The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists fac...The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists face the challenge of producing systems to identify and offset these attacks.This researchmanages IoT security through the emerging Software-Defined Networking(SDN)standard by developing a unified framework(RNN-RYU).We thoroughly assess multiple deep learning frameworks,including Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),Feed-Forward Convolutional Neural Network(FFCNN),and Recurrent Neural Network(RNN),and present the novel usage of Synthetic Minority Over-Sampling Technique(SMOTE)tailored for IoT-SDN contexts to manage class imbalance during training and enhance performance metrics.Our research has significant practical implications as we authenticate the approache using both the self-generated SD_IoT_Smart_City dataset and the publicly available CICIoT23 dataset.The system utilizes only eleven features to identify DDoS attacks efficiently.Results indicate that the RNN can reliably and precisely differentiate between DDoS traffic and benign traffic by easily identifying temporal relationships and sequences in the data.展开更多
As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic...As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.展开更多
Distributed denial-of-service(DDoS)is a rapidly growing problem with the fast development of the Internet.There are multitude DDoS detection approaches,however,three major problems about DDoS attack detection appear i...Distributed denial-of-service(DDoS)is a rapidly growing problem with the fast development of the Internet.There are multitude DDoS detection approaches,however,three major problems about DDoS attack detection appear in the big data environment.Firstly,to shorten the respond time of the DDoS attack detector;secondly,to reduce the required compute resources;lastly,to achieve a high detection rate with low false alarm rate.In the paper,we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems.We define a network flow abnormal index as PDRA with the percentage of old IP addresses,the increment of the new IP addresses,the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address.We design an IP address database using sequential storage model which has a constant time complexity.The autoregressive integrated moving average(ARIMA)trending prediction module will be started if and only if the number of continuous PDRA sequence value,which all exceed an PDRA abnormal threshold(PAT),reaches a certain preset threshold.And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT.Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence.Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption,identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.展开更多
In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research ha...In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research has concentrated largely on factors such as reliability,latency,controller capacity,propagation delay,and energy consumption.However,SDNs are vulnerable to distributed denial of service(DDoS)attacks that interfere with legitimate use of the network.The ever-increasing frequency of DDoS attacks has made it necessary to consider them in network design,especially in critical applications such as military,health care,and financial services networks requiring high availability.We propose a mathematical model for planning the deployment of SDN smart backup controllers(SBCs)to preserve service in the presence of DDoS attacks.Given a number of input parameters,our model has two distinct capabilities.First,it determines the optimal number of primary controllers to place at specific locations or nodes under normal operating conditions.Second,it recommends an optimal number of smart backup controllers for use with different levels of DDoS attacks.The goal of the model is to improve resistance to DDoS attacks while optimizing the overall cost based on the parameters.Our simulated results demonstrate that the model is useful in planning for SDN reliability in the presence of DDoS attacks while managing the overall cost.展开更多
Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time over...Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks.This paper proposes a blockchain-based collaborative detection method for DDoS attacks.First,the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions(SGX),which provides high security for uploading the DDoS attack detection model to the blockchain.Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS)and then a corresponding Content-ID(CID)is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain.In addition,due to the small amount of model data,the time cost of uploading the DDoS attack detection model is greatly reduced.Finally,through the blockchain and smart contracts,the CID is distributed to other service providers,who can use the CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized,trusted and tamper-proof environment for service providers.Besides,smart contracts and IPFS greatly improve the distribution efficiency of the model,while the distribution of CID greatly improves the efficiency of the transmission on the blockchain.In this way,the purpose of collaborative detection can be achieved,and the time cost of transmission on blockchain and IPFS can be considerably saved.We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain,and use IPFS to greatly reduce the cost of the distribution model.In the experiment,compared with most blockchain-based method for DDoS attack detection,the proposed model using blockchain distribution shows the advantages of low cost and latency.The remote authentication mechanism of Intel SGX provides high security and integrity,and ensures the availability of distributed models.展开更多
The Software-Defined Networking(SDN)technology improves network management over existing technology via centralized network control.The SDN provides a perfect platform for researchers to solve traditional network’s o...The Software-Defined Networking(SDN)technology improves network management over existing technology via centralized network control.The SDN provides a perfect platform for researchers to solve traditional network’s outstanding issues.However,despite the advantages of centralized control,concern about its security is rising.The more traditional network switched to SDN technology,the more attractive it becomes to malicious actors,especially the controller,because it is the network’s brain.A Distributed Denial of Service(DDoS)attack on the controller could cripple the entire network.For that reason,researchers are always looking for ways to detect DDoS attacks against the controller with higher accuracy and lower false-positive rate.This paper proposes an entropy-based approach to detect low-rate and high-rate DDoS attacks against the SDN controller,regardless of the number of attackers or targets.The proposed approach generalized the Rényi joint entropy for analyzing the network traffic flow to detect DDoS attack traffic flow of varying rates.Using two packet header features and generalized Rényi joint entropy,the proposed approach achieved a better detection rate than the EDDSC approach that uses Shannon entropy metrics.展开更多
Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of ...Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of flooding the victim network with an enormous number of packets, hence exhausting the resources and preventing the legitimate users to access them. After having standard DDoS defense mechanism, still attackers are able to launch an attack. These inadequate defense mechanisms need to be improved and integrated with other solutions. The purpose of this paper is to study the characteristics of DDoS attacks, various models involved in attacks and to provide a timeline of defense mechanism with their improvements to combat DDoS attacks. In addition to this, a novel scheme is proposed to detect DDoS attack efficiently by using MapReduce programming model.展开更多
In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by Io...In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.展开更多
Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCar...Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.展开更多
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks...Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.展开更多
The use of machine learning algorithms to identify characteristics in Distributed Denial of Service (DDoS) attacks has emerged as a powerful approach in cybersecurity. DDoS attacks, which aim to overwhelm a network or...The use of machine learning algorithms to identify characteristics in Distributed Denial of Service (DDoS) attacks has emerged as a powerful approach in cybersecurity. DDoS attacks, which aim to overwhelm a network or service with a flood of malicious traffic, pose significant threats to online systems. Traditional methods of detection and mitigation often struggle to keep pace with the evolving nature of these attacks. Machine learning, with its ability to analyze vast amounts of data and recognize patterns, offers a robust solution to this challenge. The aim of the paper is to demonstrate the application of ensemble ML algorithms, namely the K-Means and the KNN, for a dual clustering mechanism when used with PySpark to collect 99% accurate data. The algorithms, when used together, identify distinctive features of DDoS attacks that prove a very accurate reflection of reality, so they are a good combination for this aim. Impressively, having preprocessed the data, both algorithms with the PySpark foundation enabled the achievement of 99% accuracy when tuned on the features of a DDoS big dataset. The semi-supervised dataset tabulates traffic anomalies in terms of packet size distribution in correlation to Flow Duration. By training the K-Means Clustering and then applying the KNN to the dataset, the algorithms learn to evaluate the character of activity to a greater degree by displaying density with ease. The study evaluates the effectiveness of the K-Means Clustering with the KNN as ensemble algorithms that adapt very well in detecting complex patterns. Ultimately, cross-reaching environmental results indicate that ML-based approaches significantly improve detection rates compared to traditional methods. Furthermore, ensemble learning methods, which combine two plus multiple models to improve prediction accuracy, show greatness in handling the complexity and variability of big data sets especially when implemented by PySpark. The findings suggest that the enhancement of accuracy derives from newer software that’s designed to reflect reality. However, challenges remain in the deployment of these systems, including the need for large, high-quality datasets and the potential for adversarial attacks that attempt to deceive the ML models. Future research should continue to improve the robustness and efficiency of combining algorithms, as well as integrate them with existing security frameworks to provide comprehensive protection against DDoS attacks and other areas. The dataset was originally created by the University of New Brunswick to analyze DDoS data. The dataset itself was based on logs of the university’s servers, which found various DoS attacks throughout the publicly available period to totally generate 80 attributes with a 6.40GB size. In this dataset, the label and binary column become a very important portion of the final classification. In the last column, this means the normal traffic would be differentiated by the attack traffic. Further analysis is then ripe for investigation. Finally, malicious traffic alert software, as an example, should be trained on packet influx to Flow Duration dependence, which creates a mathematical scope for averages to enact. In achieving such high accuracy, the project acts as an illustration (referenced in the form of excerpts from my Google Colab account) of many attempts to tune. Cybersecurity advocates for more work on the character of brute-force attack traffic and normal traffic features overall since most of our investments as humans are digitally based in work, recreational, and social environments.展开更多
基金supported by NSTC 113-2221-E-155-055NSTC 113-2222-E-155-007,Taiwan.
文摘The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists face the challenge of producing systems to identify and offset these attacks.This researchmanages IoT security through the emerging Software-Defined Networking(SDN)standard by developing a unified framework(RNN-RYU).We thoroughly assess multiple deep learning frameworks,including Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),Feed-Forward Convolutional Neural Network(FFCNN),and Recurrent Neural Network(RNN),and present the novel usage of Synthetic Minority Over-Sampling Technique(SMOTE)tailored for IoT-SDN contexts to manage class imbalance during training and enhance performance metrics.Our research has significant practical implications as we authenticate the approache using both the self-generated SD_IoT_Smart_City dataset and the publicly available CICIoT23 dataset.The system utilizes only eleven features to identify DDoS attacks efficiently.Results indicate that the RNN can reliably and precisely differentiate between DDoS traffic and benign traffic by easily identifying temporal relationships and sequences in the data.
基金supported by Korea National University of Transportation Industry-Academy Cooperation Foundation in 2024.
文摘As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.
基金This work was supported by the National Natural Science Foundation of China[No.61762033,61363071,61702539]The National Natural Science Foundation of Hainan[No.617048,2018CXTD333]+1 种基金Hainan University Doctor Start Fund Project[No.kyqd1328]Hainan University Youth Fund Project[No.qnjj1444].
文摘Distributed denial-of-service(DDoS)is a rapidly growing problem with the fast development of the Internet.There are multitude DDoS detection approaches,however,three major problems about DDoS attack detection appear in the big data environment.Firstly,to shorten the respond time of the DDoS attack detector;secondly,to reduce the required compute resources;lastly,to achieve a high detection rate with low false alarm rate.In the paper,we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems.We define a network flow abnormal index as PDRA with the percentage of old IP addresses,the increment of the new IP addresses,the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address.We design an IP address database using sequential storage model which has a constant time complexity.The autoregressive integrated moving average(ARIMA)trending prediction module will be started if and only if the number of continuous PDRA sequence value,which all exceed an PDRA abnormal threshold(PAT),reaches a certain preset threshold.And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT.Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence.Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption,identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.
基金This research work was funded by TMR&D Sdn Bhd under project code RDTC160902.
文摘In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research has concentrated largely on factors such as reliability,latency,controller capacity,propagation delay,and energy consumption.However,SDNs are vulnerable to distributed denial of service(DDoS)attacks that interfere with legitimate use of the network.The ever-increasing frequency of DDoS attacks has made it necessary to consider them in network design,especially in critical applications such as military,health care,and financial services networks requiring high availability.We propose a mathematical model for planning the deployment of SDN smart backup controllers(SBCs)to preserve service in the presence of DDoS attacks.Given a number of input parameters,our model has two distinct capabilities.First,it determines the optimal number of primary controllers to place at specific locations or nodes under normal operating conditions.Second,it recommends an optimal number of smart backup controllers for use with different levels of DDoS attacks.The goal of the model is to improve resistance to DDoS attacks while optimizing the overall cost based on the parameters.Our simulated results demonstrate that the model is useful in planning for SDN reliability in the presence of DDoS attacks while managing the overall cost.
基金supported by the Key Research and Development Program of Hainan Province(Grant No.ZDYF2020040,ZDYF2021GXJS003)Major science and technology project of Hainan Province(Grant No.ZDKJ2020012)+2 种基金National Natural Science Foundation of China(NSFC)(Grant No.62162022,62162024 and 61762033)Hainan Provincial Natural Science Foundation of China(Grant No.620MS021)Opening Project of Shanghai Trusted Industrial Control Platform(Grant No.TICPSH202003005-ZC).
文摘Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks.This paper proposes a blockchain-based collaborative detection method for DDoS attacks.First,the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions(SGX),which provides high security for uploading the DDoS attack detection model to the blockchain.Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS)and then a corresponding Content-ID(CID)is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain.In addition,due to the small amount of model data,the time cost of uploading the DDoS attack detection model is greatly reduced.Finally,through the blockchain and smart contracts,the CID is distributed to other service providers,who can use the CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized,trusted and tamper-proof environment for service providers.Besides,smart contracts and IPFS greatly improve the distribution efficiency of the model,while the distribution of CID greatly improves the efficiency of the transmission on the blockchain.In this way,the purpose of collaborative detection can be achieved,and the time cost of transmission on blockchain and IPFS can be considerably saved.We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain,and use IPFS to greatly reduce the cost of the distribution model.In the experiment,compared with most blockchain-based method for DDoS attack detection,the proposed model using blockchain distribution shows the advantages of low cost and latency.The remote authentication mechanism of Intel SGX provides high security and integrity,and ensures the availability of distributed models.
基金This work was supported by Universiti Sains Malaysia under external grant(Grant Number 304/PNAV/650958/U154).
文摘The Software-Defined Networking(SDN)technology improves network management over existing technology via centralized network control.The SDN provides a perfect platform for researchers to solve traditional network’s outstanding issues.However,despite the advantages of centralized control,concern about its security is rising.The more traditional network switched to SDN technology,the more attractive it becomes to malicious actors,especially the controller,because it is the network’s brain.A Distributed Denial of Service(DDoS)attack on the controller could cripple the entire network.For that reason,researchers are always looking for ways to detect DDoS attacks against the controller with higher accuracy and lower false-positive rate.This paper proposes an entropy-based approach to detect low-rate and high-rate DDoS attacks against the SDN controller,regardless of the number of attackers or targets.The proposed approach generalized the Rényi joint entropy for analyzing the network traffic flow to detect DDoS attack traffic flow of varying rates.Using two packet header features and generalized Rényi joint entropy,the proposed approach achieved a better detection rate than the EDDSC approach that uses Shannon entropy metrics.
文摘Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of flooding the victim network with an enormous number of packets, hence exhausting the resources and preventing the legitimate users to access them. After having standard DDoS defense mechanism, still attackers are able to launch an attack. These inadequate defense mechanisms need to be improved and integrated with other solutions. The purpose of this paper is to study the characteristics of DDoS attacks, various models involved in attacks and to provide a timeline of defense mechanism with their improvements to combat DDoS attacks. In addition to this, a novel scheme is proposed to detect DDoS attack efficiently by using MapReduce programming model.
文摘In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.
文摘Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.
文摘Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.
文摘The use of machine learning algorithms to identify characteristics in Distributed Denial of Service (DDoS) attacks has emerged as a powerful approach in cybersecurity. DDoS attacks, which aim to overwhelm a network or service with a flood of malicious traffic, pose significant threats to online systems. Traditional methods of detection and mitigation often struggle to keep pace with the evolving nature of these attacks. Machine learning, with its ability to analyze vast amounts of data and recognize patterns, offers a robust solution to this challenge. The aim of the paper is to demonstrate the application of ensemble ML algorithms, namely the K-Means and the KNN, for a dual clustering mechanism when used with PySpark to collect 99% accurate data. The algorithms, when used together, identify distinctive features of DDoS attacks that prove a very accurate reflection of reality, so they are a good combination for this aim. Impressively, having preprocessed the data, both algorithms with the PySpark foundation enabled the achievement of 99% accuracy when tuned on the features of a DDoS big dataset. The semi-supervised dataset tabulates traffic anomalies in terms of packet size distribution in correlation to Flow Duration. By training the K-Means Clustering and then applying the KNN to the dataset, the algorithms learn to evaluate the character of activity to a greater degree by displaying density with ease. The study evaluates the effectiveness of the K-Means Clustering with the KNN as ensemble algorithms that adapt very well in detecting complex patterns. Ultimately, cross-reaching environmental results indicate that ML-based approaches significantly improve detection rates compared to traditional methods. Furthermore, ensemble learning methods, which combine two plus multiple models to improve prediction accuracy, show greatness in handling the complexity and variability of big data sets especially when implemented by PySpark. The findings suggest that the enhancement of accuracy derives from newer software that’s designed to reflect reality. However, challenges remain in the deployment of these systems, including the need for large, high-quality datasets and the potential for adversarial attacks that attempt to deceive the ML models. Future research should continue to improve the robustness and efficiency of combining algorithms, as well as integrate them with existing security frameworks to provide comprehensive protection against DDoS attacks and other areas. The dataset was originally created by the University of New Brunswick to analyze DDoS data. The dataset itself was based on logs of the university’s servers, which found various DoS attacks throughout the publicly available period to totally generate 80 attributes with a 6.40GB size. In this dataset, the label and binary column become a very important portion of the final classification. In the last column, this means the normal traffic would be differentiated by the attack traffic. Further analysis is then ripe for investigation. Finally, malicious traffic alert software, as an example, should be trained on packet influx to Flow Duration dependence, which creates a mathematical scope for averages to enact. In achieving such high accuracy, the project acts as an illustration (referenced in the form of excerpts from my Google Colab account) of many attempts to tune. Cybersecurity advocates for more work on the character of brute-force attack traffic and normal traffic features overall since most of our investments as humans are digitally based in work, recreational, and social environments.
