scholarly journals Identifying the Attack Sources of Botnets for a Renewable Energy Management System by Using a Revised Locust Swarm Optimisation Scheme

Symmetry ◽  
2021 ◽  
Vol 13 (7) ◽  
pp. 1295
Author(s):  
Hsiao-Chung Lin ◽  
Ping Wang ◽  
Wen-Hui Lin ◽  
Kuo-Ming Chao ◽  
Zong-Yu Yang
Keyword(s):  
Denial Of Service ◽  
High Volume ◽  
Pso Algorithm ◽  
Ddos Attacks ◽  
Multiple Sources ◽  
Local Optima ◽  
Average Accuracy ◽  
Analysis Scheme ◽  
Traceability Analysis ◽  
Attack Path

Distributed denial of service (DDoS) attacks often use botnets to generate a high volume of packets and adopt controlled zombies for flooding a victim’s network over the Internet. Analysing the multiple sources of DDoS attacks typically involves reconstructing attack paths between the victim and attackers by using Internet protocol traceback (IPTBK) schemes. In general, traditional route-searching algorithms, such as particle swarm optimisation (PSO), have a high convergence speed for IPTBK, but easily fall into the local optima. This paper proposes an IPTBK analysis scheme for multimodal optimisation problems by applying a revised locust swarm optimisation (LSO) algorithm to the reconstructed attack path in order to identify the most probable attack paths. For evaluating the effectiveness of the DDoS control centres, networks with a topology size of 32 and 64 nodes were simulated using the ns-3 tool. The average accuracy of the LS-PSO algorithm reached 97.06 for the effects of dynamic traffic in two experimental networks (number of nodes = 32 and 64). Compared with traditional PSO algorithms, the revised LSO algorithm exhibited a superior searching performance in multimodal optimisation problems and increased the accuracy in traceability analysis for IPTBK problems.

scholarly journals A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression

Proceedings ◽  
2020 ◽  
Vol 63 (1) ◽  
pp. 51
Author(s):  
Swathi Sambangi ◽  
Lakshmeeswari Gondi
Keyword(s):  
Machine Learning ◽  
Denial Of Service ◽  
Classification Problem ◽  
Attack Detection ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Multiple Sources ◽  
Denial Of Service Attack ◽  
Network Bandwidth

The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.

scholarly journals Survey on Packet Marking Algorithms for IP Traceback

2017 ◽  
Vol 10 (2) ◽  
pp. 507-512
Author(s):  
Y Bhavani ◽  
V. Janaki ◽  
R. Sridevi
Keyword(s):  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Ip Traceback ◽  
Ddos Attack ◽  
Ip Spoofing ◽  
Attack Path ◽  
Packet Marking

Distributed Denial of Service (DDoS) attack is an unavoidable attack. Among various attacks on the network, DDoS attacks are difficult to detect because of IP spoofing. The IP traceback is the only technique to identify DDoS attacks. The path affected by DDoS attack is identified by IP traceback approaches like Probabilistic Packet marking algorithm (PPM) and Deterministic Packet Marking algorithm (DPM). The PPM approach finds the complete attack path from victim to the source where as DPM finds only the source of the attacker. Using DPM algorithm finding the source of the attacker is difficult, if the router get compromised. Using PPM algorithm we construct the complete attack path, so the compromised router can be identified. In this paper, we review PPM and DPM techniques and compare the strengths and weaknesses of each proposal.

IP Traceback using Flow Based Classification

2020 ◽  
Vol 13 (3) ◽  
pp. 482-490
Author(s):  
Yerram Bhavani ◽  
Vinjamuri Janaki ◽  
Rangu Sridevi
Keyword(s):  
Chinese Remainder Theorem ◽  
Denial Of Service ◽  
False Positives ◽  
Ddos Attacks ◽  
False Negatives ◽  
Ip Address ◽  
Attack Graph ◽  
Ip Traceback ◽  
Ip Addresses ◽  
Attack Path

Background:Distributed Denial of Service (DDoS) attack is a major threat over the internet. The IP traceback mechanism defends against DDoS attacks by tracing the path traversed by attack packets. The existing traceback techniques proposed till now are found with few short comings. The victim required many number of packets to trace the attack path. The requirement of a large number of packets resulted in more number of combinations and more false positives.Methods:To generate a unique value for the IP address of the routers in the attack path Chinese Remainder theorem is applied. This helped in combining the exact parts of the IP address at the victim. We also applied K-Nearest Neighbor (KNN) algorithm to classify the packets depending on their traffic flow, this reduced the number of packets to reconstruct the attack path.Results:The proposed approach is compared with the existing approaches and the results demonstrated that the attack graph is effectively constructed with higher precision and lower combination overhead under large scale DDoS attacks. In this approach, packets from diverse flows are separated as per flow information by applying KNN algorithm. Hence, the reconstruction procedure could be applied on each group separately to construct the multiple attack paths. This results in reconstruction of the complete attack graph with fewer combinations and false positive rate.Conclusion:In case of DDoS attacks the reconstruction of the attack path plays a major role in revealing IP addresses of the participated routers without false positives and false negatives. Our algorithm FRS enhances the feasibility of information pertaining to even the farthest routers by incorporating a flag condition while marking the packets. The rate of false positives and false negatives are drastically reduced by the application of Chinese Remainder Theorem on the IP addresses of the router. At the victim, the application of KNN algorithm reduced the combination overhead and the computation cost enormously.

scholarly journals DDosTC: A Transformer-Based Network Attack Detection Hybrid Mechanism in SDN

Sensors ◽  
2021 ◽  
Vol 21 (15) ◽  
pp. 5047
Author(s):  
Haomin Wang ◽  
Wei Li
Keyword(s):  
Neural Network ◽  
Denial Of Service ◽  
Detection Algorithm ◽  
Attack Detection ◽  
Target System ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Optimal Model ◽  
Network Attack ◽  
Average Accuracy

Software-defined networking (SDN) has emerged in recent years as a form of Internet architecture. Its scalability, dynamics, and programmability simplify the traditional Internet structure. This architecture realizes centralized management by separating the control plane and the data-forwarding plane of the network. However, due to this feature, SDN is more vulnerable to attacks than traditional networks and can cause the entire network to collapse. DDoS attacks, also known as distributed denial-of-service attacks, are the most aggressive of all attacks. These attacks generate many packets (or requests) and ultimately overwhelm the target system, causing it to crash. In this article, we designed a hybrid neural network DDosTC structure, combining efficient and scalable transformers and a convolutional neural network (CNN) to detect distributed denial-of-service (DDoS) attacks on SDN, tested on the latest dataset, CICDDoS2019. For better verification, several experiments were conducted by dividing the dataset and comparisons were made with the latest deep learning detection algorithm applied in the field of DDoS intrusion detection. The experimental results show that the average AUC of DDosTC is 2.52% higher than the current optimal model and that DDosTC is more successful than the current optimal model in terms of average accuracy, average recall, and F1 score.

scholarly journals A Multiple-Swarm Particle Swarm Optimisation Scheme for Tracing Packets Back to the Attack Sources of Botnet

2021 ◽  
Vol 11 (3) ◽  
pp. 1139
Author(s):  
Hsiao-Chung Lin ◽  
Ping Wang ◽  
Wen-Hui Lin ◽  
Yu-Hsiang Huang
Keyword(s):  
Search Algorithm ◽  
Denial Of Service ◽  
Particle Swarm ◽  
Pso Algorithm ◽  
Descent Method ◽  
Particle Swarm Optimisation ◽  
Gradient Descent Method ◽  
Network Intrusion ◽  
Traceability Analysis ◽  
Multiple Attack

Network intrusion detection systems that employ existing IP traceback (IPTBK) algorithms are generally unable to trace multiple attack sources. In these systems, the sampling mechanism only screens parts of the routing information, which leads to the tracing of the neighbour of the attack source and fails to identify the attack source. Theoretically, the multimodal optimisation problem cannot be solved for all of its multiple solutions using the traditional particle swarm optimisation (PSO) algorithm. The present study focuses on the use of multiple-swarm PSO (MSPSO) for recursively tracing attack paths back to a botnet’s multiple attack sources using the subgroup strategy. Specifically, the fitness of each path was calculated using a quasi-Newton gradient descent method to confirm the crucial path for successfully tracing the attack source. For multimodal optimisation problems, the MSPSO algorithm achieves an effective balance between individual particle exploitation and multiswarm exploration when premature convergence occurs. Thus, this algorithm accurately traces multiple attack sources. To verify the effectiveness of identifying Distributed Denial-Of-Service (DDoS) control centres, networks with various topology sizes (32–64 nodes) were simulated using ns-3 with the Boston University Representative Internet Topology Generator. The proposed A* search algorithm (minimal cost pathfinding algorithm) and MSPSO were used to identify the sources of simulated DDoS attacks. Compared with commonly available systems, the MSPSO algorithm performs better in multimodal optimisation problems, improves the accuracy of traceability analysis and reduces false responses for IPTBK problems.

scholarly journals DDoS Attack Detection System Using Semi-supervised Machine Learning in SDN

2021 ◽  
Author(s):  
Mohamed Ahmed Azmi Etman
Keyword(s):  
Detection System ◽  
Traditional Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Supervised Machine Learning ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Multiple Sources ◽  
Network Resources ◽  
Software Module

Distributed Denial of Service (DDoS) attacks is one of the most dangerous cyber-attack to Software Defined Networks (SDN). It works by sending a large volume of fake network traffic from multiple sources in order to consume the network resources. Among various DDoS attacks, TCP SYN flooding attack is one of the most popular DDoS attacks. In this attack, the attacker sends large amounts of half-open TCP connections on the targeted server in order to exhaust its resources and make it unavailable. SDN architecture separates the control plane and data plane. This separation makes it easier to the controller to program and manage the entire network from single device to make better decisions than when the control is distributed among all the switches. These features will be utilized in this thesis to implement our detection system. Researchers have proposed many solutions to better utilize SDN to detect DDoS attacks, however, it is still a very challenging problem for quick and precise detection of this kind of attacks. In this thesis, we introduce a novel DDoS detection system based on semi-supervised algorithm with Logistic Regression classifier. The algorithm is implemented as a software module on POX SDN controller. We have conducted various test scenarios, comparing it with the traditional approach in the literature. The approach presented in this thesis manages to have a better attack detection rate with a lower reaction time.

scholarly journals DDoS Attack Detection System Using Semi-supervised Machine Learning in SDN

2021 ◽  
Author(s):  
Mohamed Ahmed Azmi Etman
Keyword(s):  
Detection System ◽  
Traditional Approach ◽  
Denial Of Service ◽  
Attack Detection ◽  
Supervised Machine Learning ◽  
Cyber Attack ◽  
Ddos Attacks ◽  
Multiple Sources ◽  
Network Resources ◽  
Software Module

Distributed Denial of Service (DDoS) attacks is one of the most dangerous cyber-attack to Software Defined Networks (SDN). It works by sending a large volume of fake network traffic from multiple sources in order to consume the network resources. Among various DDoS attacks, TCP SYN flooding attack is one of the most popular DDoS attacks. In this attack, the attacker sends large amounts of half-open TCP connections on the targeted server in order to exhaust its resources and make it unavailable. SDN architecture separates the control plane and data plane. This separation makes it easier to the controller to program and manage the entire network from single device to make better decisions than when the control is distributed among all the switches. These features will be utilized in this thesis to implement our detection system. Researchers have proposed many solutions to better utilize SDN to detect DDoS attacks, however, it is still a very challenging problem for quick and precise detection of this kind of attacks. In this thesis, we introduce a novel DDoS detection system based on semi-supervised algorithm with Logistic Regression classifier. The algorithm is implemented as a software module on POX SDN controller. We have conducted various test scenarios, comparing it with the traditional approach in the literature. The approach presented in this thesis manages to have a better attack detection rate with a lower reaction time.

HULK and DDoS Attacks in Web Applications with Detection Mechanism

2018 ◽  
Vol 6 (6) ◽  
pp. 192
Author(s):  
Amit Sharma
Keyword(s):  
Web Applications ◽  
Denial Of Service ◽  
Single Server ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Detection Mechanism ◽  
Plan Execution ◽  
Social Affair ◽  
Server Application

Distributed Denial of Service attacks are significant dangers these days over web applications and web administrations. These assaults pushing ahead towards application layer to procure furthermore, squander most extreme CPU cycles. By asking for assets from web benefits in gigantic sum utilizing quick fire of solicitations, assailant robotized programs use all the capacity of handling of single server application or circulated environment application. The periods of the plan execution is client conduct checking and identification. In to beginning with stage by social affair the data of client conduct and computing individual user’s trust score will happen and Entropy of a similar client will be ascertained. HTTP Unbearable Load King (HULK) attacks are also evaluated. In light of first stage, in recognition stage, variety in entropy will be watched and malevolent clients will be recognized. Rate limiter is additionally acquainted with stop or downsize serving the noxious clients. This paper introduces the FAÇADE layer for discovery also, hindering the unapproved client from assaulting the framework.

scholarly journals Entropy Based Features Distribution for Anti-DDoS Model in SDN

2021 ◽  
Vol 13 (3) ◽  
pp. 1522
Author(s):  
Raja Majid Ali Ujjan ◽  
Zeeshan Pervez ◽  
Keshav Dahal ◽  
Wajahat Ali Khan ◽  
Asad Masood Khattak ◽  
...  
Keyword(s):  
Network Security ◽  
False Positive ◽  
Denial Of Service ◽  
Network Services ◽  
Detection Accuracy ◽  
Data Sets ◽  
Traffic Patterns ◽  
Average Accuracy ◽  
Ddos Detection ◽  
Quantitative Results

In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%.

scholarly journals Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model

2021 ◽  
Vol 11 (11) ◽  
pp. 5213
Author(s):  
Chin-Shiuh Shieh ◽  
Wan-Wei Lin ◽  
Thanh-Tuan Nguyen ◽  
Chi-Hong Chen ◽  
Mong-Fong Horng ◽  
...  
Keyword(s):  
Deep Learning ◽  
Gaussian Mixture Model ◽  
Mixture Model ◽  
Denial Of Service ◽  
Gaussian Mixture ◽  
Mitigation Measures ◽  
Distribution Model ◽  
Ddos Attacks ◽  
Open Set ◽  
The Impact

DDoS (Distributed Denial of Service) attacks have become a pressing threat to the security and integrity of computer networks and information systems, which are indispensable infrastructures of modern times. The detection of DDoS attacks is a challenging issue before any mitigation measures can be taken. ML/DL (Machine Learning/Deep Learning) has been applied to the detection of DDoS attacks with satisfactory achievement. However, full-scale success is still beyond reach due to an inherent problem with ML/DL-based systems—the so-called Open Set Recognition (OSR) problem. This is a problem where an ML/DL-based system fails to deal with new instances not drawn from the distribution model of the training data. This problem is particularly profound in detecting DDoS attacks since DDoS attacks’ technology keeps evolving and has changing traffic characteristics. This study investigates the impact of the OSR problem on the detection of DDoS attacks. In response to this problem, we propose a new DDoS detection framework featuring Bi-Directional Long Short-Term Memory (BI-LSTM), a Gaussian Mixture Model (GMM), and incremental learning. Unknown traffic captured by the GMM are subject to discrimination and labeling by traffic engineers, and then fed back to the framework as additional training samples. Using the data sets CIC-IDS2017 and CIC-DDoS2019 for training, testing, and evaluation, experiment results show that the proposed BI-LSTM-GMM can achieve recall, precision, and accuracy up to 94%. Experiments reveal that the proposed framework can be a promising solution to the detection of unknown DDoS attacks.

Sign in / Sign up

Export Citation Format

Share Document