Detection of Adversarial DDoS Attacks Using Generative Adversarial Networks with Dual Discriminators

DDoS (Distributed Denial of Service) has emerged as a serious and challenging threat to computer networks and information systems’ security and integrity. Before any remedial measures can be implemented, DDoS assaults must first be detected. DDoS attacks can be identified and characterized with satisfactory achievement employing ML (Machine Learning) and DL (Deep Learning). However, new varieties of aggression arise as the technology for DDoS attacks keep evolving. This research explores the impact of a new incarnation of DDoS attack–adversarial DDoS attack. There are established works on ML-based DDoS detection and GAN (Generative Adversarial Network) based adversarial DDoS synthesis. We confirm these findings in our experiments. Experiments in this study involve the extension and application of the GAN, a machine learning framework with symmetric form having two contending neural networks. We synthesize adversarial DDoS attacks utilizing Wasserstein Generative Adversarial Networks featuring Gradient Penalty (GP-WGAN). Experiment results indicate that the synthesized traffic can traverse the detection systems such as k-Nearest Neighbor (KNN), Multi-Layer Perceptron (MLP) and Random Forest (RF) without being identified. This observation is a sobering and pessimistic wake-up call, implying that countermeasures to adversarial DDoS attacks are urgently needed. To this problem, we propose a novel DDoS detection framework featuring GAN with Dual Discriminators (GANDD). The additional discriminator is designed to identify adversary DDoS traffic. The proposed GANDD can be an effective solution to adversarial DDoS attacks, as evidenced by the experimental results. We use adversarial DDoS traffic synthesized by GP-WGAN to train GANDD and validate it alongside three other DL technologies: DNN (Deep Neural Network), LSTM (Long Short-Term Memory) and GAN. GANDD outperformed the other DL models, demonstrating its protection with a TPR of 84.3%. A more sophisticated test was also conducted to examine GANDD’s ability to handle unseen adversarial attacks. GANDD was evaluated with adversarial traffic not generated from its training data. GANDD still proved effective with a TPR around 71.3% compared to 7.4% of LSTM.

Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.

Feature Selection Approach to Detect DDoS Attack Using Machine Learning Algorithms

Distributed Denial of Service (DDoS) attacks are dangerous attacks that can cause disruption to server, system or application layer. It will flood the target server with the amount of Internet traffic that the server could not afford at one time. Therefore, it is possible that the server will not work if it is affected by this DDoS attack. Due to this attack, the network security environment becomes insecure with the possibility of this attack. In recent years, the cases related to DDoS attacks have increased. Although previously there has been a lot of research on DDoS attacks, cases of DDoS attacks still exist. Therefore, the research on feature selection approach has been done in effort to detect the DDoS attacks by using machine learning techniques. In this paper, to detect DDoS attacks, features have been selected from the UNSW-NB 15 dataset by using Information Gain and Data Reduction method. To classify the selected features, ANN, Naïve Bayes, and Decision Table algorithms were used to test the dataset. To evaluate the result of the experiment, the parameters of Accuracy, Precision, True Positive and False Positive evaluated the results and classed the data into attacks and normal class. Hence, the good features have been obtained based on the experiments. To ensure the selected features are good or not, the results of classification have been compared with the past research that used the same UNSW-NB 15 dataset. To conclude, the accuracy of ANN, Naïve Bayes and Decision Table classifiers has been increased by using this feature selection approach compared to the past research.

Software Defined Network : The Comparison of SVM kernel on DDoS Detection

SDN is a new technology in the concept of a network where there is a separation between the data plane and the control plane as the brain that regulates data forwarding so that it becomes a target for DDoS attacks. Detection of DDoS attacks is an important topic in the field of network security. because of the difficulty of detecting the difference between normal traffic and anomalous attacks. Based on data from helpnetsecurity.com, in 2020 there were 4.83 million attempted DoS/DDoS attacks on various services, this shows that network security is very important. Various methods have been used in detecting DDoS attacks such as using a threshold on passing network traffic with an average traffic size compared to 3 times the standard deviation, the weakness of this method is if there is a spike in traffic it will be detected as an attack even though the traffic is normal so that it increases false positives. To maintain security on the SDN network, the reason is that a system is needed that can detect DDoS attacks anomalously by taking advantage of the habits that appear on the system and assuming that if there are deviations from the habits that appear then it is declared a DDoS attack, the SVM method is used to categorize the data traffic obtained from the controller to detect whether it is a DDoS attack or not. Based on the tests conducted with 500 training data, the accuracy is 99,2%. The conclusion of this paper is that the RBF SVM kernel can be very good at detecting anomalous DDoS attacks.

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>

Detecting High and Low Intensity Distributed Denial of Service (DDoS) Attacks

<p>High and low-intensity attacks are two common Distributed Denial of Service (DDoS) attacks that disrupt Internet users and their daily operations. Detecting these attacks is important to ensure that communication, business operations, and education facilities can run smoothly. Many DDoS attack detection systems have been proposed in the past but still lack performance, scalability, and information sharing ability to detect both high and low-intensity DDoS attacks accurately and early. To combat these issues, this thesis studies the use of Software-Defined Networking technology, entropy-based features, and machine learning classifiers to develop three useful components, namely a good system architecture, a useful set of features, and an accurate and generalised traffic classification scheme. The findings from the experimental analysis and evaluation results of the three components provide important insights for researchers to improve the overall performance, scalability, and information sharing ability for building an accurate and early DDoS attack detection system.</p>