Improving Discriminating Accuracy Rate of DDoS Attacks and Flash Events

2021 ◽  
Vol 11 (4) ◽  
pp. 21-42
Author(s):  
Sahareesh Agha ◽  
Osama Rehman ◽  
Ibrahim M. H. Rahman
Keyword(s):  
Denial Of Service ◽  
Internet Security ◽  
Classification Model ◽  
Traffic Classification ◽  
Ddos Attacks ◽  
Intelligent Network ◽  
Random Forest Algorithm ◽  
Accuracy Rate ◽  
Discrimination Accuracy ◽  
Network Traffic Classification

Internet security has become a big issue with the passage of time. Among many threats, the distributed denial-of-service (DDoS) attack is the most frequent threat in the networks. The purpose of the DDoS attacks is to interrupt service availability provided by different web servers. This results in legitimate users not being able to access the servers and hence facing denial of services. On the other hand, flash events are a high amount of legitimate users visiting a website due to a specific event. Consequences of these attacks are more powerful when launched during flash events, which are legitimate traffic and cause a denial of service. The purpose of this study is to build an intelligent network traffic classification model to improve the discrimination accuracy rate of DDoS attacks from flash events traffic. Weka is adopted as the platform for evaluating the performance of a random forest algorithm.

Network Traffic Classification Using Deep Learning

2020 ◽  
Vol 29 (07n08) ◽  
pp. 2040008
Author(s):  
Lei Chen ◽  
Jian Liu ◽  
Ming Xian
Keyword(s):  
Network Traffic ◽  
Open Data ◽  
Internet Security ◽  
Classification Model ◽  
Traffic Classification ◽  
Test Results ◽  
Data Set ◽  
Internet Applications ◽  
Network Traffic Classification

The large amount of network traffic generated by Internet applications brings great challenges to Internet security. In order to facilitate network management and realize automatic classification of network traffic, this paper proposes a network traffic classification model NTCNET based on CNNs. Use open data set to do simulation verification experiment, then compare the test results with a variety of traditional classification methods. The experimental results shows that the constructed traffic classification model NTCNET has better precision, robustness and accuracy, with an accuracy of 99.66%.

Multi-Aspect DDOS Detection System for Securing Cloud Network

2019 ◽  
pp. 1952-1983
Author(s):  
Pourya Shamsolmoali ◽  
Masoumeh Zareapoor ◽  
M.Afshar Alam
Keyword(s):  
Cloud Computing ◽  
Detection System ◽  
Denial Of Service ◽  
Complex Form ◽  
Internet Security ◽  
Detection Methods ◽  
Ddos Attacks ◽  
Dos Attacks ◽  
Ddos Detection ◽  
Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

TRAWLING TRAFFIC UNDER ATTACK OVERCOMING DDoS ATTACKS BY TARGET-CONTROLLED TRAFFIC FILTERING

2011 ◽  
Vol 22 (05) ◽  
pp. 1073-1098
Author(s):  
SHLOMI DOLEV ◽  
YUVAL ELOVICI ◽  
ALEX KESSELMAN ◽  
POLINA ZILBERMAN
Keyword(s):  
Denial Of Service ◽  
The Internet ◽  
Traffic Classification ◽  
Classification Rules ◽  
Ddos Attacks ◽  
Dos Attack ◽  
Dos Attacks ◽  
Worst Case ◽  
Filtering Algorithm ◽  
Internet Community

As more and more services are provided by servers via the Internet, Denial-of-Service (DoS) attacks pose an increasing threat to the Internet community. A DoS attack overloads the target server with a large volume of adverse requests, thereby rendering the server unavailable to "well-behaved" users. In this paper, we propose two algorithms that allow attack targets to dynamically filter their incoming traffic based on a distributed policy. The proposed algorithms defend the target against DoS and distributed DoS (DDoS) attacks and simultaneously ensure that it continues to serve "well-behaved" users. In a nutshell, a target can define a filtering policy which consists of a set of traffic classification rules and the corresponding amounts of traffic for each rule. A filtering algorithm is enforced by the ISP's routers when a target is being overloaded with traffic. The goal is to maximize the amount of filtered traffic forwarded to the target, according to the filtering policy, from the ISP. The first proposed algorithm is a collaborative algorithm which computes and delivers to the target the best possible traffic mix in polynomial time. The second algorithm is a distributed non-collaborative algorithm for which we prove a lower bound on the worst-case performance.

scholarly journals Intelligent Traffic Classification for Detecting DDoS Attacks using SDN/OpenFlow

2021 ◽  
Author(s):  
◽  
Jarrod Bakker
Keyword(s):  
Denial Of Service ◽  
Network Control ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Network Information ◽  
Ddos Attack ◽  
Machine Learning Methods ◽  
Attack Scenario ◽  
And Control

<p>Distributed denial of service (DDoS) attacks utilise many attacking entities to prevent legitimate use of a resource via consumption. Detecting these attacks is often difficult when using a traditional networking paradigm as network information and control are not centralised. Software-Defined Networking is a recent paradigm that centralises network control, thus improving the ability to gather network information. Traffic classification techniques can leverage the gathered data to detect DDoS attacks.This thesis utilises nmeta2, a SDN-based traffic classification architecture, to study the effectiveness of machine learning methods to detect DDoS attacks. These methods are evaluated on a physical network testbed to demonstrate their application during a DDoS attack scenario.</p>

scholarly journals Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

2021 ◽  
Author(s):  
◽  
Abigail Koay
Keyword(s):  
Information Sharing ◽  
Detection System ◽  
Denial Of Service ◽  
Attack Detection ◽  
Traffic Classification ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Low Intensity ◽  
Ddos Attack ◽  
Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

scholarly journals Network Intrusion Detection Based on an Efficient Neural Architecture Search

Symmetry ◽  
2021 ◽  
Vol 13 (8) ◽  
pp. 1453
Author(s):  
Renjian Lyu ◽  
Mingshu He ◽  
Yu Zhang ◽  
Lei Jin ◽  
Xinlei Wang
Keyword(s):  
Deep Learning ◽  
Intrusion Detection ◽  
Network Traffic ◽  
Traffic Monitoring ◽  
Classification Model ◽  
Network Intrusion Detection ◽  
Traffic Classification ◽  
Neural Architecture ◽  
Network Intrusion ◽  
Network Traffic Classification

Deep learning has been applied in the field of network intrusion detection and has yielded good results. In malicious network traffic classification tasks, many studies have achieved good performance with respect to the accuracy and recall rate of classification through self-designed models. In deep learning, the design of the model architecture greatly influences the results. However, the design of the network model architecture usually requires substantial professional knowledge. At present, the focus of research in the field of traffic monitoring is often directed elsewhere. Therefore, in the classification task of the network intrusion detection field, there is much room for improvement in the design and optimization of the model architecture. A neural architecture search (NAS) can automatically search the architecture of the model under the premise of a given optimization goal. For this reason, we propose a model that can perform NAS in the field of network traffic classification and search for the optimal architecture suitable for traffic detection based on the network traffic dataset. Each layer of our depth model is constructed according to the principle of maximum coding rate attenuation, which has strong consistency and symmetry in structure. Compared with some manually designed network architectures, classification indicators, such as Top-1 accuracy and F1 score, are also greatly improved while ensuring the lightweight nature of the model. In addition, we introduce a surrogate model in the search task. Compared to using the traditional NAS model to search the network traffic classification model, our NAS model greatly improves the search efficiency under the premise of ensuring that the results are not substantially different. We also manually adjust some operations in the search space of the architecture search to find a set of model operations that are more suitable for traffic classification. Finally, we apply the searched model to other traffic datasets to verify the universality of the model. Compared with several common network models in the traffic field, the searched model (NAS-Net) performs better, and the classification effect is more accurate.

scholarly journals An Improved Network Traffic Classification Model Based on a Support Vector Machine

Symmetry ◽  
2020 ◽  
Vol 12 (2) ◽  
pp. 301 ◽  
Author(s):  
Jie Cao ◽  
Da Wang ◽  
Zhaoyang Qu ◽  
Hongyu Sun ◽  
Bin Li ◽  
...  
Keyword(s):  
Support Vector Machine ◽  
Feature Selection ◽  
Network Traffic ◽  
Feature Selection Method ◽  
Selection Method ◽  
Classification Model ◽  
Support Vector ◽  
Traffic Classification ◽  
Generalization Ability ◽  
Network Traffic Classification

Network traffic classification based on machine learning is an important branch of pattern recognition in computer science. It is a key technology for dynamic intelligent network management and enhanced network controllability. However, the traffic classification methods still facing severe challenges: The optimal set of features is difficult to determine. The classification method is highly dependent on the effective characteristic combination. Meanwhile, it is also important to balance the experience risk and generalization ability of the classifier. In this paper, an improved network traffic classification model based on a support vector machine is proposed. First, a filter-wrapper hybrid feature selection method is proposed to solve the false deletion of combined features caused by a traditional feature selection method. Second, to balance the empirical risk and generalization ability of support vector machine (SVM) traffic classification model, an improved parameter optimization algorithm is proposed. The algorithm can dynamically adjust the quadratic search area, reduce the density of quadratic mesh generation, improve the search efficiency of the algorithm, and prevent the over-fitting while optimizing the parameters. The experiments show that the improved traffic classification model achieves higher classification accuracy, lower dimension and shorter elapsed time and performs significantly better than traditional SVM and the other three typical supervised ML algorithms.

scholarly journals A Novel Way to Generate Adversarial Network Traffic Samples against Network Traffic Classification

2021 ◽  
Vol 2021 ◽  
pp. 1-12
Author(s):  
Yongjin Hu ◽  
Jin Tian ◽  
Jun Ma
Keyword(s):  
Neural Networks ◽  
Convolutional Neural Networks ◽  
Image Recognition ◽  
Network Traffic ◽  
Classification Model ◽  
Traffic Classification ◽  
Deep Convolutional Neural Networks ◽  
Adversarial Network ◽  
Network Traffic Classification ◽  
Normal Network

Network traffic classification technologies could be used by attackers to implement network monitoring and then launch traffic analysis attacks or website fingerprint attacks. In order to prevent such attacks, a novel way to generate adversarial samples of network traffic from the perspective of the defender is proposed. By adding perturbation to the normal network traffic, a kind of adversarial network traffic is formed, which will cause misclassification when the attackers are implementing network traffic classification with deep convolutional neural networks (CNN) as a classification model. The paper uses the concept of adversarial samples in image recognition for reference to the field of network traffic classification and chooses several different methods to generate adversarial samples of network traffic. The experiment, in which the LeNet-5 CNN is selected as a classification model used by attackers and Vgg16 CNN is selected as the model to test the transferability of the adversarial network traffic generated, shows the effect of the adversarial network traffic samples.

scholarly journals Feature Selection Techniques Cloud DDOS Attack Detection

2019 ◽  
Vol 8 (12) ◽  
pp. 1257-1260
Keyword(s):  
Cloud Computing ◽  
Network Traffic ◽  
Denial Of Service ◽  
Attack Detection ◽  
False Alarms ◽  
Traffic Classification ◽  
Ddos Attack ◽  
Network Intrusion ◽  
Network Traffic Classification ◽  
Ddos Attack Detection

The ongoing progression of Cloud Computing, it gives different services to together hierarchical as well as singular users, for example, shared computing resources, storage, networking and so on interest. The most well-known sort of attack on Cloud-computing is Distributed Denial of Service- (DDoS) Attack. DDoS attack is an bother which makes resources inaccessible to the client by trading off enormous no of system called bots. This paper proposes systems to create an ideal network traffic feature set for network intrusion detection. The proposed system shows that a reliable set of features are chosen for a given dataset. The outcomes demonstrate that the proposed procedure yields a set of features that, when utilized for network traffic classification, yields low quantities of false alarms.

Sign in / Sign up

Export Citation Format

Share Document