Detection of Adversarial DDoS Attacks Using Generative Adversarial Networks with Dual Discriminators

DDoS (Distributed Denial of Service) has emerged as a serious and challenging threat to computer networks and information systems’ security and integrity. Before any remedial measures can be implemented, DDoS assaults must first be detected. DDoS attacks can be identified and characterized with satisfactory achievement employing ML (Machine Learning) and DL (Deep Learning). However, new varieties of aggression arise as the technology for DDoS attacks keep evolving. This research explores the impact of a new incarnation of DDoS attack–adversarial DDoS attack. There are established works on ML-based DDoS detection and GAN (Generative Adversarial Network) based adversarial DDoS synthesis. We confirm these findings in our experiments. Experiments in this study involve the extension and application of the GAN, a machine learning framework with symmetric form having two contending neural networks. We synthesize adversarial DDoS attacks utilizing Wasserstein Generative Adversarial Networks featuring Gradient Penalty (GP-WGAN). Experiment results indicate that the synthesized traffic can traverse the detection systems such as k-Nearest Neighbor (KNN), Multi-Layer Perceptron (MLP) and Random Forest (RF) without being identified. This observation is a sobering and pessimistic wake-up call, implying that countermeasures to adversarial DDoS attacks are urgently needed. To this problem, we propose a novel DDoS detection framework featuring GAN with Dual Discriminators (GANDD). The additional discriminator is designed to identify adversary DDoS traffic. The proposed GANDD can be an effective solution to adversarial DDoS attacks, as evidenced by the experimental results. We use adversarial DDoS traffic synthesized by GP-WGAN to train GANDD and validate it alongside three other DL technologies: DNN (Deep Neural Network), LSTM (Long Short-Term Memory) and GAN. GANDD outperformed the other DL models, demonstrating its protection with a TPR of 84.3%. A more sophisticated test was also conducted to examine GANDD’s ability to handle unseen adversarial attacks. GANDD was evaluated with adversarial traffic not generated from its training data. GANDD still proved effective with a TPR around 71.3% compared to 7.4% of LSTM.

Download Full-text

Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

10.32920/ryerson.14657556 ◽

2021 ◽

Author(s):

Merlin James Rukshan Dennis

Keyword(s):

Machine Learning ◽

Random Forest ◽

Statistical Approach ◽

Denial Of Service ◽

Attack Detection ◽

Learning Approach ◽

Ddos Attack ◽

Machine Learning Approach ◽

Ddos Detection ◽

Ddos Attack Detection

Distributed Denial of Service (DDoS) attack is a serious threat on today’s Internet. As the traffic across the Internet increases day by day, it is a challenge to distinguish between legitimate and malicious traffic. This thesis proposes two different approaches to build an efficient DDoS attack detection system in the Software Defined Networking environment. SDN is the latest networking approach which implements centralized controller, which is programmable. The central control and the programming capability of the controller are used in this thesis to implement the detection and mitigation mechanisms. In this thesis, two designed approaches, statistical approach and machine-learning approach, are proposed for the DDoS detection. The statistical approach implements entropy computation and flow statistics analysis. It uses the mean and standard deviation of destination entropy, new flow arrival rate, packets per flow and flow duration to compute various thresholds. These thresholds are then used to distinguish normal and attack traffic. The machine learning approach uses Random Forest classifier to detect the DDoS attack. We fine-tune the Random Forest algorithm to make it more accurate in DDoS detection. In particular, we introduce the weighted voting instead of the standard majority voting to improve the accuracy. Our result shows that the proposed machine-learning approach outperforms the statistical approach. Furthermore, it also outperforms other machine-learning approach found in the literature.

Download Full-text

Detection and Prevention Algorithm of DDoS Attack Over the IOT Networks

TEM Journal ◽

10.18421/tem93-09 ◽

2020 ◽

pp. 899-906

Keyword(s):

Denial Of Service ◽

The Other ◽

High Rate ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Huge Number ◽

Security Issues ◽

Ddos Attack ◽

Legitimate User ◽

The Impact

One of the most notorious security issues in the IoT is the Distributed Denial of Service (DDoS) attack. Using a large number of agents, DDoS attack floods the host server with a huge number of requests causing interrupting and blocking the legitimate user requests. This paper proposes a detection and prevention algorithm for DDoS attacks. It is divided into two parts, one for detecting the DDoS attack in the IoT end devices and the other for mitigating the impact of the attack placed on the border router. Also, it has the ability to differentiate the High-rate from the Lowrate DDoS attack accurately and defend against these two types of attacks. It is implemented and tested against different scenarios to dissect their efficiency in detecting and mitigating the DDoS attack.

Download Full-text

DDoS attack detection using deep learning

IAES International Journal of Artificial Intelligence (IJ-AI) ◽

10.11591/ijai.v10.i2.pp382-388 ◽

2021 ◽

Vol 10 (2) ◽

pp. 382

Author(s):

Thapanarath Khempetch ◽

Pongpisit Wuttidittachotti

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Ddos Attack ◽

Attack Surface ◽

Iot Devices ◽

Ddos Attack Detection ◽

Flow Of Information

<span id="docs-internal-guid-58e12f40-7fff-ea30-01f6-fbbed132b03c"><span>Nowadays, IoT devices are widely used both in daily life and in corporate and industrial environments. The use of these devices has increased dramatically and by 2030 it is estimated that their usage will rise to 125 billion devices causing enormous flow of information. It is likely that it will also increase distributed denial-of-service (DDoS) attack surface. As IoT devices have limited resources, it is impossible to add additional security structures to it. Therefore, the risk of DDoS attacks by malicious people who can take control of IoT devices, remain extremely high. In this paper, we use the CICDDoS2019 dataset as a dataset that has improved the bugs and introducing a new taxonomy for DDoS attacks, including new classification based on flows network. We propose DDoS attack detection using the deep neural network (DNN) and long short-term memory (LSTM) algorithm. Our results show that it can detect more than 99.90% of all three types of DDoS attacks. The results indicate that deep learning is another option for detecting attacks that may cause disruptions in the future.</span></span>

Download Full-text

Machine-learning and statistical methods for DDoS attack detection and defense system in software defined networks

10.32920/ryerson.14657556.v1 ◽

2021 ◽

Author(s):

Merlin James Rukshan Dennis

Keyword(s):

Machine Learning ◽

Random Forest ◽

Statistical Approach ◽

Denial Of Service ◽

Attack Detection ◽

Learning Approach ◽

Ddos Attack ◽

Machine Learning Approach ◽

Ddos Detection ◽

Ddos Attack Detection

Download Full-text

DDoS Attacks and Defense Mechanisms Using Machine Learning Techniques for SDN

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch013 ◽

2021 ◽

pp. 248-264

Author(s):

Rochak Swami ◽

Mayank Dave ◽

Virender Ranga

Keyword(s):

Machine Learning ◽

Defense Mechanisms ◽

Denial Of Service ◽

Machine Learning Techniques ◽

Learning Approaches ◽

Ddos Attacks ◽

Ddos Attack ◽

Learning Techniques ◽

New Generation ◽

Networking Technology

Distributed denial of service (DDoS) attack is one of the most disastrous attacks that compromises the resources and services of the server. DDoS attack makes the services unavailable for its legitimate users by flooding the network with illegitimate traffic. Most commonly, it targets the bandwidth and resources of the server. This chapter discusses various types of DDoS attacks with their behavior. It describes the state-of-the-art of DDoS attacks. An emerging technology named “Software-defined networking” (SDN) has been developed for new generation networks. It has become a trending way of networking. Due to the centralized networking technology, SDN suffers from DDoS attacks. SDN controller manages the functionality of the complete network. Therefore, it is the most vulnerable target of the attackers to be attacked. This work illustrates how DDoS attacks affect the whole working of SDN. The objective of this chapter is also to provide a better understanding of DDoS attacks and how machine learning approaches may be used for detecting DDoS attacks.

Download Full-text

Neural Network-Based Approach for Detection and Mitigation of DDoS Attacks in SDN Environments

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2020070104 ◽

2020 ◽

Vol 14 (3) ◽

pp. 50-71

Author(s):

Oussama Hannache ◽

Mohamed Chaouki Batouche

Keyword(s):

Neural Network ◽

Performance Metrics ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Analysis Method ◽

Organizational Network ◽

Ddos Attack ◽

Data Plane ◽

Ddos Detection

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.

Download Full-text

A Traffic Cluster Entropy Based Approach to Distinguish DDoS Attacks from Flash Event Using DETER Testbed

ISRN Communications and Networking ◽

10.1155/2014/259831 ◽

2014 ◽

Vol 2014 ◽

pp. 1-15 ◽

Cited By ~ 11

Author(s):

Monika Sachdeva ◽

Krishan Kumar

Keyword(s):

Research Laboratory ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Cyber Defense ◽

Ddos Attack ◽

Defense Technology ◽

Different Types ◽

Ddos Detection ◽

Flash Event

The detection of distributed denial of service (DDoS) attacks is one of the hardest problems confronted by the network security researchers. Flash event (FE), which is caused by a large number of legitimate requests, has similar characteristics to those of DDoS attacks. Moreover DDoS attacks and FEs require altogether different handling procedures. So discriminating DDoS attacks from FEs is very important. But the research involving DDoS detection has not laid enough emphasis on including FEs scenarios in the experiments. In this paper, we are using traffic cluster entropy as detection metric not only to detect DDoS attacks but also to distinguish DDoS attacks from FEs. We have validated our approach on cyber-defense technology experimental research laboratory (DETER) testbed. Different emulation scenarios are created on DETER using mix of legitimate, flash, and different types of attacks at varying strengths. It is found that, when flash event is triggered, source address entropy increases but the corresponding traffic cluster entropy does not increase. However, when DDoS attack is launched, traffic cluster entropy also increases along with source address entropy. An analysis of live traces on DETER testbed clearly manifests supremacy of our approach.

Download Full-text

Software Defined Network : The Comparison of SVM kernel on DDoS Detection

RSF Conference Series: Engineering and Technology ◽

10.31098/cset.v1i1.413 ◽

2021 ◽

Vol 1 (1) ◽

pp. 281-290

Author(s):

Rifki Indra Perwira ◽

Hari Prapcoyo

Keyword(s):

Network Security ◽

New Technology ◽

Training Data ◽

Software Defined Network ◽

Data Traffic ◽

Ddos Attacks ◽

Ddos Attack ◽

Ddos Detection ◽

The Difference ◽

The Brain

SDN is a new technology in the concept of a network where there is a separation between the data plane and the control plane as the brain that regulates data forwarding so that it becomes a target for DDoS attacks. Detection of DDoS attacks is an important topic in the field of network security. because of the difficulty of detecting the difference between normal traffic and anomalous attacks. Based on data from helpnetsecurity.com, in 2020 there were 4.83 million attempted DoS/DDoS attacks on various services, this shows that network security is very important. Various methods have been used in detecting DDoS attacks such as using a threshold on passing network traffic with an average traffic size compared to 3 times the standard deviation, the weakness of this method is if there is a spike in traffic it will be detected as an attack even though the traffic is normal so that it increases false positives. To maintain security on the SDN network, the reason is that a system is needed that can detect DDoS attacks anomalously by taking advantage of the habits that appear on the system and assuming that if there are deviations from the habits that appear then it is declared a DDoS attack, the SVM method is used to categorize the data traffic obtained from the controller to detect whether it is a DDoS attack or not. Based on the tests conducted with 500 training data, the accuracy is 99,2%. The conclusion of this paper is that the RBF SVM kernel can be very good at detecting anomalous DDoS attacks.

Download Full-text

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Ingénierie des systèmes d information ◽

10.18280/isi.260505 ◽

2021 ◽

Vol 26 (5) ◽

pp. 461-468

Author(s):

Kishore Babu Dasari ◽

Nagaraju Devarakonda

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Good Accuracy ◽

Denial Of Service ◽

Cyber Attacks ◽

Classification Algorithms ◽

Negative Consequences ◽

Ddos Attacks ◽

Machine Learning Classification ◽

Ddos Attack

Cyber attacks are one of the world's most serious challenges nowadays. A Distributed Denial of Service (DDoS) attack is one of the most common cyberattacks that has affected availability, which is one of the most important principles of information security. It leads to so many negative consequences in terms of business, production, reputation, data theft, etc. It shows the importance of effective DDoS detection mechanisms to reduce losses. In order to detect DDoS attacks, statistical and data mining methods have not been given good accuracy values. Researchers get good accuracy values while detecting DDoS attacks by using classification algorithms. But researchers, use individual classification algorithms on generalized DDoS attacks. This study used six machine learning classification algorithms to detect eleven different DDoS attacks on different DDoS attack datasets. We used the CICDDoS2019 dataset which is collected from the Canadian Institute of Cyber security in this study. It contains eleven different DDoS attack datasets in CSV file format. On each DDoS attack, we evaluated the effectiveness of the classification methods Logistic regression, Decision tree, Random Forest, Ada boost, KNN, and Naive Bayes, and determined the best classification algorithms for detection.

Download Full-text

Present Status of Distributed Denial of Service (DDoS) Attacks in Internet World

International Journal of Mathematical Engineering and Management Sciences ◽

10.33889/ijmems.2019.4.4-080 ◽

2019 ◽

Vol 4 (4) ◽

pp. 1008-1017

Author(s):

Rajeev Singh ◽

T. P. Sharma

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

5G Networks ◽

Dos Attack ◽

Ddos Attack ◽

Digital World ◽

Iot Devices ◽

The Impact ◽

Day By Day

Distributed Denial of Service (DDoS) attack harms the digital availability in Internet. The user’s perspective of getting quick and effective services may be badly hit by the DDoS attackers. There are several reports of DDoS attack incidences that have caused devastating effects on the user and web services in the Internet world. In the present digital world dominated by wireless, mobile and IoT devices, the numbers of users are increasing day by day. Most of the users are novice and therefore their devices either fell prey to DDoS attacks or unknowingly add themselves to the DDoS attack Army. We soon will witness the 5G mobile revolution but there are reports that 5G networks are also falling prey to DDoS attacks and hence, the realization of DoS attack as a threat needs to be understood. The paper targets to assess the DDoS attack threat. It identifies the impact of attack and also reviews existing Indian laws.

Download Full-text