scholarly journals IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

2021 ◽  
Vol 19 (2) ◽  
pp. 1280-1303
Author(s):  
Jiushuang Wang ◽  
◽  
Ying Liu ◽  
Huifen Feng
Keyword(s):  
Internet Of Things ◽  
Firefly Algorithm ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Detection Scheme ◽  
Ddos Attack ◽  
Improved Firefly Algorithm ◽  
Iot Devices ◽  
Ddos Attack Detection

<abstract><p>Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.</p></abstract>

scholarly journals DDoS attack detection using deep learning

2021 ◽  
Vol 10 (2) ◽  
pp. 382
Author(s):  
Thapanarath Khempetch ◽  
Pongpisit Wuttidittachotti
Keyword(s):  
Deep Learning ◽  
Short Term Memory ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Attack Surface ◽  
Iot Devices ◽  
Ddos Attack Detection ◽  
Flow Of Information

<span id="docs-internal-guid-58e12f40-7fff-ea30-01f6-fbbed132b03c"><span>Nowadays, IoT devices are widely used both in daily life and in corporate and industrial environments. The use of these devices has increased dramatically and by 2030 it is estimated that their usage will rise to 125 billion devices causing enormous flow of information. It is likely that it will also increase distributed denial-of-service (DDoS) attack surface. As IoT devices have limited resources, it is impossible to add additional security structures to it. Therefore, the risk of DDoS attacks by malicious people who can take control of IoT devices, remain extremely high. In this paper, we use the CICDDoS2019 dataset as a dataset that has improved the bugs and introducing a new taxonomy for DDoS attacks, including new classification based on flows network. We propose DDoS attack detection using the deep neural network (DNN) and long short-term memory (LSTM) algorithm. Our results show that it can detect more than 99.90% of all three types of DDoS attacks. The results indicate that deep learning is another option for detecting attacks that may cause disruptions in the future.</span></span>

scholarly journals A cooperative DDoS attack detection scheme based on entropy and ensemble learning in SDN

2021 ◽  
Vol 2021 (1) ◽  
Author(s):  
Shanshan Yu ◽  
Jicheng Zhang ◽  
Ju Liu ◽  
Xiaoqing Zhang ◽  
Yafeng Li ◽  
...  
Keyword(s):  
Ensemble Learning ◽  
Denial Of Service ◽  
Attack Detection ◽  
Coarse Grained ◽  
Communication Overhead ◽  
Detection Scheme ◽  
Fine Grained ◽  
Ddos Attack ◽  
Network Status ◽  
Ddos Attack Detection

AbstractIn order to solve the problem of distributed denial of service (DDoS) attack detection in software-defined network, we proposed a cooperative DDoS attack detection scheme based on entropy and ensemble learning. This method sets up a coarse-grained preliminary detection module based on entropy in the edge switch to monitor the network status in real time and report to the controller if any abnormality is found. Simultaneously, a fine-grained precise attack detection module is designed in the controller, and a ensemble learning-based algorithm is utilized to further identify abnormal traffic accurately. In this framework, the idle computing capability of edge switches is fully utilized with the design idea of edge computing to offload part of the detection task from the control plane to the data plane innovatively. Simulation results of two common DDoS attack methods, ICMP and SYN, show that the system can effectively detect DDoS attacks and greatly reduce the southbound communication overhead and the burden of the controller as well as the detection delay of the attacks.

scholarly journals Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

2018 ◽  
Vol 2018 ◽  
pp. 1-19 ◽  
Author(s):  
Jieren Cheng ◽  
Chen Zhang ◽  
Xiangyan Tang ◽  
Victor S. Sheng ◽  
Zhe Dong ◽  
...  
Keyword(s):  
Detection Method ◽  
Denial Of Service ◽  
Multiple Kernel Learning ◽  
Attack Detection ◽  
Kernel Learning ◽  
Economic Losses ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Multiple Kernel ◽  
Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals DDoS detection and prevention based on artificial intelligence techniques

2019 ◽  
Vol XXII (1) ◽  
pp. 134-143
Author(s):  
Glăvan D.
Keyword(s):  
Artificial Intelligence ◽  
Denial Of Service ◽  
Attack Detection ◽  
Machine Learning Algorithms ◽  
Ddos Attacks ◽  
Great Loss ◽  
Artificial Intelligence Techniques ◽  
Ddos Attack ◽  
Random Forest Tree ◽  
Ddos Attack Detection

Distributed Denial of Service (DDoS) attacks have been the major threats for the Internet and can bring great loss to companies and governments. With the development of emerging technologies, such as cloud computing, Internet of Things (IoT), artificial intelligence techniques, attackers can launch a huge volume of DDoS attacks with a lower cost, and it is much harder to detect and prevent DDoS attacks, because DDoS traffic is similar to normal traffic. Some artificial intelligence techniques like machine learning algorithms have been used to classify DDoS attack traffic and detect DDoS attacks, such as Naive Bayes and Random forest tree. In the paper, we survey on the latest progress on the DDoS attack detection using artificial intelligence techniques and give recommendations on artificial intelligence techniques to be used in DDoS attack detection and prevention.

scholarly journals On the use of information theory metrics for detecting DDoS attacks and flash events: an empirical analysis, comparison, and future directions

2021 ◽  
Vol 48 (4) ◽  
Author(s):  
Jagdeep Singh ◽  
◽  
Navjot Jyoti ◽  
Sunny Behal ◽  
◽  
...  
Keyword(s):  
Information Theory ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
High Rate ◽  
Ddos Attacks ◽  
Operating Characteristics ◽  
Classification Rate ◽  
Ddos Attack ◽  
Ddos Attack Detection

A Distributed Denial of Service (DDoS) attack is one of the lethal threats that can cripple down the computing and communication resources of a web server hosting Internet-based services and applications. It has motivated the researchers over the years to find diversified and robust solutions to combat against DDoS attacks and characterization of flash events (a sudden surge in the legitimate traffic) from HR-DDoS (High-Rate DDoS) attacks. In recent times, the volume of legitimate traffic has also magnified manifolds. It results in behavioral similarities of attack traffic and legitimate traffic that make it very difficult and crucial to differentiate between the two. Predominantly, Netflow-based techniques are in use for detecting and differentiating legitimate and attack traffic flows. Over the last decade, fellow researchers have extensively used distinct information theory metrics for Netflow-based DDoS defense solutions. However, a comprehensive analysis and comparison of these diversified information theory metrics used for particularly DDoS attack detection are needed for a better understanding of the defense systems based on information theory. This paper elucidates the efficacy and effectiveness of information theory-based various entropy and divergence measures in the field of DDoS attack detection. As part of the work, a generalized NetFlow-based methodology has been proposed. The proposed detection methodology has been validated using the traffic traces of various real benchmarked datasets on a set of detection system evaluation metrics such as Detection rate (Recall), Precision, F-Measure, FPR, Classification rate, and Receiver-Operating Characteristics (ROC) curves. It has concluded that generalized divergence-based information theory metrics produce more accuracy in detecting different types of attack flows in contrast to entropy-based information theory metrics.

scholarly journals SIEM-based detection and mitigation of IoT-botnet DDoS attacks

2020 ◽  
Vol 10 (2) ◽  
pp. 2182
Author(s):  
Basheer Al-Duwairi ◽  
Wafaa Al-Kahla ◽  
Mhd Ammar AlRefai ◽  
Yazid Abedalqader ◽  
Abdullah Rawash ◽  
...  
Keyword(s):  
Internet Security ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Event Management ◽  
Ddos Attack ◽  
Different Types ◽  
Security Information ◽  
Iot Devices ◽  
Ddos Attack Detection ◽  
The Internet Of Things

The Internet of Things (IoT) is becoming an integral part of our daily life including health, environment, homes, military, etc. The enormous growth of IoT in recent years has attracted hackers to take advantage of their computation and communication capabilities to perform different types of attacks. The major concern is that IoT devices have several vulnerabilities that can be easily exploited to form IoT botnets consisting of millions of IoT devices and posing significant threats to Internet security. In this context, DDoS attacks originating from IoT botnets is a major problem in today’s Internet that requires immediate attention. In this paper, we propose a Security Information and Event Management-based IoT botnet DDoS attack detection and mitigation system. This system detects and blocks DDoS attack traffic from compromised IoT devices by monitoring specific packet types including TCP SYN, ICMP and DNS packets originating from these devices. We discuss a prototype implementation of the proposed system and we demonstrate that SIEM based solutions can be configured to accurately identify and block malicious traffic originating from compromised IoT devices.

scholarly journals Information Theory-based Approaches to Detect DDoS Attacks on Software-defined Networking Controller a Review

2021 ◽  
Vol 15 ◽  
pp. 83-94
Author(s):  
Mohammad A. Aladaileh ◽  
Mohammed Anbar ◽  
Iznan H. Hasbullah ◽  
Yousef K. Sanjalawe
Keyword(s):  
Information Theory ◽  
Flow Behavior ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Attack Detection ◽  
High Rate ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Ddos Attack Detection ◽  
Low Rate

The number of network users and devices has exponentially increased in the last few decades, giving rise to sophisticated security threats while processing users’ and devices’ network data. Software-Defined Networking (SDN) introduces many new features, but none is more revolutionary than separating the control plane from the data plane. The separation helps DDoS attack detection mechanisms by introducing novel features and functionalities. Since the controller is the most critical part of the SDN network, its ability to control and monitor network traffic flow behavior ensures the network functions properly and smoothly. However, the controller’s importance to the SDN network makes it an attractive target for attackers. Distributed Denial of Service (DDoS) attack is one of the major threats to network security. This paper presents a comprehensive review of information theory-based approaches to detect low-rate and high-rate DDoS attacks on SDN controllers. Additionally, this paper provides a qualitative comparison between this work and the existing reviews on DDoS attack detection approaches using various metrics to highlight this work’s uniqueness. Moreover, this paper provides in-depth discussion and insight into the existing DDoS attack detection approaches to point out their weaknesses that open the avenue for future research directions. Meanwhile, the finding of this paper can be used by other researchers to propose a new or enhanced approach to protect SDN controllers from the threats of DDoS attacks by accurately detecting both low-rate and high-rate DDoS attacks.

scholarly journals An Efficient DDoS Attack Detecting System using Levenberg-Marquardt Based Deep Artificial Neural Network Approach for IOT

2021 ◽  
Vol 10 (3) ◽  
pp. 59-66
Author(s):  
Ahmed Saeed Alzahrani
Keyword(s):  
Neural Network ◽  
Performance Metrics ◽  
Rapid Development ◽  
Denial Of Service ◽  
Attack Detection ◽  
Smart Devices ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Levenberg Marquardt ◽  
Iot Devices

The Internet of Things model envisions the widespread interconnection and collaboration of smart devices over the present and future Internet environment. Threats and attacks against IoT devices and services are on the rise due to their rapid development. Distributed-Denial-of-Service (DDoS) attacks are one of the main dangerous malwares that attack targeted organizations through infected devices. Many mechanisms are developed for IoT devices in order to detect DDoS attacks. Nonetheless, the prevailing DDoS Attack Detection (DAD) methods involve time-delay and a lower detection rate. This paper proposed an efficient approach using the Levenberg-Marquardt Neural Network (LMDANN) algorithm for detecting the DDoS attacks in order to enhance prediction accuracy. In the proposed system, a MapReduce technique is used to eliminate the redundant copies. In addition, the Entropy-based Fisher’s Discriminate Function (ENTFDF) method was developed to reduce the features from the extracted features, and the system suggests an LMDANN algorithm to classify DDoS attack data separately from the normal data. In this, 80% of the data is used for training, and 20% of the data is used for testing. The performance of the proposed LMDANN method was evaluated in contrast to other art of state algorithms (ANN, SVM, KNN, and ANFIS) in terms of some specific qualitative performance metrics (recall, sensitivity, f-measure, specificity, precision, accuracy, and training time). The results show that the proposed detection approach can efficiently detect the DDoS attack in the IoT environment, achieving 96.35% accuracy.

scholarly journals IoT DoS and DDoS Attack Detection using ResNet

2020 ◽  
Author(s):  
Faisal Hussain ◽  
Syed Ghazanfar Abbas ◽  
Muhammad Husnain ◽  
Ubaid U. Fayyaz ◽  
Farrukh Shahzad ◽  
...  
Keyword(s):  
Network Traffic ◽  
State Of The Art ◽  
Binary Classification ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Detection Systems ◽  
Ddos Attack ◽  
Attack Patterns ◽  
Iot Devices

Abstract The network attacks are increasing both in frequency and intensity with the rapid growth of internet of things (IoT) devices. Recently, denial of service (DoS) and distributed denial of service (DDoS) attacks are reported as the most frequent attacks in IoT networks. The traditional security solutions like firewalls, intrusion detection systems, etc., are unable to detect the complex DoS and DDoS attacks since most of them filter the normal and attack traffic based upon the static predefined rules. However, these solutions can become reliable and effective when integrated with artificial intelligence (AI) based techniques. During the last few years, deep learning models especially convolutional neural networks achieved high significance due to their outstanding performance in the image processing field. The potential of these convolutional neural network (CNN) models can be used to efficiently detect the complex DoS and DDoS by converting the network traffic dataset into images. Therefore, in this work, we proposed a methodology to convert the network traffic data into image form and trained a state-of-the-art CNN model, i.e., ResNet over the converted data. The proposed methodology accomplished 99.99\% accuracy for detecting the DoS and DDoS in case of binary classification. Furthermore, the proposed methodology achieved 87\% average precision for recognizing eleven types of DoS and DDoS attack patterns which is 9\% higher as compared to the state-of-the-art.

Sign in / Sign up

Export Citation Format

Share Document