Decision Tree and Neural Network Based Hybrid Algorithm for Detecting and Preventing Ddos Attacks in VANETS

The demand of Vehicular Adhoc Networks (VANETs) has been increasing in the area of vehicular and infrastructure communications. It has been felt that there is requirement of sharing of critical information related to safety and traffic management among different types of vehicles in a secure way. To ensure the smooth operation of the network, the availability of network resources is needed. The presence of either malicious vehicles or inaccessibility of network services makes VANET easy target for denial of service (DoS) attacks. The sole purpose of DoS attacks is to prevent the intended users from accessing the available resources and services. When the DoS attack is carried out by multiple vehicles distributed throughout the network, it is referred as Distributed DoS (DDoS) attack. The DDoS attacks are very dangerous and hard to be addressed in real time. The machine learning based DDoS attack detection algorithms have been proposed and presented by the research community in literature. In this paper, a hybrid algorithm of Decision Tree and Neural Network is presented for detecting and preventing different types of DDoS attacks in VANETs with highly efficient results. The simulation based experiments are carried out in order to evaluate and compare the performance of proposed hybrid algorithm with respect to different performance parameters. Based on experiments results, it has been found that the performance of hybrid algorithm has been increased significantly.

Download Full-text

An Efficient DDoS Attack Detecting System using Levenberg-Marquardt Based Deep Artificial Neural Network Approach for IOT

International Journal of Innovative Technology and Exploring Engineering - Special Issue ◽

10.35940/ijitee.c8356.0110321 ◽

2021 ◽

Vol 10 (3) ◽

pp. 59-66

Author(s):

Ahmed Saeed Alzahrani

Keyword(s):

Neural Network ◽

Performance Metrics ◽

Rapid Development ◽

Denial Of Service ◽

Attack Detection ◽

Smart Devices ◽

Ddos Attacks ◽

Ddos Attack ◽

Levenberg Marquardt ◽

Iot Devices

The Internet of Things model envisions the widespread interconnection and collaboration of smart devices over the present and future Internet environment. Threats and attacks against IoT devices and services are on the rise due to their rapid development. Distributed-Denial-of-Service (DDoS) attacks are one of the main dangerous malwares that attack targeted organizations through infected devices. Many mechanisms are developed for IoT devices in order to detect DDoS attacks. Nonetheless, the prevailing DDoS Attack Detection (DAD) methods involve time-delay and a lower detection rate. This paper proposed an efficient approach using the Levenberg-Marquardt Neural Network (LMDANN) algorithm for detecting the DDoS attacks in order to enhance prediction accuracy. In the proposed system, a MapReduce technique is used to eliminate the redundant copies. In addition, the Entropy-based Fisher’s Discriminate Function (ENTFDF) method was developed to reduce the features from the extracted features, and the system suggests an LMDANN algorithm to classify DDoS attack data separately from the normal data. In this, 80% of the data is used for training, and 20% of the data is used for testing. The performance of the proposed LMDANN method was evaluated in contrast to other art of state algorithms (ANN, SVM, KNN, and ANFIS) in terms of some specific qualitative performance metrics (recall, sensitivity, f-measure, specificity, precision, accuracy, and training time). The results show that the proposed detection approach can efficiently detect the DDoS attack in the IoT environment, achieving 96.35% accuracy.

Download Full-text

Real-Time DDoS Attack Detection System Using Big Data Approach

Sustainability ◽

10.3390/su131910743 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10743

Author(s):

Mazhar Javed Awan ◽

Umar Farooq ◽

Hafiz Muhammad Aqeel Babar ◽

Awais Yasin ◽

Haitham Nobanee ◽

...

Keyword(s):

Machine Learning ◽

Big Data ◽

Real Time ◽

Denial Of Service ◽

Attack Detection ◽

Testing Time ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Attack ◽

Data Framework

Currently, the Distributed Denial of Service (DDoS) attack has become rampant, and shows up in various shapes and patterns, therefore it is not easy to detect and solve with previous solutions. Classification algorithms have been used in many studies and have aimed to detect and solve the DDoS attack. DDoS attacks are performed easily by using the weaknesses of networks and by generating requests for services for software. Real-time detection of DDoS attacks is difficult to detect and mitigate, but this solution holds significant value as these attacks can cause big issues. This paper addresses the prediction of application layer DDoS attacks in real-time with different machine learning models. We applied the two machine learning approaches Random Forest (RF) and Multi-Layer Perceptron (MLP) through the Scikit ML library and big data framework Spark ML library for the detection of Denial of Service (DoS) attacks. In addition to the detection of DoS attacks, we optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework (Spark ML). We achieved a mean accuracy of 99.5% of the models both with and without big data approaches. However, in training and testing time, the big data approach outperforms the non-big data approach due to that the Spark computations in memory are in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively. Using a big data tool (Apache Spark), the maximum intermediate training and testing time in minutes was 34.11 and 0.46, respectively, using a non-big data approach. We also achieved these results using the big data approach. We can detect an attack in real-time in few milliseconds.

Download Full-text

Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Security and Communication Networks ◽

10.1155/2018/5198685 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 8

Author(s):

Jieren Cheng ◽

Chen Zhang ◽

Xiangyan Tang ◽

Victor S. Sheng ◽

Zhe Dong ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Multiple Kernel Learning ◽

Attack Detection ◽

Kernel Learning ◽

Economic Losses ◽

Ddos Attacks ◽

Ddos Attack ◽

Multiple Kernel ◽

Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

Download Full-text

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

10.26686/wgtn.17135222.v1 ◽

2021 ◽

Author(s):

◽

Abigail Koay

Keyword(s):

Information Sharing ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Low Intensity ◽

Ddos Attack ◽

Ddos Attack Detection

High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.

Download Full-text

DDoS detection and prevention based on artificial intelligence techniques

Scientific Bulletin of Naval Academy ◽

10.21279/1454-864x-19-i1-018 ◽

2019 ◽

Vol XXII (1) ◽

pp. 134-143

Author(s):

Glăvan D.

Keyword(s):

Artificial Intelligence ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Ddos Attacks ◽

Great Loss ◽

Artificial Intelligence Techniques ◽

Ddos Attack ◽

Random Forest Tree ◽

Ddos Attack Detection

Distributed Denial of Service (DDoS) attacks have been the major threats for the Internet and can bring great loss to companies and governments. With the development of emerging technologies, such as cloud computing, Internet of Things (IoT), artificial intelligence techniques, attackers can launch a huge volume of DDoS attacks with a lower cost, and it is much harder to detect and prevent DDoS attacks, because DDoS traffic is similar to normal traffic. Some artificial intelligence techniques like machine learning algorithms have been used to classify DDoS attack traffic and detect DDoS attacks, such as Naive Bayes and Random forest tree. In the paper, we survey on the latest progress on the DDoS attack detection using artificial intelligence techniques and give recommendations on artificial intelligence techniques to be used in DDoS attack detection and prevention.

Download Full-text

Taxonomy of Distributed Denial of Service (DDoS) Attacks and Defense Mechanisms in Present Era of Smartphone Devices

International Journal of E-Services and Mobile Applications ◽

10.4018/ijesma.2018040104 ◽

2018 ◽

Vol 10 (2) ◽

pp. 58-74 ◽

Cited By ~ 8

Author(s):

Kavita Sharma ◽

B. B. Gupta

Keyword(s):

Defense Mechanisms ◽

Computer Network ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Network Resources ◽

Common People ◽

Ddos Attack ◽

Legitimate User

This article describes how in the summer of 1999, the Computer Incident Advisory Capability first reported about Distributed Denial of Service (DDoS) attack incidents and the nature of Denial of Service (DoS) attacks in a distributed environment that eliminates the availability of resources or data on a computer network. DDoS attack exhausts the network resources and disturbs the legitimate user. This article provides an explanation on DDoS attacks and nature of these attacks against Smartphones and Wi-Fi Technology and presents a taxonomy of various defense mechanisms. The smartphone is chosen for this study, as they have now become a necessity rather than a luxury item for the common people.

Download Full-text

A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression

Proceedings ◽

10.3390/proceedings2020063051 ◽

2020 ◽

Vol 63 (1) ◽

pp. 51

Author(s):

Swathi Sambangi ◽

Lakshmeeswari Gondi

Keyword(s):

Machine Learning ◽

Denial Of Service ◽

Classification Problem ◽

Attack Detection ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attacks ◽

Multiple Sources ◽

Denial Of Service Attack ◽

Network Bandwidth

The problem of identifying Distributed Denial of Service (DDos) attacks is fundamentally a classification problem in machine learning. In relevance to Cloud Computing, the task of identification of DDoS attacks is a significantly challenging problem because of computational complexity that has to be addressed. Fundamentally, a Denial of Service (DoS) attack is an intentional attack attempted by attackers from single source which has an implicit intention of making an application unavailable to the target stakeholder. For this to be achieved, attackers usually stagger the network bandwidth, halting system resources, thus causing denial of access for legitimate users. Contrary to DoS attacks, in DDoS attacks, the attacker makes use of multiple sources to initiate an attack. DDoS attacks are most common at network, transportation, presentation and application layers of a seven-layer OSI model. In this paper, the research objective is to study the problem of DDoS attack detection in a Cloud environment by considering the most popular CICIDS 2017 benchmark dataset and applying multiple regression analysis for building a machine learning model to predict DDoS and Bot attacks through considering a Friday afternoon traffic logfile.

Download Full-text

IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

Mathematical Biosciences and Engineering ◽

10.3934/mbe.2022059 ◽

2021 ◽

Vol 19 (2) ◽

pp. 1280-1303

Author(s):

Jiushuang Wang ◽

◽

Ying Liu ◽

Huifen Feng

Keyword(s):

Internet Of Things ◽

Firefly Algorithm ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Detection Scheme ◽

Ddos Attack ◽

Improved Firefly Algorithm ◽

Iot Devices ◽

Ddos Attack Detection

<abstract>Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.</abstract>

Download Full-text

DDoS attack detection using deep learning

IAES International Journal of Artificial Intelligence (IJ-AI) ◽

10.11591/ijai.v10.i2.pp382-388 ◽

2021 ◽

Vol 10 (2) ◽

pp. 382

Author(s):

Thapanarath Khempetch ◽

Pongpisit Wuttidittachotti

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Ddos Attack ◽

Attack Surface ◽

Iot Devices ◽

Ddos Attack Detection ◽

Flow Of Information

Nowadays, IoT devices are widely used both in daily life and in corporate and industrial environments. The use of these devices has increased dramatically and by 2030 it is estimated that their usage will rise to 125 billion devices causing enormous flow of information. It is likely that it will also increase distributed denial-of-service (DDoS) attack surface. As IoT devices have limited resources, it is impossible to add additional security structures to it. Therefore, the risk of DDoS attacks by malicious people who can take control of IoT devices, remain extremely high. In this paper, we use the CICDDoS2019 dataset as a dataset that has improved the bugs and introducing a new taxonomy for DDoS attacks, including new classification based on flows network. We propose DDoS attack detection using the deep neural network (DNN) and long short-term memory (LSTM) algorithm. Our results show that it can detect more than 99.90% of all three types of DDoS attacks. The results indicate that deep learning is another option for detecting attacks that may cause disruptions in the future.

Download Full-text

On the use of information theory metrics for detecting DDoS attacks and flash events: an empirical analysis, comparison, and future directions

Kuwait Journal of Science ◽

10.48129/kjs.v48i4.10612 ◽

2021 ◽

Vol 48 (4) ◽

Author(s):

Jagdeep Singh ◽

◽

Navjot Jyoti ◽

Sunny Behal ◽

◽

...

Keyword(s):

Information Theory ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

High Rate ◽

Ddos Attacks ◽

Operating Characteristics ◽

Classification Rate ◽

Ddos Attack ◽

Ddos Attack Detection

A Distributed Denial of Service (DDoS) attack is one of the lethal threats that can cripple down the computing and communication resources of a web server hosting Internet-based services and applications. It has motivated the researchers over the years to find diversified and robust solutions to combat against DDoS attacks and characterization of flash events (a sudden surge in the legitimate traffic) from HR-DDoS (High-Rate DDoS) attacks. In recent times, the volume of legitimate traffic has also magnified manifolds. It results in behavioral similarities of attack traffic and legitimate traffic that make it very difficult and crucial to differentiate between the two. Predominantly, Netflow-based techniques are in use for detecting and differentiating legitimate and attack traffic flows. Over the last decade, fellow researchers have extensively used distinct information theory metrics for Netflow-based DDoS defense solutions. However, a comprehensive analysis and comparison of these diversified information theory metrics used for particularly DDoS attack detection are needed for a better understanding of the defense systems based on information theory. This paper elucidates the efficacy and effectiveness of information theory-based various entropy and divergence measures in the field of DDoS attack detection. As part of the work, a generalized NetFlow-based methodology has been proposed. The proposed detection methodology has been validated using the traffic traces of various real benchmarked datasets on a set of detection system evaluation metrics such as Detection rate (Recall), Precision, F-Measure, FPR, Classification rate, and Receiver-Operating Characteristics (ROC) curves. It has concluded that generalized divergence-based information theory metrics produce more accuracy in detecting different types of attack flows in contrast to entropy-based information theory metrics.

Download Full-text