scholarly journals A Feature Extraction Method for P2P Botnet Detection Using Graphic Symmetry Concept

Symmetry ◽  
2019 ◽  
Vol 11 (3) ◽  
pp. 326 ◽  
Author(s):  
Zhixian Yang ◽  
Buhong Wang
Keyword(s):  
Machine Learning ◽  
Information Entropy ◽  
Feature Detection ◽  
Denial Of Service ◽  
Attack Detection ◽  
Machine Learning Techniques ◽  
Detection Accuracy ◽  
Feature Extraction Method ◽  
Denial Of Service Attack ◽  
Ddos Attack

A DDoS (Distributed Denial of Service) attack makes use of a botnet to launch attacks and cause node congestion of wireless sensor networks, which is a common and serious threat. Due to the various kinds of features required in a Peer-to-Peer (P2P) botnet for DDoS attack detection via current machine learning methods and the failure to effectively detect encrypted botnets, this paper extracts the data packet size and the symmetric intervals in flow according to the concept of graphic symmetry. Combined with flow information entropy and session features, the frequency domain features can be sorted so as to obtain features with better correlations, which solves the problem of multiple types of features required for detection. Information entropy corresponding to the flow size can distinguish an encrypted botnet. This method is implemented through machine learning techniques. Experimental results show that the proposed method can detect the P2P botnet for DDoS attack and the detection accuracy is higher than that of traditional feature detection.

scholarly journals DDoS Attack Detection and Classification using Machine Learning Models with Real-Time Dataset Created

2021 ◽  
Vol 9 (5) ◽  
pp. 145-153
Author(s):  
Harrsheeta Sasikumar
Keyword(s):  
Machine Learning ◽  
Real Time ◽  
Denial Of Service ◽  
Attack Detection ◽  
Machine Learning Algorithms ◽  
Detection Accuracy ◽  
Ddos Attack ◽  
Real Time Traffic ◽  
Server Breakdown ◽  
Networked Devices

Distributed Denial of Service (DDoS) attack is one of the common attack that is predominant in the cyber world. DDoS attack poses a serious threat to the internet users and affects the availability of services to legitimate users. DDOS attack is characterized by the blocking a particular service by paralyzing the victim’s resources so that they cannot be used to legitimate purpose leading to server breakdown. DDoS uses networked devices into remotely controlled bots and generates attack. The proposed system detects the DDoS attack and malware with high detection accuracy using machine learning algorithms. The real time traffic is generated using virtual instances running in a private cloud. The DDoS attack is detected by considering the various SNMP parameters and classifying using machine learning technique like bagging, boosting and ensemble models. Also, the various types of malware on the networked devices are prevent from being used as a bot for DDOS attack generation.

scholarly journals An Enhanced Deep Autoencoder-based Approach for DDoS Attack Detection

2020 ◽  
Vol 15 ◽  
Keyword(s):  
Machine Learning ◽  
Intrusion Detection ◽  
False Positive ◽  
Denial Of Service ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Ddos Attack ◽  
High Detection ◽  
Sparse Autoencoder ◽  
Ddos Attack Detection

Intrusion detection systems play a crucial role in preventing security threats and defending networks from attacks. Among the attacks, distributed Denial-of-Service (DDoS) attacks literally get into the network and, in addition, they are terribly troublesome to avoid. With the advent of unknown threats, traditional machine learning approaches are impacted by lower detection rates and higher false-positive rates. As a result, the DDoS detection system requires an over-performing machine learning classifier with minimal false-positive and high detection accuracy. In this context, we propose an Improved Deep Sparse Autoencoder-based Framework (EDSA) for DDoS Attack Detection with a cost minimization strategy. The sparse autoencoder is used for dataset extraction functionality, while the softmax layer is used for traffic classification as malicious or bengin. However, intrusion detection includes the risk elements of inaccurate prediction; hence, we have used research metrics such as accuracy, precision, detection rate and specificity for our model analysis. The proposed solution uses the CICDDoS 2019 datasets and demonstrates high detection accuracy with a much less false positives percentage.

scholarly journals Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

2021 ◽  
Author(s):  
Merlin James Rukshan Dennis
Keyword(s):  
Machine Learning ◽  
Random Forest ◽  
Statistical Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Learning Approach ◽  
Ddos Attack ◽  
Machine Learning Approach ◽  
Ddos Detection ◽  
Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

An Enhanced Way of Distributed Denial of Service Attack Detection by Applying Machine Learning Algorithms in Cloud Computing

2020 ◽  
Vol 17 (8) ◽  
pp. 3765-3769
Author(s):  
N. P. Ponnuviji ◽  
M. Vigilson Prem
Keyword(s):  
Machine Learning ◽  
Cloud Computing ◽  
Denial Of Service ◽  
Learning Algorithms ◽  
Attack Detection ◽  
Machine Learning Algorithms ◽  
Distributed Denial Of Service ◽  
Detection Techniques ◽  
Network Bandwidth ◽  
Ddos Attack

Cloud Computing has revolutionized the Information Technology by allowing the users to use variety number of resources in different applications in a less expensive manner. The resources are allocated to access by providing scalability flexible on-demand access in a virtual manner, reduced maintenance with less infrastructure cost. The majority of resources are handled and managed by the organizations over the internet by using different standards and formats of the networking protocols. Various research and statistics have proved that the available and existing technologies are prone to threats and vulnerabilities in the protocols legacy in the form of bugs that pave way for intrusion in different ways by the attackers. The most common among attacks is the Distributed Denial of Service (DDoS) attack. This attack targets the cloud’s performance and cause serious damage to the entire cloud computing environment. In the DDoS attack scenario, the compromised computers are targeted. The attacks are done by transmitting a large number of packets injected with known and unknown bugs to a server. A huge portion of the network bandwidth of the users’ cloud infrastructure is affected by consuming enormous time of their servers. In this paper, we have proposed a DDoS Attack detection scheme based on Random Forest algorithm to mitigate the DDoS threat. This algorithm is used along with the signature detection techniques and generates a decision tree. This helps in the detection of signature attacks for the DDoS flooding attacks. We have also used other machine learning algorithms and analyzed based on the yielded results.

scholarly journals RT-SAD: Real-Time Sketch-Based Adaptive DDoS Detection for ISP Network

2021 ◽  
Vol 2021 ◽  
pp. 1-10
Author(s):  
Haibin Shi ◽  
Guang Cheng ◽  
Ying Hu ◽  
Fuzhou Wang ◽  
Haoxuan Ding
Keyword(s):  
Real Time ◽  
High Speed ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Network Environment ◽  
The Real ◽  
Feature Extraction Method ◽  
Ddos Attack ◽  
High Speed Network ◽  
Ddos Attack Detection

With the great changes in network scale and network topology, the difficulty of DDoS attack detection increases significantly. Most of the methods proposed in the past rarely considered the real-time, adaptive ability, and other practical issues in the real-world network attack detection environment. In this paper, we proposed a real-time adaptive DDoS attack detection method RT-SAD, based on the response to the external network when attacked. We designed a feature extraction method based on sketch and an adaptive updating algorithm, which makes the method suitable for the high-speed network environment. Experiment results show that our method can detect DDoS attacks using sampled Netflowunder high-speed network environment, with good real-time performance, low resource consumption, and high detection accuracy.

scholarly journals A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression

Proceedings ◽  
2020 ◽  
Vol 63 (1) ◽  
pp. 51
Author(s):  
Swathi Sambangi ◽  
Lakshmeeswari Gondi
Keyword(s):  
Machine Learning ◽  
Denial Of Service ◽  
Classification Problem ◽  
Attack Detection ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Multiple Sources ◽  
Denial Of Service Attack ◽  
Network Bandwidth

The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.

scholarly journals Comparative Study on TCP SYN Flood DDoS Attack Detection: A Machine Learning Algorithm Based Approach

2021 ◽  
Vol 16 ◽  
pp. 584-591
Author(s):  
S. Sumathi ◽  
R. Rajesh
Keyword(s):  
Machine Learning ◽  
Learning Algorithm ◽  
Denial Of Service ◽  
Attack Detection ◽  
Machine Learning Algorithm ◽  
Distributed Denial Of Service ◽  
Ddos Attack ◽  
Research Goal ◽  
Ddos Attack Detection ◽  
F Measure

A most common attack on the internet network is a Distributed Denial of Service (DDoS) attack, which involves occupying computational resources and bandwidth to suppress services to potential clients. The attack scenario is to massively flood the packets. The attack is called a denial of service (DoS) if the attack originates from a single server, and a distributed denial of service (DDoS) if the attack originates from multiple servers. Control and mitigation of DDoS attacks have been a research goal for many scholars for over a decade, and they have achieved in delivering a few major DDoS detection and protection techniques. In the current state of internet use, how quickly and early a DDoS attack can be detected in broadcasting network transactions remains a key research goal. After the development of a machine learning algorithm, many potential methods of DDoS attack detection have been developed. The work presents the results of various experiments carried out using data mining and machine learning algorithms as well as a combination of these algorithms on the commonly available dataset named CAIDA for TCP SYN flood attack detection. Also, this work analysis the various performance metrics such as false positive rate, precision, recall, F-measure and receiver operating characteristic (ROC) using various machine learning algorithm. One-R(OR) with an ideal FPR value of 0.05 and recall value of 0.95,decision stump(DS) with an ideal precision value of o.93,PART with an excellent F-measure value of 0.91 are some of the performance metric values while performing TCP SYN flood attack detection.

Sign in / Sign up

Export Citation Format

Share Document