Deep learning model for distributed denial of service (DDoS) detection

Distributed denial of service (DDoS) attacks is one of the serious threats in the domain of cybersecurity where it affects the availability of online services by disrupting access to its legitimate users. The consequences of such attacks could be millions of dollars in worth since all of the online services are relying on high availability. The magnitude of DDoS attacks is ever increasing as attackers are smart enough to innovate their attacking strategies to expose vulnerabilities in the intrusion detection models or mitigation mechanisms. The history of DDoS attacks reflects that network and transport layers of the OSI model were the initial target of the attackers, but the recent history from the cybersecurity domain proves that the attacking momentum has shifted toward the application layer of the OSI model which presents a high degree of difficulty distinguishing the attack and benign traffics that make the combat against application-layer DDoS attack a sophisticated task. Striding for high accuracy with high DDoS classification recall is key for any DDoS detection mechanism to keep the reliability and trustworthiness of such a system. In this paper, a deep learning approach for application-layer DDoS detection is proposed by using an autoencoder to perform the feature selection and Deep neural networks to perform the attack classification. A popular benchmark dataset CIC DoS 2017 is selected by extracting the most appealing features from the packet flows. The proposed model has achieved an accuracy of 99.83% with a detection rate of 99.84% while maintaining the false-negative rate of 0.17%, which has the heights accuracy rate among the literature reviewed so far.

DETECTION AND MITIGATION OF DISTRIBUTED DENIAL OF SERVICE ATTACKS ON NETWORK ARCHITECTURE SOFTWARE DEFINED NETWORKING USING THE NAIVE BAYES ALGORITHM

DDoS attacks are a form of attack carried out by sending packets continuously to machines and even computer networks. This attack will result in a machine or network resources that cannot be accessed or used by users. DDoS attacks usually originate from several machines operated by users or by bots, whereas Dos attacks are carried out by one person or one system. In this study, the term to be used is the term DDoS to represent a DoS or DDoS attack. In the network world, Software Defined Network (SDN) is a promising paradigm. SDN separates the control plane from forwarding plane to improve network programmability and network management. As part of the network, SDN is not spared from DDoS attacks. In this study, we use the naïve Bayes algorithm as a method to detect DDoS attacks on the Software Defined Network network architecture

A Proposal to Distinguish DDoS Traffic in Flash Crowd Environments

A Flash Crowd (FC) event occurs when network traffic increases suddenly due to a specific reason (e.g. e-commerce sale). Despite its legitimacy, this kind of situation usually decreases the network resource performance. Furthermore, attackers may simulate FC situations to introduce undetected attacks, such as Distributed Denial of Service (DDoS), since it is very difficult to distinguish between legitimate and malicious data flows. To differentiate malicious and legitimate traffic we propose applying zero inflated count data models in conjunction with the Correlation Coefficient Flow (CCF) method – a well-known method used in FC situations. Our results were satisfactory and improve the accuracy of CCF method. Furthermore, since the environment toggles between normal and FC situations, our method has the advantage of working in both situations.

An approach for slow distributed denial of service attack detection and alleviation in software defined networks

Over the last few years, the need for programmable networks has captured the interest of industrialists and academicians. It has led to the development of a paradigm called software defined network (SDN). It separates the network intelligence into the control plane and forwarding logic into the data plane. This architecture gives scope to various security issues of which denial of service (DoS) is the most common and challenging to detect. This paper focuses on the detection and mitigation of a slow DoS attack called Slowloris on Apache2 server in SDN based networks. The proposed solution is called Slowloris detection and mitigation mechanism (SDMM). Mininet, an emulator, and SimpleHTTPServer are used for simulation and the same is implemented using Zodiac FX OpenFlow switch, Ryu controller and Apache2 server. SDMM algorithm detects and mitigates prolonged Slowloris attack in typical networks as well as in slow networks with low bandwidth and high delay in 240-280s with an accuracy of 100% and 98% respectively. It uses expectation of burst size as a key factor for detection.

A Novel Model for Distributed Denial of Service Attack Analysis and Interactivity

A Distributed Denial of Service (DDoS) attack is a type of cybercrime that renders a target service unavailable by overwhelming it with traffic from several sources (attack nodes). In this paper, we focus on DDoS attacks on a computer network by spreading bots throughout the network. A mathematical differential equation model is proposed to represent the dynamism of nodes at different compartments of the model. The model considers two levels of security, with the assumption that the recovered nodes do not return to the same security level. In previous models, the recovered nodes are returned to be suspect on the same security level, which is an unrealistic assumption. Moreover, it is assumed that the attacker can use the infected target nodes to attack again. With such epidemic-like assumptions of infection, different cases are presented and discussed, and the stability of the model is analyzed as well; reversing the symmetry transformation of attacking nodes population is also proven. The proposed model has many parameters in order to precisely describe the infection movement and propagation. Numerical simulation methods are used to solve the developed system of equations using MATLAB, with the intention of finding the best counteraction to control DDoS spread throughout a network.

A Survey on Efficient Secure Routing in Industrial Network for Improved QoS

The industrial units adapt different networks for the management of their units, processes and resources. The industrial sector uses different networks for their smooth functioning which would require accessing various network services by their users, employees and customers. However, the industrial networks arenot exemptions from network threats. Number of threats exist which challenge the functioning of industrial network like DDoS (Distributed Denial of Service), black hole, eavesdrop attack and so on. Most attacks focus towards degrading the QoS performance of industrial network. To handle this, different approaches are available in literature which works based on several features like traffic, hop count, payload, service frequency, retransmission frequency, node behaviors, and location of nodes and so on. Similarly, most threats occur over the routing procedure. Towards maximizing the QoS of industrial network, it is necessary to analyze various routing protocols and their way of handling different threats. This article analyzes various routing protocols and threats towards QoS of Industrial networks.