A Novel OpenFlow-Based DDoS Flooding Attack Detection and Response Mechanism in Software-Defined Networking

2015 ◽  
Vol 9 (3) ◽  
pp. 21-40 ◽  
Author(s):  
Rui Wang ◽  
Zhiyong Zhang ◽  
Lei Ju ◽  
Zhiping Jia
Keyword(s):  
False Positive Rate ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Response Mechanism ◽  
Ip Traceback ◽  
Detection Model ◽  
Flooding Attack ◽  
Positive Rate

Software-Defined Networking (SDN) and OpenFlow have brought a promising architecture for the future networks. However, there are still a lot of security challenges to SDN. To protect SDN from the Distributed denial-of-service (DDoS) flooding attack, this paper extends the flow entry counters and adds a mark action of OpenFlow, then proposes an entropy-based distributed attack detection model, a novel IP traceback and source filtering response mechanism in SDN with OpenFlow-based Deterministic Packet Marking. It achieves detecting the attack at the destination and filtering the malicious traffic at the source and can be easily implemented in SDN controller program, software or programmable switch, such as Open vSwitch and NetFPGA. The experimental results show that this scheme can detect the attack quickly, achieve a high detection accuracy with a low false positive rate, shield the victim from attack traffic and also avoid the attacker consuming resource and bandwidth on the intermediate links.

scholarly journals Accurately Identifying New QoS Violation Driven by High-Distributed Low-Rate Denial of Service Attacks Based on Multiple Observed Features

2015 ◽  
Vol 2015 ◽  
pp. 1-11 ◽  
Author(s):  
Jian Kang ◽  
Mei Yang ◽  
Junyao Zhang
Keyword(s):  
Network Traffic ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Threshold Value ◽  
Detection Accuracy ◽  
Packet Header ◽  
Positive Rate ◽  
Spectrum Density ◽  
Microscopic Feature ◽  
Low Rate

We propose using multiple observed features of network traffic to identify new high-distributed low-rate quality of services (QoS) violation so that detection accuracy may be further improved. For the multiple observed features, we chooseF featurein TCP packet header as a microscopic feature and,P featureandD featureof network traffic as macroscopic features. Based on these features, we establishmultistream fused hidden Markov model(MF-HMM) to detect stealthy low-rate denial of service (LDoS) attacks hidden in legitimate network background traffic. In addition, the threshold value is dynamically adjusted by using Kaufman algorithm. Our experiments show that the additive effect of combining multiple features effectively reduces the false-positive rate. The average detection rate of MF-HMM results in a significant 23.39% and 44.64% improvement over typical power spectrum density (PSD) algorithm and nonparametric cumulative sum (CUSUM) algorithm.

Detection of Drive-by Download Attacks Using Machine Learning Approach

2020 ◽  
pp. 1598-1611
Author(s):  
Monther Aldwairi ◽  
Musaab Hasan ◽  
Zayed Balbahaith
Keyword(s):  
Machine Learning ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Web Pages ◽  
Financial Loss ◽  
Detection Model ◽  
Detection Systems ◽  
Novel Approach ◽  
Positive Rate ◽  
Using Data

Drive-by download refers to attacks that automatically download malwares to user's computer without his knowledge or consent. This type of attack is accomplished by exploiting web browsers and plugins vulnerabilities. The damage may include data leakage leading to financial loss. Traditional antivirus and intrusion detection systems are not efficient against such attacks. Researchers proposed plenty of detection approaches mostly passive blacklisting. However, a few proposed dynamic classification techniques, which suffer from clear shortcomings. In this paper, we propose a novel approach to detect drive-by download infected web pages based on extracted features from their source code. We test 23 different machine learning classifiers using data set of 5435 webpages and based on the detection accuracy we selected the top five to build our detection model. The approach is expected to serve as a base for implementing and developing anti drive-by download programs. We develop a graphical user interface program to allow the end user to examine the URL before visiting the website. The Bagged Trees classifier exhibited the highest accuracy of 90.1% and reported 96.24% true positive and 26.07% false positive rate.

scholarly journals MADFU: An Improved Malicious Application Detection Method Based on Features Uncertainty

Entropy ◽  
2020 ◽  
Vol 22 (7) ◽  
pp. 792
Author(s):  
Hongli Yuan ◽  
Yongchuan Tang
Keyword(s):  
False Positive Rate ◽  
Regression Function ◽  
Detection Accuracy ◽  
Detection Model ◽  
Android Apps ◽  
Positive Rate ◽  
Android App ◽  
Android Applications ◽  
Malicious Apps ◽  
Static Detection

Millions of Android applications (apps) are widely used today. Meanwhile, the number of malicious apps has increased exponentially. Currently, there are many security detection technologies for Android apps, such as static detection and dynamic detection. However, the uncertainty of the features in detection is not considered sufficiently in these technologies. Permissions play an important role in the security detection of Android apps. In this paper, a malicious application detection model based on features uncertainty (MADFU) is proposed. MADFU uses logistic regression function to describe the input (permissions) and output (labels) relationship. Moreover, it uses the Markov chain Monte Carlo (MCMC) algorithm to solve features’ uncertainty. After experimenting with 2037 samples, for malware detection, MADFU achieves an accuracy of up to 95.5%, and the false positive rate (FPR) is 1.2%. MADFU’s Android app detection accuracy is higher than the accuracy of directly using 24 dangerous permission. The results also indicate that the method for an unknown/new sample’s detection accuracy is 92.7%. Compared to other state-of-the-art approaches, the proposed method is more effective and efficient, by detecting malware.

Detection of Drive-by Download Attacks Using Machine Learning Approach

2017 ◽  
Vol 11 (4) ◽  
pp. 16-28 ◽  
Author(s):  
Monther Aldwairi ◽  
Musaab Hasan ◽  
Zayed Balbahaith
Keyword(s):  
Machine Learning ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Financial Loss ◽  
Data Set ◽  
Detection Model ◽  
Detection Systems ◽  
Novel Approach ◽  
Positive Rate ◽  
Using Data

Drive-by download refers to attacks that automatically download malwares to user's computer without his knowledge or consent. This type of attack is accomplished by exploiting web browsers and plugins vulnerabilities. The damage may include data leakage leading to financial loss. Traditional antivirus and intrusion detection systems are not efficient against such attacks. Researchers proposed plenty of detection approaches mostly passive blacklisting. However, a few proposed dynamic classification techniques, which suffer from clear shortcomings. In this paper, we propose a novel approach to detect drive-by download infected web pages based on extracted features from their source code. We test 23 different machine learning classifiers using data set of 5435 webpages and based on the detection accuracy we selected the top five to build our detection model. The approach is expected to serve as a base for implementing and developing anti drive-by download programs. We develop a graphical user interface program to allow the end user to examine the URL before visiting the website. The Bagged Trees classifier exhibited the highest accuracy of 90.1% and reported 96.24% true positive and 26.07% false positive rate.

scholarly journals Efficient Detection of Large-Scale Multimedia Network Information Data Anomalies Based on the Rule-Extracting Matrix Algorithm

2021 ◽  
Vol 2021 ◽  
pp. 1-7
Author(s):  
Jie Zhao
Keyword(s):  
Large Scale ◽  
False Positive Rate ◽  
Detection Accuracy ◽  
Network Information ◽  
Matrix Algorithm ◽  
Efficient Detection ◽  
Sample Data ◽  
Multimedia Social Networks ◽  
Positive Rate ◽  
Rule Extracting

With the continuous development of multimedia social networks, online public opinion information is becoming more and more popular. The rule extraction matrix algorithm can effectively improve the probability of information data to be tested. The network information data abnormality detection is realized through the probability calculation, and the prior probability is calculated, to realize the detection of abnormally high network data. Practical results show that the rule-extracting matrix algorithm can effectively control the false positive rate of sample data, the detection accuracy is improved, and it has efficient detection performance.

The Study of the Ontology and Context Verification Based Intrusion Detection Model

2014 ◽  
Vol 644-650 ◽  
pp. 3338-3341 ◽  
Author(s):  
Guang Feng Guo
Keyword(s):  
Intrusion Detection ◽  
Knowledge Base ◽  
False Positive ◽  
Intrusion Detection System ◽  
Detection System ◽  
False Positive Rate ◽  
False Positives ◽  
The Real ◽  
Detection Model ◽  
Positive Rate

During the 30-year development of the Intrusion Detection System, the problems such as the high false-positive rate have always plagued the users. Therefore, the ontology and context verification based intrusion detection model (OCVIDM) was put forward to connect the description of attack’s signatures and context effectively. The OCVIDM established the knowledge base of the intrusion detection ontology that was regarded as the center of efficient filtering platform of the false alerts to realize the automatic validation of the alarm and self-acting judgment of the real attacks, so as to achieve the goal of filtering the non-relevant positives alerts and reduce false positives.

scholarly journals An Enhanced Multimedia Video Surveillance Security Using Wavelet Encryption Framework

2020 ◽  
Author(s):  
Velliangiri S
Keyword(s):  
Wavelet Transform ◽  
False Positive Rate ◽  
Digital Data ◽  
Detection Accuracy ◽  
Detection Time ◽  
Arbitrary Permutation ◽  
Secret Keys ◽  
Positive Rate ◽  
Cae System ◽  
Distortion Rate

Multimedia digital data include medical record and financial documents, which are not guaranteed with security. The concerns for security of multimedia digital data is been a widespread issue in the field of cybernetics. With increasing malwares in video payloads, the proposed study aims to reduce the embedding of malwares using Pseudo Arbitrary Permutation based Cellular Automata Encryption (PAP-CAE) System in video payloads. This method reduces the malware attacks and distortion rate by permuting the secret keys with Pseudo arbitrary permutation. Before the application of PAP-CAE, 2D wavelet transform is applied on the multimedia files that compresses the complex files into different scales and position to be transmitted via a network with reduced size. Simultaneously, it performs the process of decryption and decompression to retrieve the original files. The proposed method is evaluated against existing methods to test its efficacy in terms of detection accuracy, detection time of malwares and false positive rate. The result shows that the proposed method is effective against the detection of malwares in multimedia video files.

scholarly journals Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)

2018 ◽  
Vol 218 ◽  
pp. 02012 ◽  
Author(s):  
Mohammad A. AL-Adaileh ◽  
Mohammed Anbar ◽  
Yung-Wey Chong ◽  
Ahmed Al-Ani
Keyword(s):  
Statistical Analysis ◽  
Denial Of Service ◽  
Attack Detection ◽  
Detection Accuracy ◽  
Ddos Attacks ◽  
Large Area ◽  
Network Resources ◽  
Network Resource ◽  
High Bandwidth ◽  
Sdn Controller

Software-defined networkings (SDNs) have grown rapidly in recent years be-cause of SDNs are widely used in managing large area networks and securing networks from Distributed Denial of Services (DDoS) attacks. SDNs allow net-works to be monitored and managed through centralized controller. Therefore, SDN controllers are considered as the brain of networks and are considerably vulnerable to DDoS attacks. Thus, SDN controller suffer from several challenges that exhaust network resources. For SDN controller, the main target of DDoS attacks is to prevent legitimate users from using a network resource or receiving their services. Nevertheless, some approaches have been proposed to detect DDoS attacks through the examination of the traffic behavior of networks. How-ever, these approaches take too long to process all incoming packets, thereby leading to high bandwidth consumption and delays in the detection of DDoS at-tacks. In addition, most existing approaches for the detection of DDoS attacks suffer from high positive/negative false rates and low detection accuracy. This study proposes a new approach to detecting DDoS attacks. The approach is called the statistical-based approach for detecting DDoS against the controllers of software-defined networks. The proposed approach is designed to detect the presence of DDoS attacks accurately, reduce false positive/negative flow rates, and minimize the complexity of targeting SDN controllers according to a statistical analysis of packet features. The proposed approach passively captures net-work traffic, filters traffic, and selects the most significant features that contribute to DDoS attack detection. The general stages of the proposed approach are (i) da-ta preprocessing, (ii) statistical analysis, (iii) correlation identification between two vectors, and (iv) rule-based DDoS detection.

The HTTP Flooding Attack Detection to Secure and Safeguard Online Applications in the Cloud

2019 ◽  
Vol 10 (3) ◽  
pp. 41-58
Author(s):  
Dhanapal A ◽  
Nithyanandam P
Keyword(s):  
Linear Prediction ◽  
Denial Of Service ◽  
Attack Detection ◽  
Healthcare Applications ◽  
Normal Behaviour ◽  
Data Set ◽  
Denial Of Service Attack ◽  
Flooding Attack ◽  
Cloud Properties ◽  
Service Attack

Cloud computing is the cutting edge and has become inevitable in all forms of computing. This is due to its nature of elasticity, cost-effectiveness, availability, etc. The online applications like e-commerce, and e-healthcare applications are moving to the cloud to reduce their operational cost. These applications have the vulnerability of a HTTP flooding Distributed Denial of Service attack in the cloud. This flooding attack aims to overload the application, making it unable to process genuine requests and bring it down. So, these applications need to be secured and safeguarded against such attacks. This HTTP flooding attack is one of the key challenging issues as it shows normal behaviour with regard to all lower networking layers like TCP 3-way handshaking by mimicking genuine requests and it is even harder in the cloud due to the cloud properties. This article offers a solution for detecting a HTTP flooding attack in the cloud by using the novel TriZonal Linear Prediction (TLP) model. The solution was implemented using OpenStack and the FIFA Worldcup '98 data set for experimentation.

Sign in / Sign up

Export Citation Format

Share Document