Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

Mapping Intimacies ◽

10.4018/978-1-6684-3666-0.ch048 ◽

2022 ◽

pp. 1078-1096

Author(s):

Maryam Ghanbari ◽

Witold Kinsner

Keyword(s):

Smart Grid ◽

Input Data ◽

Denial Of Service ◽

Support Vector ◽

Discrete Wavelet ◽

Ddos Attacks ◽

Ddos Attack ◽

Infrastructure Services ◽

Distinguishing Features

Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.

Download Full-text

Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

International Journal of Cognitive Informatics and Natural Intelligence ◽

10.4018/ijcini.2020010102 ◽

2020 ◽

Vol 14 (1) ◽

pp. 17-34

Author(s):

Maryam Ghanbari ◽

Witold Kinsner

Keyword(s):

Smart Grid ◽

Input Data ◽

Denial Of Service ◽

Support Vector ◽

Discrete Wavelet ◽

Ddos Attacks ◽

Ddos Attack ◽

Infrastructure Services ◽

Distinguishing Features

Download Full-text

DDoS Attacks and Their Types

Network Security Attacks and Countermeasures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-8761-5.ch007 ◽

2016 ◽

pp. 197-205 ◽

Cited By ~ 1

Author(s):

Dileep Kumar

Keyword(s):

Large Scale ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Network Resource ◽

Financial Trading ◽

Ddos Attack ◽

Site Access ◽

Gain Access

Billions of people rely on internet to discover and share ideas with the world. However, the websites are vulnerable to deliver the attacks, preventing people to access them. The recent study of global surveys showed that DDoS Attacks evolved in strategy and tactics. A Distributed Denial of Service (DDoS) attack is a new emerging bigger threat that target organization's business critical services such as e-commerce transactions, financial trading, email or web site access. A DDoS attack is a large-scale, coordinated attack on the availability of services of a victim system or network resource, launched indirectly through many compromised computers on the Internet. To create attacks, attackers first discover vulnerable sites or hosts on the network. Then vulnerable hosts are exploited by attackers who use their vulnerability to gain access to these hosts. This chapter deals with the introduction, architecture and classification of DDoS Attacks.

Download Full-text

Machine Learning Classification of Port Scanning and DDoS Attacks: A Comparative Analysis

Mehran University Research Journal of Engineering and Technology ◽

10.22581/muet1982.2101.19 ◽

2021 ◽

Vol 40 (1) ◽

pp. 215-229

Author(s):

Muhammad Aamir ◽

Syed Sajjad Hussain Rizvi ◽

Manzoor Ahmed Hashmani ◽

Muhammad Zubair ◽

Jawwad Ahmed . Usman

Keyword(s):

Machine Learning ◽

Comparative Analysis ◽

Denial Of Service ◽

Learning Algorithms ◽

Machine Learning Algorithms ◽

Subjective Rating ◽

Support Vector ◽

Ddos Attacks ◽

Testing Accuracy

Cyber security is one of the major concerns of today’s connected world. For all the platforms of today’s communication technology such as wired, wireless, local and remote access, the hackers are present to corrupt the system functionalities, circumvent the security measures and steal sensitive information. Amongst many techniques of hackers, port scanning and Distributed Denial of Service (DDoS) attacks are very common. In this paper, the benefits of machine learning are taken into consideration for classification of port scanning and DDoS attacks in a mix of normal and attack traffic. Different machine learning algorithms are trained and tested on a recently published benchmark dataset (CICIDS2017) to identify the best performing algorithms on the data which contains more recent vectors of port scanning and DDoS attacks. The classification results show that all the variants of discriminant analysis and Support Vector Machine (SVM) provide good testing accuracy i.e. more than 90%. According to a subjective rating criterion mentioned in this paper, 9 algorithms from a set of machine learning experiments receive the highest rating (good) as they provide more than 85% classification (testing) accuracy out of 22 total algorithms. This comparative analysis is further extended to observe training performance of machine learning models through k-fold cross validation, Area Under Curve (AUC) analysis of the Receiver Operating Characteristic (ROC) curves, and dimensionality reduction using the Principal Component Analysis (PCA). To the best of our knowledge, a comprehensive comparison of various machine learning algorithms on CICIDS2017 dataset is found to be deficient for port scanning and DDoS attacks while considering such recent features of attack.

Download Full-text

Advanced Support Vector Machine- (ASVM-) Based Detection for Distributed Denial of Service (DDoS) Attack on Software Defined Networking (SDN)

Journal of Computer Networks and Communications ◽

10.1155/2019/8012568 ◽

2019 ◽

Vol 2019 ◽

pp. 1-12 ◽

Cited By ~ 6

Author(s):

Myo Myint Oo ◽

Sinchai Kamolphiwong ◽

Thossaporn Kamolphiwong ◽

Sangsuree Vasupongayya

Keyword(s):

Support Vector Machine ◽

Denial Of Service ◽

Detection Technique ◽

Support Vector ◽

Testing Time ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Training Time ◽

Ddos Attack ◽

Advanced Support

Software Defined Networking (SDN) has many advantages over a traditional network. The great advantage of SDN is that the network control is physically separated from forwarding devices. SDN can solve many security issues of a legacy network. Nevertheless, SDN has many security vulnerabilities. The biggest issue of SDN vulnerabilities is Distributed Denial of Service (DDoS) attack. The DDoS attack on SDN becomes an important problem, and varieties of methods had been applied for detection and mitigation purposes. The objectives of this paper are to propose a detection method of DDoS attacks by using SDN based technique that will disturb the legitimate user's activities at the minimum and to propose Advanced Support Vector Machine (ASVM) technique as an enhancement of existing Support Vector Machine (SVM) algorithm to detect DDoS attacks. ASVM technique is a multiclass classification method consisting of three classes. In this paper, we can successfully detect two types of flooding-based DDoS attacks. Our detection technique can reduce the training time as well as the testing time by using two key features, namely, the volumetric and the asymmetric features. We evaluate the results by measuring a false alarm rate, a detection rate, and accuracy. The detection accuracy of our detection technique is approximately 97% with the fastest training time and testing time.

Download Full-text

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Sustainability ◽

10.3390/su12031035 ◽

2020 ◽

Vol 12 (3) ◽

pp. 1035 ◽

Cited By ~ 9

Author(s):

Huseyin Polat ◽

Onur Polat ◽

Aydin Cetin

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Denial Of Service ◽

Attack Detection ◽

Critical Threshold ◽

Support Vector ◽

Ddos Attacks ◽

Selection Methods ◽

Training Time ◽

Ddos Attack

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

Download Full-text

Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

Journal of Control Science and Engineering ◽

10.1155/2013/821315 ◽

2013 ◽

Vol 2013 ◽

pp. 1-6 ◽

Cited By ~ 9

Author(s):

Tongguang Ni ◽

Xiaoqing Gu ◽

Hongyuan Wang ◽

Yu Li

Keyword(s):

Time Series ◽

Denial Of Service ◽

Support Vector ◽

Svm Classifier ◽

Ddos Attacks ◽

Application Layer ◽

Ip Address ◽

Detection Systems ◽

Ddos Attack ◽

Novel Approach

Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

Download Full-text

Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Security and Communication Networks ◽

10.1155/2018/5198685 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 8

Author(s):

Jieren Cheng ◽

Chen Zhang ◽

Xiangyan Tang ◽

Victor S. Sheng ◽

Zhe Dong ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Multiple Kernel Learning ◽

Attack Detection ◽

Kernel Learning ◽

Economic Losses ◽

Ddos Attacks ◽

Ddos Attack ◽

Multiple Kernel ◽

Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

Download Full-text

Reducing distributed denial of service (DDoS) attacks using client puzzle mechanism

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.1.9473 ◽

2017 ◽

Vol 7 (1.1) ◽

pp. 230

Author(s):

C. Vasan Sai Krishna ◽

Y. Bhuvana ◽

P. Pavan Kumar ◽

R. Murugan

Keyword(s):

Denial Of Service ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Dos Attack ◽

Computing Power ◽

Server Side ◽

Ddos Attack ◽

Client Machine ◽

Client Side

In a typical DoS attack, the attacker tries to bring the server down. In this case, the attacker sends a lot of bogus queries to the server to consume its computing power and bandwidth. As the server’s bandwidth and computing power are always greater than attacker’s client machine, He seeks help from a group of connected computers. DDoS attack involves a lot of client machines which are hijacked by the attacker (together called as botnet). As the server handles all these requests sent by the attacker, all its resources get consumed and it cannot provide services. In this project, we are more concerned about reducing the computing power on the server side by giving the client a puzzle to solve. To prevent such attacks, we use client puzzle mechanism. In this mechanism, we introduce a client-side puzzle which demands the machine to perform tasks that require more resources (computation power). The client’s request is not directly sent to the server. Moreover, there will be an Intermediate Server to monitor all the requests that are being sent to the main server. Before the client’s request is sent to the server, it must solve a puzzle and send the answer. Intermediate Server is used to validate the answer and give access to the client or block the client from accessing the server.

Download Full-text

RESEARCH OF THE ISSUES OF IMPROVEMENT OF PROTECTION SYSTEMS AGAINST DDOS-ATTACKS BASED ON THE COMPREHENSIVE ANALYSIS OF MODERN INTERACTION MECHANISMS

CASPIAN JOURNAL Control and High Technologies ◽

10.21672/2074-1707.2021.53.1.063-074 ◽

2021 ◽

Vol 53 (1) ◽

pp. 63-74

Author(s):

DMITRIY A. BACHMANOV ◽

◽

ANDREY R. OCHEREDKO ◽

MICHAEL M. PUTYATO ◽

ALEXANDER S. MAKARYAN ◽

...

Keyword(s):

Denial Of Service ◽

Comprehensive Analysis ◽

Cyber Attacks ◽

Ddos Attacks ◽

Network Resources ◽

Combined Use ◽

Service Type ◽

Protection Systems ◽

Comparison Criteria

The article presents the results of an analysis of the growth in the development of botnet networks and new cyber threats when they are used by cybercriminals. A review and comparison of the models for the implementation of botnet networks is carried out, as a result of which there are two main types. The main types of attacks carried out using the infrastructure of distributed computer networks are identified and classified, formed into 7 main groups, taking into account the relevance, prevalence and amount of damage. Based on the results of the analysis, it was determined that the most widespread and relevant type of attack is “Denial of Service”. The article presents a classification of services that provide services to ensure the protection of network resources from distributed attacks by the "Denial of Service" type, by the type of deployment, the level of security and the types of services provided. The comparison criteria are given taking into account their infrastructure, availability of technical support and a test period, available types of protection, capabilities, additional options, notification and reporting, as well as licensing. Practically implemented and shown a way to integrate the DDoS-Guard Protection service with an additional module at the application level, which made it possible to expand the methods of protection against DDoS attacks. Various modifications of the combined use of the module and the modified system make it possible to increase the expected level of detection and prevention of cyber - attacks.

Download Full-text

Cluster-Based Countermeasures for DDoS Attacks

Network Security Attacks and Countermeasures - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-4666-8761-5.ch008 ◽

2016 ◽

pp. 206-227

Author(s):

Mohammad Jabed Morshed Chowdhury ◽

Dileep Kumar G

Keyword(s):

Unsupervised Learning ◽

Network Traffic ◽

Denial Of Service ◽

Security Threats ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Ddos Attack ◽

Real Progress ◽

Bandwidth Capacity

Distributed Denial of Service (DDoS) attack is considered one of the major security threats in the current Internet. Although many solutions have been suggested for the DDoS defense, real progress in fighting those attacks is still missing. In this chapter, the authors analyze and experiment with cluster-based filtering for DDoS defense. In cluster-based filtering, unsupervised learning is used to create profile of the network traffic. Then the profiled traffic is passed through the filters of different capacity to the servers. After applying this mechanism, the legitimate traffic will get better bandwidth capacity than the malicious traffic. Thus the effect of bad or malicious traffic will be lesser in the network. Before describing the proposed solutions, a detail survey of the different DDoS countermeasures have been presented in the chapter.

Download Full-text