Dual-Level Attack Detection, Characterization and Response for Networks Under DDoS Attacks

DDoS attacks aim to deny legitimate users of the services. In this paper, the authors introduce dual - level attack detection (D-LAD) scheme for defending against the DDoS attacks. At higher and coarse level, the macroscopic level detectors (MaLAD) attempt to detect congestion inducing attacks which cause apparent slowdown in network functionality. At lower and fine level, the microscopic level detectors (MiLAD) detect sophisticated attacks that cause network performance to degrade gracefully and stealth attacks that remain undetected in transit domain and do not impact the victim. The response mechanism then redirects the suspicious traffic of anomalous flows to honeypot trap for further evaluation. It selectively drops the attack packets and minimizes collateral damage in addressing the DDoS problem. Results demonstrate that this scheme is very effective and provides the quite demanded solution to the DDoS problem.

Download Full-text

DDOS ATTACK DETECTION AND MITIGATION AT SDN ENVIROMENT

Iraqi Journal of Information & Communications Technology ◽

10.31987/ijict.4.1.115 ◽

2021 ◽

Vol 4 (1) ◽

pp. 1-9

Author(s):

Huda S. Abdulkarem ◽

Ammar D. Alethawy

Keyword(s):

Network Performance ◽

Denial Of Service ◽

Attack Detection ◽

Normal Operation ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Negative Effects ◽

Network Infrastructure ◽

Ddos Attack ◽

Negative Impacts

Abstract- Software-Defined Networking (SDN) is a promising sample that allows the programming behind the network’s operation with some abstraction level from the underlying networking devices .the insistence to detect and mitigate Distributed Denial of Service (DDoS) which introduced by network devices tries to discover network security weaknesses and the negative effects of some types of Distributed Denial of Service (DDoS) attacks. An SDN-based generic solution to mitigate DDoS attacks when and where they originate. Briefly, it compares at runtime the expected trend of normal traffic against the trend of abnormal traffic; if big deviation on the traffic trend is detected, then an event is created; as an event associated to a DDoS attack is produced, an SDN (OpenDayLight) controller creates flow rules for blocking the malign traffic, By designing and implementing an application that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. The evaluation results suggest that the proposal timely detect the characteristics of a flooding DDoS attacks, and mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. The work sheds light on the programming relevance over an abstracted view of the network infrastructure.

Download Full-text

Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Security and Communication Networks ◽

10.1155/2018/5198685 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 8

Author(s):

Jieren Cheng ◽

Chen Zhang ◽

Xiangyan Tang ◽

Victor S. Sheng ◽

Zhe Dong ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Multiple Kernel Learning ◽

Attack Detection ◽

Kernel Learning ◽

Economic Losses ◽

Ddos Attacks ◽

Ddos Attack ◽

Multiple Kernel ◽

Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

Download Full-text

SOFT COMPUTING BASED AUTONOMOUS LOW RATE DDOS ATTACK DETECTION AND SECURITY FOR CLOUD COMPUTING

Journal of Soft Computing Paradigm - September 2019 ◽

10.36548/jscp.2019.2.003 ◽

2019 ◽

Vol 2019 (2) ◽

pp. 80-90 ◽

Cited By ~ 4

Author(s):

Mugunthan S. R.

Keyword(s):

Cloud Computing ◽

Soft Computing ◽

High Speed ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Counter Measures ◽

Cloud Architecture ◽

Ddos Attack Detection ◽

Low Rate

The fundamental advantage of the cloud environment is its instant scalability in rendering the service according to the various demands. The recent technological growth in the cloud computing makes it accessible to people from everywhere at any time. Multitudes of user utilizes the cloud platform for their various needs and store their complete details that are personnel as well as confidential in the cloud architecture. The storage of the confidential information makes the cloud architecture attractive to its hackers, who aim in misusing the confidential/secret information’s. The misuse of the services and the resources of the cloud architecture has become a common issue in the day to day usage due to the DDOS (distributed denial of service) attacks. The DDOS attacks are highly mature and continue to grow at a high speed making the detecting and the counter measures a challenging task. So the paper uses the soft computing based autonomous detection for the Low rate-DDOS attacks in the cloud architecture. The proposed method utilizes the hidden Markov Model for observing the flow in the network and the Random forest in classifying the detected attacks from the normal flow. The proffered method is evaluated to measure the performance improvement attained in terms of the Recall, Precision, specificity, accuracy and F-measure.

Download Full-text

Traffic Classification Features and its Application in DDoS Detection

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.380-384.2673 ◽

2013 ◽

Vol 380-384 ◽

pp. 2673-2676

Author(s):

Ze Yu Xiong

Keyword(s):

Detection Method ◽

Single Point ◽

Attack Detection ◽

Traffic Classification ◽

Ddos Attacks ◽

Detection Scheme ◽

Ddos Detection ◽

Point Detection ◽

Ddos Attack Detection ◽

Collaborative Detection

DDoS attacks have relatively low proportion of normal flow in the boundary network at the attack traffic,In this paper,we establish DDoS attack detection method based on defense stage and defensive position, and design and implement collaborative detection of DDoS attacks. Simulation results show that our approach has good timeliness, accuracy and scalability than the single-point detection and route-based distributed detection scheme.

Download Full-text

Teaching and Learning Electricity: The Relations Between Macroscopic Level Observations and Microscopic Level Theories

International Handbook of Research in History, Philosophy and Science Teaching ◽

10.1007/978-94-007-7654-8_5 ◽

2013 ◽

pp. 129-156 ◽

Cited By ~ 11

Author(s):

Jenaro Guisasola

Keyword(s):

Teaching And Learning ◽

Microscopic Level ◽

Macroscopic Level

Download Full-text

Hypokinetic Movement Disorders: Parkinson Disease

10.1093/med/9780197512166.003.0069 ◽

2021 ◽

pp. 576-582

Author(s):

Sarah M. Tisel ◽

Bryan T. Klassen

Keyword(s):

Cell Death ◽

Substantia Nigra ◽

Parkinson Disease ◽

Movement Disorder ◽

Movement Disorders ◽

Dopaminergic Neurons ◽

Microscopic Level ◽

Rest Tremor ◽

Macroscopic Level ◽

Progressive Degeneration

Parkinson disease (PD) is the classic hypokinetic movement disorder and one of the most common and widely recognized neurodegenerative conditions. PD is distinct from parkinsonism, a term that refers to a syndrome of rest tremor, bradykinesia, rigidity, and postural instability. The mechanism behind the progressive degeneration and cell death that result in PD is not precisely understood. Substantia nigra depigmentation occurs on a macroscopic level and loss of dopaminergic neurons and gliosis on a microscopic level.

Download Full-text

Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)

MATEC Web of Conferences ◽

10.1051/matecconf/201821802012 ◽

2018 ◽

Vol 218 ◽

pp. 02012 ◽

Cited By ~ 3

Author(s):

Mohammad A. AL-Adaileh ◽

Mohammed Anbar ◽

Yung-Wey Chong ◽

Ahmed Al-Ani

Keyword(s):

Statistical Analysis ◽

Denial Of Service ◽

Attack Detection ◽

Detection Accuracy ◽

Ddos Attacks ◽

Large Area ◽

Network Resources ◽

Network Resource ◽

High Bandwidth ◽

Sdn Controller

Software-defined networkings (SDNs) have grown rapidly in recent years be-cause of SDNs are widely used in managing large area networks and securing networks from Distributed Denial of Services (DDoS) attacks. SDNs allow net-works to be monitored and managed through centralized controller. Therefore, SDN controllers are considered as the brain of networks and are considerably vulnerable to DDoS attacks. Thus, SDN controller suffer from several challenges that exhaust network resources. For SDN controller, the main target of DDoS attacks is to prevent legitimate users from using a network resource or receiving their services. Nevertheless, some approaches have been proposed to detect DDoS attacks through the examination of the traffic behavior of networks. How-ever, these approaches take too long to process all incoming packets, thereby leading to high bandwidth consumption and delays in the detection of DDoS at-tacks. In addition, most existing approaches for the detection of DDoS attacks suffer from high positive/negative false rates and low detection accuracy. This study proposes a new approach to detecting DDoS attacks. The approach is called the statistical-based approach for detecting DDoS against the controllers of software-defined networks. The proposed approach is designed to detect the presence of DDoS attacks accurately, reduce false positive/negative flow rates, and minimize the complexity of targeting SDN controllers according to a statistical analysis of packet features. The proposed approach passively captures net-work traffic, filters traffic, and selects the most significant features that contribute to DDoS attack detection. The general stages of the proposed approach are (i) da-ta preprocessing, (ii) statistical analysis, (iii) correlation identification between two vectors, and (iv) rule-based DDoS detection.

Download Full-text

Red Onions, Elodea, or Decalcified Chicken Eggs? Selecting & Sequencing Representations for Teaching Diffusion & Osmosis

The American Biology Teacher ◽

10.1525/abt.2012.74.6.7 ◽

2012 ◽

Vol 74 (6) ◽

pp. 392-399 ◽

Cited By ~ 1

Author(s):

Deanna Lankford ◽

Patricia Friedrichsen

Keyword(s):

Molecular Level ◽

Microscopic Level ◽

Experienced Teachers ◽

Cellular Respiration ◽

Biological Processes ◽

Cell Level ◽

Macroscopic Level ◽

Pros And Cons ◽

Biological Concepts ◽

Chicken Eggs

Diffusion and osmosis are important biological concepts that students often struggle to understand. These are important concepts because they are the basis for many complex biological processes, such as photosynthesis and cellular respiration. We examine a wide variety of representations used by experienced teachers to teach diffusion and osmosis. To help teachers select appropriate representations for their students, we briefly describe each representation and discuss its pros and cons. After teachers select representations, we offer recommendations for sequencing them. We recommend beginning with macroscopic-level representations that easily allow students to visualize the phenomenon, then moving to microscopic-level representations (cell-level), and finally exploring the phenomenon at the molecular level using virtual representations.

Download Full-text

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

10.26686/wgtn.17135222.v1 ◽

2021 ◽

Author(s):

◽

Abigail Koay

Keyword(s):

Information Sharing ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Low Intensity ◽

Ddos Attack ◽

Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

Download Full-text