scholarly journals DDosTC: A Transformer-Based Network Attack Detection Hybrid Mechanism in SDN

Sensors ◽  
2021 ◽  
Vol 21 (15) ◽  
pp. 5047
Author(s):  
Haomin Wang ◽  
Wei Li
Keyword(s):  
Neural Network ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Attack Detection ◽  
Target System ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Optimal Model ◽  
Network Attack ◽  
Average Accuracy

Software-defined networking (SDN) has emerged in recent years as a form of Internet architecture. Its scalability, dynamics, and programmability simplify the traditional Internet structure. This architecture realizes centralized management by separating the control plane and the data-forwarding plane of the network. However, due to this feature, SDN is more vulnerable to attacks than traditional networks and can cause the entire network to collapse. DDoS attacks, also known as distributed denial-of-service attacks, are the most aggressive of all attacks. These attacks generate many packets (or requests) and ultimately overwhelm the target system, causing it to crash. In this article, we designed a hybrid neural network DDosTC structure, combining efficient and scalable transformers and a convolutional neural network (CNN) to detect distributed denial-of-service (DDoS) attacks on SDN, tested on the latest dataset, CICDDoS2019. For better verification, several experiments were conducted by dividing the dataset and comparisons were made with the latest deep learning detection algorithm applied in the field of DDoS intrusion detection. The experimental results show that the average AUC of DDosTC is 2.52% higher than the current optimal model and that DDosTC is more successful than the current optimal model in terms of average accuracy, average recall, and F1 score.

scholarly journals A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

2019 ◽  
Vol 9 (21) ◽  
pp. 4633 ◽  
Author(s):  
Jian Zhang ◽  
Qidi Liang ◽  
Rui Jiang ◽  
Xi Li
Keyword(s):  
Success Rate ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Feature Analysis ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Detection Capability ◽  
Ddos Attack ◽  
Attack Mitigation ◽  
Multiple Attack

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals ADAPTIVE ENTROPY-BASED DETECTION AND MITIGATION OF DDOS ATTACKS IN SOFTWARE DEFINED NETWORKS

2020 ◽  
pp. 399-410
Author(s):  
Jawad Dalou' ◽  
Basheer Al-Duwairi ◽  
Mohammad Al-Jarrah
Keyword(s):  
Denial Of Service ◽  
Attack Detection ◽  
Point Of View ◽  
Software Defined Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Control Plane ◽  
Data Plane ◽  
And Control ◽  
Sdn Controller

Software Defined Networking (SDN) has emerged as a new networking paradigm that is based on the decoupling between data plane and control plane providing several benefits that include flexible, manageable, and centrally controlled networks. From a security point of view, SDNs suffer from several vulnerabilities that are associated with the nature of communication between control plane and data plane. In this context, software defined networks are vulnerable to distributed denial of service attacks. In particular, the centralization of the SDN controller makes it an attractive target for these attacks because overloading the controller with huge packet volume would result in bringing the whole network down or degrade its performance. Moreover, DDoS attacks may have the objective of flooding a network segment with huge traffic volume targeting single or multiple end systems. In this paper, we propose an entropy-based mechanism for Distributed Denial of Service (DDoS) attack detection and mitigation in SDN networks. The proposed mechanism is based on the entropy values of source and destination IP addresses of flows observed by the SDN controller which are compared to a preset entropy threshold values that change in adaptive manner based on network dynamics. The proposed mechanism has been evaluated through extensive simulation experiments.

DeepDetect: Detection of Distributed Denial of Service Attacks Using Deep Learning

2019 ◽  
Vol 63 (7) ◽  
pp. 983-994 ◽  
Author(s):  
Muhammad Asad ◽  
Muhammad Asim ◽  
Talha Javed ◽  
Mirza O Beg ◽  
Hasan Mujtaba ◽  
...  
Keyword(s):  
Neural Network ◽  
Network Architecture ◽  
Denial Of Service ◽  
Smart Devices ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Tangible Computing ◽  
Network Bandwidth ◽  
Feed Forward Back Propagation

Abstract At the advent of advanced wireless technology and contemporary computing paradigms, Distributed Denial of Service (DDoS) attacks on Web-based services have not only increased exponentially in number, but also in the degree of sophistication; hence the need for detecting these attacks within the ocean of communication packets is extremely important. DDoS attacks were initially projected toward the network and transport layers. Over the years, attackers have shifted their offensive strategies toward the application layer. The application layer attacks are potentially more detrimental and stealthier because of the attack traffic and the benign traffic flows being indistinguishable. The distributed nature of these attacks is difficult to combat as they may affect tangible computing resources apart from network bandwidth consumption. In addition, smart devices connected to the Internet can be infected and used as botnets to launch DDoS attacks. In this paper, we propose a novel deep neural network-based detection mechanism that uses feed-forward back-propagation for accurately discovering multiple application layer DDoS attacks. The proposed neural network architecture can identify and use the most relevant high level features of packet flows with an accuracy of 98% on the state-of-the-art dataset containing various forms of DDoS attacks.

scholarly journals A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression

Proceedings ◽  
2020 ◽  
Vol 63 (1) ◽  
pp. 51
Author(s):  
Swathi Sambangi ◽  
Lakshmeeswari Gondi
Keyword(s):  
Machine Learning ◽  
Denial Of Service ◽  
Classification Problem ◽  
Attack Detection ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Multiple Sources ◽  
Denial Of Service Attack ◽  
Network Bandwidth

The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.

scholarly journals PERFORMANCE ANALYSIS OF AGENT BASED DISTRIBUTED DEFENSE MECHANISMS AGAINST DDOS ATTACKS

2018 ◽  
pp. 15-24 ◽  
Author(s):  
Karanbir Singh ◽  
Kanwalvir Singh Dhindsa ◽  
Bharat Bhushan
Keyword(s):  
Defense Mechanisms ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Defense System ◽  
Internet Service ◽  
Agent Based ◽  
Related Information ◽  
Edge Router

The current internet infrastructure is susceptible to distributed denial of service (DDoS) attacks and has no built in mechanism to defend against them. The research on these kinds of attacks and their defense is significant for the security and reliability of the internet. We have already proposed a collaborative agent based distributed DDoS defense scheme which detect and prevents against DDoS attacks in ISP (Internet Service Provider) boundaries. The actual task of defense is carried out by agents and coordinators in each ISP. The defense system works by inspecting incoming traffic on edge router and identify the happening of DDoS attacks. The agent’s implements an entropy-threshold based detection algorithm. The coordinators share attack related information with neighboring ISPs in order to achieve distributed defense. The performance of defense system is evaluated on the basis of some identified metrics. The effectiveness of the defense system is evaluated in the presence and absence of defense system. The result indicates that the proposed defense system does accurate attack detection with very few false positives and false negatives.

scholarly journals Decision Tree and Neural Network Based Hybrid Algorithm for Detecting and Preventing Ddos Attacks in VANETS

2020 ◽  
Vol 9 (5) ◽  
pp. 669-675
Keyword(s):  
Neural Network ◽  
Decision Tree ◽  
Traffic Management ◽  
Hybrid Algorithm ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Ddos Attack ◽  
Different Types

The demand of Vehicular Adhoc Networks (VANETs) has been increasing in the area of vehicular and infrastructure communications. It has been felt that there is requirement of sharing of critical information related to safety and traffic management among different types of vehicles in a secure way. To ensure the smooth operation of the network, the availability of network resources is needed. The presence of either malicious vehicles or inaccessibility of network services makes VANET easy target for denial of service (DoS) attacks. The sole purpose of DoS attacks is to prevent the intended users from accessing the available resources and services. When the DoS attack is carried out by multiple vehicles distributed throughout the network, it is referred as Distributed DoS (DDoS) attack. The DDoS attacks are very dangerous and hard to be addressed in real time. The machine learning based DDoS attack detection algorithms have been proposed and presented by the research community in literature. In this paper, a hybrid algorithm of Decision Tree and Neural Network is presented for detecting and preventing different types of DDoS attacks in VANETs with highly efficient results. The simulation based experiments are carried out in order to evaluate and compare the performance of proposed hybrid algorithm with respect to different performance parameters. Based on experiments results, it has been found that the performance of hybrid algorithm has been increased significantly.

Neural Network-Based Approach for Detection and Mitigation of DDoS Attacks in SDN Environments

2020 ◽  
Vol 14 (3) ◽  
pp. 50-71
Author(s):  
Oussama Hannache ◽  
Mohamed Chaouki Batouche
Keyword(s):  
Neural Network ◽  
Performance Metrics ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Analysis Method ◽  
Organizational Network ◽  
Ddos Attack ◽  
Data Plane ◽  
Ddos Detection

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.

scholarly journals DDOS ATTACK DETECTION AND MITIGATION AT SDN ENVIROMENT

2021 ◽  
Vol 4 (1) ◽  
pp. 1-9
Author(s):  
Huda S. Abdulkarem ◽  
Ammar D. Alethawy
Keyword(s):  
Network Performance ◽  
Denial Of Service ◽  
Attack Detection ◽  
Normal Operation ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Negative Effects ◽  
Network Infrastructure ◽  
Ddos Attack ◽  
Negative Impacts

Abstract- Software-Defined Networking (SDN) is a promising sample that allows the programming behind the network’s operation with some abstraction level from the underlying networking devices .the insistence to detect and mitigate Distributed Denial of Service (DDoS) which introduced by network devices tries to discover network security weaknesses and the negative effects of some types of Distributed Denial of Service (DDoS) attacks. An SDN-based generic solution to mitigate DDoS attacks when and where they originate. Briefly, it compares at runtime the expected trend of normal traffic against the trend of abnormal traffic; if big deviation on the traffic trend is detected, then an event is created; as an event associated to a DDoS attack is produced, an SDN (OpenDayLight) controller creates flow rules for blocking the malign traffic, By designing and implementing an application that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. The evaluation results suggest that the proposal timely detect the characteristics of a flooding DDoS attacks, and mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. The work sheds light on the programming relevance over an abstracted view of the network infrastructure.

scholarly journals Multischeme feedforward artificial neural network architecture for DDoS attack detection

2021 ◽  
Vol 10 (1) ◽  
pp. 458-465
Author(s):  
Arif Wirawan Muhammad ◽  
Cik Feresa Mohd Foozy ◽  
Kamaruddin Malik bin Mohammed
Keyword(s):  
Neural Network ◽  
Artificial Neural Network ◽  
Network Architecture ◽  
Denial Of Service ◽  
Data Packet ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Neural Network Architecture ◽  
Quasi Newton

Distributed denial of service attack classified as a structured attack to deplete server, sourced from various bot computers to form a massive data flow. Distributed denial of service (DDoS) data flows behave as regular data packet flows, so it is challenging to distinguish between the two. Data packet classification to detect DDoS attacks is one solution to prevent DDoS attacks and to maintain server resources maintained. The machine learning method especially artificial neural network (ANN), is one of the effective ways to detect the flow of data packets in a computer network. Based on the research that has carried out, it concluded that ANN with hidden layer architecture that contains neuron twice as neuron on the input layer (2n) produces a stable detection accuracy value on Quasi-Newton, Scaled-Conjugate and Resilient-Propagation training functions. Based on the studies conducted, it concluded that ANN Architecture sufficiently affected the Scaled-Conjugate and Resilient-Propagation training functions, otherwise the Quasi-Newton training function. The best detection accuracy achieved from the experiment is 99.60%, 1.000 recall, 0.988 precision, and 0.993 f-measure using the Quasi-Newton training function with 6-(12)-2 neural network architecture.

Sign in / Sign up

Export Citation Format

Share Document