Mitigating DDoS Attacks in Wireless Sensor Networks using Heuristic Feature Selection with Deep Learning Model

A wireless sensor network (WSN) encompasses a massive set of sensors with limited abilities for gathering sensitive data. Since security is a significant issue in WSN, there is a possibility of different types of attacks. In Distributed Denial of Service (DDOS) attack, the malicious node can adapt to several attacks, namely flooding, black hole, warm hole, etc., to interrupt the working of the WSN. The recently developed deep learning (DL) models can effectively detect DDoS attacks in the network. Therefore, this article proposes a heuristic feature selection with a Deep Learning-based DDoS (HFSDL-DDoS) attack detection model in WSN. The proposed HFSDL-DDoS technique intends to identify and categorize the occurrence of DDoS attacks in WSN. In addition, the HFSDL-DDoS technique involves the immune clonal genetic algorithm (ICGA) based feature selection (FS) approach to improve the detection performance. Moreover, a fruit fly algorithm (FFA) with bidirectional long, short-term memory (BiLSTM) based classification model is employed. The experimental analysis of the HFSDL-DDoS technique is performed, and the results are examined interms of several performance measures. The resultant experimental results pointed out the betterment of the HFSDL-DDoS technique over the other techniques.

Download Full-text

DDoS attack detection using deep learning

IAES International Journal of Artificial Intelligence (IJ-AI) ◽

10.11591/ijai.v10.i2.pp382-388 ◽

2021 ◽

Vol 10 (2) ◽

pp. 382

Author(s):

Thapanarath Khempetch ◽

Pongpisit Wuttidittachotti

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Ddos Attack ◽

Attack Surface ◽

Iot Devices ◽

Ddos Attack Detection ◽

Flow Of Information

Nowadays, IoT devices are widely used both in daily life and in corporate and industrial environments. The use of these devices has increased dramatically and by 2030 it is estimated that their usage will rise to 125 billion devices causing enormous flow of information. It is likely that it will also increase distributed denial-of-service (DDoS) attack surface. As IoT devices have limited resources, it is impossible to add additional security structures to it. Therefore, the risk of DDoS attacks by malicious people who can take control of IoT devices, remain extremely high. In this paper, we use the CICDDoS2019 dataset as a dataset that has improved the bugs and introducing a new taxonomy for DDoS attacks, including new classification based on flows network. We propose DDoS attack detection using the deep neural network (DNN) and long short-term memory (LSTM) algorithm. Our results show that it can detect more than 99.90% of all three types of DDoS attacks. The results indicate that deep learning is another option for detecting attacks that may cause disruptions in the future.

Download Full-text

DoS and DDoS Attack Detection Using Deep Learning and IDS

The International Arab Journal of Information Technology ◽

10.34028/iajit/17/4a/10 ◽

2020 ◽

Vol 17 (4A) ◽

pp. 655-661

Author(s):

Mohammad Shurman ◽

Rami Khrais ◽

Abdulrahman Yateem

Keyword(s):

Deep Learning ◽

Short Term Memory ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Target System ◽

Online Systems ◽

Ddos Attack ◽

Long Short Term Memory ◽

Ddos Attack Detection

In the recent years, Denial-of-Service (DoS) or Distributed Denial-of-Service (DDoS) attack has spread greatly and attackers make online systems unavailable to legitimate users by sending huge number of packets to the target system. In this paper, we proposed two methodologies to detect Distributed Reflection Denial of Service (DrDoS) attacks in IoT. The first methodology uses hybrid Intrusion Detection System (IDS) to detect IoT-DoS attack. The second methodology uses deep learning models, based on Long Short-Term Memory (LSTM) trained with latest dataset for such kinds of DrDoS. Our experimental results demonstrate that using the proposed methodologies can detect bad behaviour making the IoT network safe of Dos and DDoS attacks

Download Full-text

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Sustainability ◽

10.3390/su12031035 ◽

2020 ◽

Vol 12 (3) ◽

pp. 1035 ◽

Cited By ~ 9

Author(s):

Huseyin Polat ◽

Onur Polat ◽

Aydin Cetin

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Denial Of Service ◽

Attack Detection ◽

Critical Threshold ◽

Support Vector ◽

Ddos Attacks ◽

Selection Methods ◽

Training Time ◽

Ddos Attack

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

Download Full-text

Efficient Detection of DDoS Attacks Using a Hybrid Deep Learning Model with Improved Feature Selection

Applied Sciences ◽

10.3390/app112411634 ◽

2021 ◽

Vol 11 (24) ◽

pp. 11634

Author(s):

Daniyal Alghazzawi ◽

Omaima Bamasaq ◽

Hayat Ullah ◽

Muhamad Zubair Asghar

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Deep Learning ◽

Short Term Memory ◽

Denial Of Service ◽

Mitigation Strategies ◽

Sequence Information ◽

Ddos Attacks ◽

Data Set ◽

Efficient Detection

DDoS (Distributed Denial of Service) attacks have now become a serious risk to the integrity and confidentiality of computer networks and systems, which are essential assets in today’s world. Detecting DDoS attacks is a difficult task that must be accomplished before any mitigation strategies can be used. The identification of DDoS attacks has already been successfully implemented using machine learning/deep learning (ML/DL). However, due to an inherent limitation of ML/DL frameworks—so-called optimal feature selection—complete accomplishment is likewise out of reach. This is a case in which a machine learning/deep learning-based system does not produce promising results for identifying DDoS attacks. At the moment, existing research on forecasting DDoS attacks has yielded a variety of unexpected predictions utilising machine learning (ML) classifiers and conventional approaches for feature encoding. These previous efforts also made use of deep neural networks to extract features without having to maintain the track of the sequence information. The current work suggests predicting DDoS attacks using a hybrid deep learning (DL) model, namely a CNN with BiLSTM (bidirectional long/short-term memory), in order to effectively anticipate DDoS attacks using benchmark data. By ranking and choosing features that scored the highest in the provided data set, only the most pertinent features were picked. Experiment findings demonstrate that the proposed CNN-BI-LSTM attained an accuracy of up to 94.52 percent using the data set CIC-DDoS2019 during training, testing, and validation.

Download Full-text

Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Security and Communication Networks ◽

10.1155/2018/5198685 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 8

Author(s):

Jieren Cheng ◽

Chen Zhang ◽

Xiangyan Tang ◽

Victor S. Sheng ◽

Zhe Dong ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Multiple Kernel Learning ◽

Attack Detection ◽

Kernel Learning ◽

Economic Losses ◽

Ddos Attacks ◽

Ddos Attack ◽

Multiple Kernel ◽

Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

Download Full-text

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

10.26686/wgtn.17135222.v1 ◽

2021 ◽

Author(s):

◽

Abigail Koay

Keyword(s):

Information Sharing ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Traffic Classification ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Low Intensity ◽

Ddos Attack ◽

Ddos Attack Detection

High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.

Download Full-text

DDoS detection and prevention based on artificial intelligence techniques

Scientific Bulletin of Naval Academy ◽

10.21279/1454-864x-19-i1-018 ◽

2019 ◽

Vol XXII (1) ◽

pp. 134-143

Author(s):

Glăvan D.

Keyword(s):

Artificial Intelligence ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Ddos Attacks ◽

Great Loss ◽

Artificial Intelligence Techniques ◽

Ddos Attack ◽

Random Forest Tree ◽

Ddos Attack Detection

Distributed Denial of Service (DDoS) attacks have been the major threats for the Internet and can bring great loss to companies and governments. With the development of emerging technologies, such as cloud computing, Internet of Things (IoT), artificial intelligence techniques, attackers can launch a huge volume of DDoS attacks with a lower cost, and it is much harder to detect and prevent DDoS attacks, because DDoS traffic is similar to normal traffic. Some artificial intelligence techniques like machine learning algorithms have been used to classify DDoS attack traffic and detect DDoS attacks, such as Naive Bayes and Random forest tree. In the paper, we survey on the latest progress on the DDoS attack detection using artificial intelligence techniques and give recommendations on artificial intelligence techniques to be used in DDoS attack detection and prevention.

Download Full-text

Multilevel Modeling of Distributed Denial of Service Attacks in Wireless Sensor Networks

Journal of Sensors ◽

10.1155/2016/5017248 ◽

2016 ◽

Vol 2016 ◽

pp. 1-13 ◽

Cited By ~ 8

Author(s):

Katarzyna Mazur ◽

Bogdan Ksiezopolski ◽

Radoslaw Nielek

Keyword(s):

Wireless Sensor Networks ◽

Sensor Networks ◽

Denial Of Service ◽

Monitoring Network ◽

Wireless Sensor ◽

Distributed Denial Of Service ◽

Ddos Attacks ◽

Denial Of Service Attack ◽

Ddos Attack ◽

Service Attack

The growing popularity of wireless sensor networks increases the risk of security attacks. One of the most common and dangerous types of attack that takes place these days in any electronic society is a distributed denial of service attack. Due to the resource constraint nature of mobile sensors, DDoS attacks have become a major threat to its stability. In this paper, we established a model of a structural health monitoring network, being disturbed by one of the most common types of DDoS attacks, the flooding attack. Through a set of simulations, we explore the scope of flood-based DDoS attack problem, assessing the performance and the lifetime of the network under the attack condition. To conduct our research, we utilized the Quality of Protection Modeling Language. With the proposed approach, it was possible to examine numerous network configurations, parameters, attack options, and scenarios. The results of the carefully performed multilevel analysis allowed us to identify a new kind of DDoS attack, the delayed distributed denial of service, by the authors, referred to as DDDoS attack. Multilevel approach to DDoS attack analysis confirmed that, examining endangered environments, it is significant to take into account many characteristics at once, just to not overlook any important aspect.

Download Full-text

IFACNN: efficient DDoS attack detection based on improved firefly algorithm to optimize convolutional neural networks

Mathematical Biosciences and Engineering ◽

10.3934/mbe.2022059 ◽

2021 ◽

Vol 19 (2) ◽

pp. 1280-1303

Author(s):

Jiushuang Wang ◽

◽

Ying Liu ◽

Huifen Feng

Keyword(s):

Internet Of Things ◽

Firefly Algorithm ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Detection Scheme ◽

Ddos Attack ◽

Improved Firefly Algorithm ◽

Iot Devices ◽

Ddos Attack Detection

<abstract>Network security has become considerably essential because of the expansion of internet of things (IoT) devices. One of the greatest hazards of today's networks is distributed denial of service (DDoS) attacks, which could destroy critical network services. Recent numerous IoT devices are unsuspectingly attacked by DDoS. To securely manage IoT equipment, researchers have introduced software-defined networks (SDN). Therefore, we propose a DDoS attack detection scheme to secure the real-time in the software-defined the internet of things (SD-IoT) environment. In this article, we utilize improved firefly algorithm to optimize the convolutional neural network (CNN), to provide detection for DDoS attacks in our proposed SD-IoT framework. Our results demonstrate that our scheme can achieve higher than 99% DDoS behavior and benign traffic detection accuracy.</abstract>

Download Full-text

Towards Detecting Flooding DDOS Attacks Over Software Defined Networks Using Machine Learning Techniques

Revista Gestão Inovação e Tecnologias ◽

10.47059/revistageintec.v11i4.2411 ◽

2021 ◽

Vol 11 (4) ◽

pp. 3837-3865

Author(s):

Ancy Sherin Jose ◽

Latha R Nair ◽

Varghese Paul

Keyword(s):

Feature Selection ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Techniques ◽

Ddos Attacks ◽

Method Performance ◽

Feature Sets ◽

Flooding Attacks ◽

Wide Range ◽

Level Statistics

Distributed Denial of Service Attack (DDoS) has emerged as a major threat to cyber space. A DDoS attack aims at exhausting the resources of the victim causing financial and reputational damages to it. The availability of free software make launching of DDoS attacks easy. The difficulty in differentiating a DDoS traffic from a legitimate traffic burst such as a flash crowd makes DDoS difficult to be identified. A wide range of techniques have been used in conventional networks to detect and mitigate DDoS attacks. Though the advent of Software Defined Networking (SDN) makes a network easy to be managed even SDN is vulnerable to DDoS attacks. In this case, the controller of the SDN gets overloaded with the incoming packets from the switches. In fact, a solution based on security analytics can be put in place to ward off this threat as a proactive security measure using the flow level statistics available from the SDN. Compared to the packet analysis used in traditional networks which is resource expensive the flow level statistics is relatively inexpensive. This paper focuses on the design and implementation of an attack detection system for detecting the flooding DDoS attacks TCP SYN flooding attacks, HTTP request flooding attacks, UDP flooding attacks and ICMP flooding attacks over SDN network traffic. The system uses various classification algorithms to classify a traffic into normal or attack. The feature sets for classification were arrived at using a feature selection module with ANOVA (Analysis of Variance) F-Test statistical method. Performance evaluation of each of the classifiers was carried out for the three feature sets obtained from the feature selection module using various performance measures and the results have been tabulated. The feature set which gives the best performance in detecting malicious traffic has been identified.

Download Full-text