Design and Implementation of SIP-aware DDoS Attack Detection System

The explosive growth of network traffic and its multitype on Internet have brought new and severe challenges to DDoS attack detection. To get the higher True Negative Rate (TNR), accuracy, and precision and to guarantee the robustness, stability, and universality of detection system, in this paper, we propose a DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning and design a heuristic detection algorithm based on Singular Value Decomposition (SVD) to construct our detection system. Experimental results show that our detection method is excellent in TNR, accuracy, and precision. Therefore, our algorithm has good detective performance for DDoS attack. Through the comparisons with Random Forest, k-Nearest Neighbor (k-NN), and Bagging comprising the component classifiers when the three algorithms are used alone by SVD and by un-SVD, it is shown that our model is superior to the state-of-the-art attack detection techniques in system generalization ability, detection stability, and overall detection performance.

Download Full-text

DoS and DDoS Attack Detection Using Deep Learning and IDS

The International Arab Journal of Information Technology ◽

10.34028/iajit/17/4a/10 ◽

2020 ◽

Vol 17 (4A) ◽

pp. 655-661

Author(s):

Mohammad Shurman ◽

Rami Khrais ◽

Abdulrahman Yateem

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Target System ◽

Online Systems ◽

Ddos Attack ◽

Long Short Term Memory ◽

Ddos Attack Detection

In the recent years, Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack has spread greatly and attackers make online systems unavailable to legitimate users by sending huge number of packets to the target system. In this paper, we proposed two methodologies to detect Distributed Reflection Denial of Service (DrDoS) attacks in IoT. The first methodology uses hybrid Intrusion Detection System (IDS) to detect IoT-DoS attack. The second methodology uses deep learning models, based on Long Short-Term Memory (LSTM) trained with latest dataset for such kinds of DrDoS. Our experimental results demonstrate that using the proposed methodologies can detect bad behaviour making the IoT network safe of Dos and DDoS attacks

Download Full-text

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

10.26686/wgtn.17135222.v1 ◽

2021 ◽

Author(s):

◽

Abigail Koay

Keyword(s):

Information Sharing ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Low Intensity ◽

Ddos Attack ◽

Ddos Attack Detection

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

Download Full-text

DDoS Attack Detection System using Apache Spark

2021 International Conference on Computer Communication and Informatics (ICCCI) ◽

10.1109/iccci50826.2021.9457012 ◽

2021 ◽

Author(s):

Heena Kousar ◽

Mohammed Moin Mulla ◽

Pooja Shettar ◽

Narayan D. G.

Keyword(s):

Detection System ◽

Attack Detection ◽

Apache Spark ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

DDoS Attack Detection System Based on RF-SVM-IL Model Under SDN

電腦學刊 ◽

10.53106/199115992021103205003 ◽

2021 ◽

Vol 32 (5) ◽

pp. 031-043

Author(s):

Jingyuan Fan Jingyuan Fan ◽

Guiqin Yang Jingyuan Fan ◽

Jiyang Gai Guiqin Yang

Keyword(s):

Detection System ◽

Attack Detection ◽

Ddos Attack ◽

Ddos Attack Detection

Download Full-text

On the use of information theory metrics for detecting DDoS attacks and flash events: an empirical analysis, comparison, and future directions

Kuwait Journal of Science ◽

10.48129/kjs.v48i4.10612 ◽

2021 ◽

Vol 48 (4) ◽

Author(s):

Jagdeep Singh ◽

◽

Navjot Jyoti ◽

Sunny Behal ◽

◽

...

Keyword(s):

Information Theory ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

High Rate ◽

Ddos Attacks ◽

Operating Characteristics ◽

Classification Rate ◽

Ddos Attack ◽

Ddos Attack Detection

A Distributed Denial of Service (DDoS) attack is one of the lethal threats that can cripple down the computing and communication resources of a web server hosting Internet-based services and applications. It has motivated the researchers over the years to find diversified and robust solutions to combat against DDoS attacks and characterization of flash events (a sudden surge in the legitimate traffic) from HR-DDoS (High-Rate DDoS) attacks. In recent times, the volume of legitimate traffic has also magnified manifolds. It results in behavioral similarities of attack traffic and legitimate traffic that make it very difficult and crucial to differentiate between the two. Predominantly, Netflow-based techniques are in use for detecting and differentiating legitimate and attack traffic flows. Over the last decade, fellow researchers have extensively used distinct information theory metrics for Netflow-based DDoS defense solutions. However, a comprehensive analysis and comparison of these diversified information theory metrics used for particularly DDoS attack detection are needed for a better understanding of the defense systems based on information theory. This paper elucidates the efficacy and effectiveness of information theory-based various entropy and divergence measures in the field of DDoS attack detection. As part of the work, a generalized NetFlow-based methodology has been proposed. The proposed detection methodology has been validated using the traffic traces of various real benchmarked datasets on a set of detection system evaluation metrics such as Detection rate (Recall), Precision, F-Measure, FPR, Classification rate, and Receiver-Operating Characteristics (ROC) curves. It has concluded that generalized divergence-based information theory metrics produce more accuracy in detecting different types of attack flows in contrast to entropy-based information theory metrics.

Download Full-text

A DDoS attack detection system based on spark framework

Computer Science and Information Systems ◽

10.2298/csis161217028h ◽

2017 ◽

Vol 14 (3) ◽

pp. 769-788 ◽

Cited By ~ 2

Author(s):

Dezhi Han ◽

Kun Bi ◽

Han Liu ◽

Jianxin Jia

Keyword(s):

Big Data ◽

Detection System ◽

Attack Detection ◽

Ddos Attacks ◽

Ip Address ◽

Ddos Attack ◽

Data Environment ◽

Dynamic Sampling ◽

Ddos Attack Detection ◽

Spark Framework

There are many problems in traditional Distributed Denial of Service (DDoS) attack detection such as low accuracy, low detection speed and so on, which is not suitable for the real time detecting and processing of DDoS attacks in big data environment. This paper proposed a novel DDoS attack detection system based on Spark framework including 3 main algorithms. Based on information entropy, the first one can effectively warn all kinds of DDoS attacks in advance according to the information entropy change of data stream source IP address and destination IP address; With the help of designed dynamic sampling K-Means algorithm, this new detection system improves the attack detection accuracy effectively; Through running dynamic sampling K-Means parallelization algorithm, which can quickly and effectively detect a variety of DDoS attacks in big data environment. The experiment results show that this system can not only early warn DDoS attacks effectively, but also can detect all kinds of DDoS attacks in real time, with low false rate.

Download Full-text