure and receiver operating characteristic (ROC) using various machine learning algorithm. One-R(OR) with an ideal FPR value of 0.05 and recall value of 0.95,decision stump(DS) with an ideal precision value of o.93,PART with an excellent F-measure value of 0.91 are some of the performance metric values while performing TCP SYN flood attack detection.

scholarly journals Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

2021 ◽  
Author(s):  
Merlin James Rukshan Dennis
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Statistical Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Learning Approach ◽  
Ddos Attack ◽  
Machine Learning Approach ◽  
Ddos Detection ◽  
Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

Detecting DDoS Attacks on Multiple Network Hosts

2019 ◽  
pp. 121-139 ◽  
Author(s):  
Konstantinos F. Xylogiannopoulos ◽  
Panagiotis Karampelas ◽  
Reda Alhajj
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Detection Methods ◽  
Distributed Denial Of Service ◽  
Secondary Sources ◽  
Ddos Attack ◽  
Timely Fashion ◽  
Multiple Network ◽  
Ddos Attack Detection ◽  
Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals Improving Distributed Denial of Service (DDOS) Detection using Entropy Method in Software Defined Network (SDN)

2017 ◽  
Vol 8 (4) ◽  
pp. 215
Author(s):  
Maman Abdurohman ◽  
Dani Prasetiawan ◽  
Fazmah Arif Yulianto
Keyword(s):  
Denial Of Service ◽  
Entropy Method ◽  
Attack Detection ◽  
New Method ◽  
Sudden Increase ◽  
Software Defined Network ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
Ddos Detection ◽  
Ddos Attack Detection

This research proposed a new method to enhance Distributed Denial of Service (DDoS) detection attack on Software Defined Network (SDN) environment. This research utilized the OpenFlow controller of SDN for DDoS attack detection using modified method and regarding entropy value. The new method would check whether the traffic was a normal traffic or DDoS attack by measuring the randomness of the packets. This method consisted of two steps, detecting attack and checking the entropy. The result shows that the new method can reduce false positive when there is a temporary and sudden increase in normal traffic. The new method succeeds in not detecting this as a DDoS attack. Compared to previous methods, this proposed method can enhance DDoS attack detection on SDN environment.

scholarly journals Detection of illicit cryptomining using network metadata

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Michele Russo ◽  
Nedim Šrndić ◽  
Pavel Laskov
Keyword(s):  
Machine Learning ◽  
Computer Security ◽  
False Alarm ◽  
False Alarm Rate ◽  
Real World ◽  
Detection Rate ◽  
World Systems ◽  
Normal Network ◽  
Compromised Systems ◽  
Security Incidents

AbstractIllicit cryptocurrency mining has become one of the prevalent methods for monetization of computer security incidents. In this attack, victims’ computing resources are abused to mine cryptocurrency for the benefit of attackers. The most popular illicitly mined digital coin is Monero as it provides strong anonymity and is efficiently mined on CPUs.Illicit mining crucially relies on communication between compromised systems and remote mining pools using the de facto standard protocol Stratum. While prior research primarily focused on endpoint-based detection of in-browser mining, in this paper, we address network-based detection of cryptomining malware in general. We propose XMR-Ray, a machine learning detector using novel features based on reconstructing the Stratum protocol from raw NetFlow records. Our detector is trained offline using only mining traffic and does not require privacy-sensitive normal network traffic, which facilitates its adoption and integration.In our experiments, XMR-Ray attained 98.94% detection rate at 0.05% false alarm rate, outperforming the closest competitor. Our evaluation furthermore demonstrates that it reliably detects previously unseen mining pools, is robust against common obfuscation techniques such as encryption and proxies, and is applicable to mining in the browser or by compiled binaries. Finally, by deploying our detector in a large university network, we show its effectiveness in protecting real-world systems.

Sign in / Sign up

Export Citation Format

Share Document