A Distributed Denial-of-Service(DDoS)attack poses a significant challenge in the digital age,disrupting online services with operational and financial consequences.Detecting such attacks requires innovative and effect...A Distributed Denial-of-Service(DDoS)attack poses a significant challenge in the digital age,disrupting online services with operational and financial consequences.Detecting such attacks requires innovative and effective solutions.The primary challenge lies in selecting the best among several DDoS detection models.This study presents a framework that combines several DDoS detection models and Multiple-Criteria Decision-Making(MCDM)techniques to compare and select the most effective models.The framework integrates a decision matrix from training several models on the CiC-DDOS2019 dataset with Fuzzy Weighted Zero Inconsistency Criterion(FWZIC)and MultiAttribute Boundary Approximation Area Comparison(MABAC)methodologies.FWZIC assigns weights to evaluate criteria,while MABAC compares detection models based on the assessed criteria.The results indicate that the FWZIC approach assigns weights to criteria reliably,with time complexity receiving the highest weight(0.2585)and F1 score receiving the lowest weight(0.14644).Among the models evaluated using the MABAC approach,the Support Vector Machine(SVM)ranked first with a score of 0.0444,making it the most suitable for this work.In contrast,Naive Bayes(NB)ranked lowest with a score of 0.0018.Objective validation and sensitivity analysis proved the reliability of the framework.This study provides a practical approach and insights for cybersecurity practitioners and researchers to evaluate DDoS detection models.展开更多
The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists fac...The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists face the challenge of producing systems to identify and offset these attacks.This researchmanages IoT security through the emerging Software-Defined Networking(SDN)standard by developing a unified framework(RNN-RYU).We thoroughly assess multiple deep learning frameworks,including Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),Feed-Forward Convolutional Neural Network(FFCNN),and Recurrent Neural Network(RNN),and present the novel usage of Synthetic Minority Over-Sampling Technique(SMOTE)tailored for IoT-SDN contexts to manage class imbalance during training and enhance performance metrics.Our research has significant practical implications as we authenticate the approache using both the self-generated SD_IoT_Smart_City dataset and the publicly available CICIoT23 dataset.The system utilizes only eleven features to identify DDoS attacks efficiently.Results indicate that the RNN can reliably and precisely differentiate between DDoS traffic and benign traffic by easily identifying temporal relationships and sequences in the data.展开更多
Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt sa...Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt safety-critical channels and undermine reliability.This paper presents a robust,scalable framework for detecting DDoS attacks in highway VANETs.We construct a new dataset with Network Simulator 3(NS-3)and Simulation of Urban Mobility(SUMO),enriched with real mobility traces from Germany’s A81 highway(OpenStreetMap).Three traffic classes are modeled:DDoS,Voice over IP(VoIP),and Transmission Control Protocol Based(TCP-based)video streaming(VideoTCP).The pipeline includes normalization,feature selection with SHapley Additive exPlanations(SHAP),and class balancing via Synthetic Minority Over-sampling Technique(SMOTE).Eleven classifiers are benchmarked—including eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),Adaptive Boosting(AdaBoost),Gradient Boosting(GB),and an Artificial Neural Network(ANN)—using stratified 5-fold cross-validation.XGBoost,GB,CatBoost and ANN achieve the highest performance(weighted F1-score=97%).To assess robustness under non-ideal conditions,we introduce an adversarial evaluation with packet-loss and traffic-jitter(small-sample deformation);the top models retain strong performance,supporting real-time applicability.Collectively,these results demonstrate that the proposed highway-focused framework is accurate,resilient,and well-suited for deployment in VANET security for emergency communications.展开更多
Distributed Denial of Service(DDoS)attacks are one of the severe threats to network infrastructure,sometimes bypassing traditional diagnosis algorithms because of their evolving complexity.PresentMachine Learning(ML)t...Distributed Denial of Service(DDoS)attacks are one of the severe threats to network infrastructure,sometimes bypassing traditional diagnosis algorithms because of their evolving complexity.PresentMachine Learning(ML)techniques for DDoS attack diagnosis normally apply network traffic statistical features such as packet sizes and inter-arrival times.However,such techniques sometimes fail to capture complicated relations among various traffic flows.In this paper,we present a new multi-scale ensemble strategy given the Graph Neural Networks(GNNs)for improving DDoS detection.Our technique divides traffic into macro-and micro-level elements,letting various GNN models to get the two corase-scale anomalies and subtle,stealthy attack models.Through modeling network traffic as graph-structured data,GNNs efficiently learn intricate relations among network entities.The proposed ensemble learning algorithm combines the results of several GNNs to improve generalization,robustness,and scalability.Extensive experiments on three benchmark datasets—UNSW-NB15,CICIDS2017,and CICDDoS2019—show that our approach outperforms traditional machine learning and deep learning models in detecting both high-rate and low-rate(stealthy)DDoS attacks,with significant improvements in accuracy and recall.These findings demonstrate the suggested method’s applicability and robustness for real-world implementation in contexts where several DDoS patterns coexist.展开更多
In this paper,a security defense issue is investigated for networked control systems susceptible to stochastic denial of service(DoS) attacks by using the sliding mode control method.To utilize network communication r...In this paper,a security defense issue is investigated for networked control systems susceptible to stochastic denial of service(DoS) attacks by using the sliding mode control method.To utilize network communication resources more effectively,a novel adaptive event-triggered(AET) mechanism is introduced,whose triggering coefficient can be adaptively adjusted according to the evolution trend of system states.Differing from existing event-triggered(ET) mechanisms,the proposed one demonstrates exceptional relevance and flexibility.It is closely related to attack probability,and its triggering coefficient dynamically adjusts depending on the presence or absence of an attack.To leverage attacker information more effectively,a switching-like sliding mode security controller is designed,which can autonomously select different controller gains based on the sliding function representing the attack situation.Sufficient conditions for the existence of the switching-like sliding mode secure controller are presented to ensure the stochastic stability of the system and the reachability of the sliding surface.Compared with existing time-invariant control strategies within the triggered interval,more resilient defense performance can be expected since the correlation with attack information is established in both the proposed AET scheme and the control strategy.Finally,a simulation example is conducted to verify the effectiveness and feasibility of the proposed security control method.展开更多
As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic...As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.展开更多
Distributed denial-of-service(DDoS)is a rapidly growing problem with the fast development of the Internet.There are multitude DDoS detection approaches,however,three major problems about DDoS attack detection appear i...Distributed denial-of-service(DDoS)is a rapidly growing problem with the fast development of the Internet.There are multitude DDoS detection approaches,however,three major problems about DDoS attack detection appear in the big data environment.Firstly,to shorten the respond time of the DDoS attack detector;secondly,to reduce the required compute resources;lastly,to achieve a high detection rate with low false alarm rate.In the paper,we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems.We define a network flow abnormal index as PDRA with the percentage of old IP addresses,the increment of the new IP addresses,the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address.We design an IP address database using sequential storage model which has a constant time complexity.The autoregressive integrated moving average(ARIMA)trending prediction module will be started if and only if the number of continuous PDRA sequence value,which all exceed an PDRA abnormal threshold(PAT),reaches a certain preset threshold.And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT.Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence.Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption,identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.展开更多
In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research ha...In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research has concentrated largely on factors such as reliability,latency,controller capacity,propagation delay,and energy consumption.However,SDNs are vulnerable to distributed denial of service(DDoS)attacks that interfere with legitimate use of the network.The ever-increasing frequency of DDoS attacks has made it necessary to consider them in network design,especially in critical applications such as military,health care,and financial services networks requiring high availability.We propose a mathematical model for planning the deployment of SDN smart backup controllers(SBCs)to preserve service in the presence of DDoS attacks.Given a number of input parameters,our model has two distinct capabilities.First,it determines the optimal number of primary controllers to place at specific locations or nodes under normal operating conditions.Second,it recommends an optimal number of smart backup controllers for use with different levels of DDoS attacks.The goal of the model is to improve resistance to DDoS attacks while optimizing the overall cost based on the parameters.Our simulated results demonstrate that the model is useful in planning for SDN reliability in the presence of DDoS attacks while managing the overall cost.展开更多
Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time over...Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks.This paper proposes a blockchain-based collaborative detection method for DDoS attacks.First,the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions(SGX),which provides high security for uploading the DDoS attack detection model to the blockchain.Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS)and then a corresponding Content-ID(CID)is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain.In addition,due to the small amount of model data,the time cost of uploading the DDoS attack detection model is greatly reduced.Finally,through the blockchain and smart contracts,the CID is distributed to other service providers,who can use the CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized,trusted and tamper-proof environment for service providers.Besides,smart contracts and IPFS greatly improve the distribution efficiency of the model,while the distribution of CID greatly improves the efficiency of the transmission on the blockchain.In this way,the purpose of collaborative detection can be achieved,and the time cost of transmission on blockchain and IPFS can be considerably saved.We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain,and use IPFS to greatly reduce the cost of the distribution model.In the experiment,compared with most blockchain-based method for DDoS attack detection,the proposed model using blockchain distribution shows the advantages of low cost and latency.The remote authentication mechanism of Intel SGX provides high security and integrity,and ensures the availability of distributed models.展开更多
The Software-Defined Networking(SDN)technology improves network management over existing technology via centralized network control.The SDN provides a perfect platform for researchers to solve traditional network’s o...The Software-Defined Networking(SDN)technology improves network management over existing technology via centralized network control.The SDN provides a perfect platform for researchers to solve traditional network’s outstanding issues.However,despite the advantages of centralized control,concern about its security is rising.The more traditional network switched to SDN technology,the more attractive it becomes to malicious actors,especially the controller,because it is the network’s brain.A Distributed Denial of Service(DDoS)attack on the controller could cripple the entire network.For that reason,researchers are always looking for ways to detect DDoS attacks against the controller with higher accuracy and lower false-positive rate.This paper proposes an entropy-based approach to detect low-rate and high-rate DDoS attacks against the SDN controller,regardless of the number of attackers or targets.The proposed approach generalized the Rényi joint entropy for analyzing the network traffic flow to detect DDoS attack traffic flow of varying rates.Using two packet header features and generalized Rényi joint entropy,the proposed approach achieved a better detection rate than the EDDSC approach that uses Shannon entropy metrics.展开更多
Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of ...Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of flooding the victim network with an enormous number of packets, hence exhausting the resources and preventing the legitimate users to access them. After having standard DDoS defense mechanism, still attackers are able to launch an attack. These inadequate defense mechanisms need to be improved and integrated with other solutions. The purpose of this paper is to study the characteristics of DDoS attacks, various models involved in attacks and to provide a timeline of defense mechanism with their improvements to combat DDoS attacks. In addition to this, a novel scheme is proposed to detect DDoS attack efficiently by using MapReduce programming model.展开更多
In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by Io...In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.展开更多
Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCar...Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.展开更多
Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks...Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.展开更多
文摘A Distributed Denial-of-Service(DDoS)attack poses a significant challenge in the digital age,disrupting online services with operational and financial consequences.Detecting such attacks requires innovative and effective solutions.The primary challenge lies in selecting the best among several DDoS detection models.This study presents a framework that combines several DDoS detection models and Multiple-Criteria Decision-Making(MCDM)techniques to compare and select the most effective models.The framework integrates a decision matrix from training several models on the CiC-DDOS2019 dataset with Fuzzy Weighted Zero Inconsistency Criterion(FWZIC)and MultiAttribute Boundary Approximation Area Comparison(MABAC)methodologies.FWZIC assigns weights to evaluate criteria,while MABAC compares detection models based on the assessed criteria.The results indicate that the FWZIC approach assigns weights to criteria reliably,with time complexity receiving the highest weight(0.2585)and F1 score receiving the lowest weight(0.14644).Among the models evaluated using the MABAC approach,the Support Vector Machine(SVM)ranked first with a score of 0.0444,making it the most suitable for this work.In contrast,Naive Bayes(NB)ranked lowest with a score of 0.0018.Objective validation and sensitivity analysis proved the reliability of the framework.This study provides a practical approach and insights for cybersecurity practitioners and researchers to evaluate DDoS detection models.
基金supported by NSTC 113-2221-E-155-055NSTC 113-2222-E-155-007,Taiwan.
文摘The rapid advancement of the Internet ofThings(IoT)has heightened the importance of security,with a notable increase in Distributed Denial-of-Service(DDoS)attacks targeting IoT devices.Network security specialists face the challenge of producing systems to identify and offset these attacks.This researchmanages IoT security through the emerging Software-Defined Networking(SDN)standard by developing a unified framework(RNN-RYU).We thoroughly assess multiple deep learning frameworks,including Convolutional Neural Network(CNN),Long Short-Term Memory(LSTM),Feed-Forward Convolutional Neural Network(FFCNN),and Recurrent Neural Network(RNN),and present the novel usage of Synthetic Minority Over-Sampling Technique(SMOTE)tailored for IoT-SDN contexts to manage class imbalance during training and enhance performance metrics.Our research has significant practical implications as we authenticate the approache using both the self-generated SD_IoT_Smart_City dataset and the publicly available CICIoT23 dataset.The system utilizes only eleven features to identify DDoS attacks efficiently.Results indicate that the RNN can reliably and precisely differentiate between DDoS traffic and benign traffic by easily identifying temporal relationships and sequences in the data.
文摘Vehicular Ad Hoc Networks(VANETs)are central to Intelligent Transportation Systems(ITS),especially for real-time communication involving emergency vehicles.Yet,Distributed Denial of Service(DDoS)attacks can disrupt safety-critical channels and undermine reliability.This paper presents a robust,scalable framework for detecting DDoS attacks in highway VANETs.We construct a new dataset with Network Simulator 3(NS-3)and Simulation of Urban Mobility(SUMO),enriched with real mobility traces from Germany’s A81 highway(OpenStreetMap).Three traffic classes are modeled:DDoS,Voice over IP(VoIP),and Transmission Control Protocol Based(TCP-based)video streaming(VideoTCP).The pipeline includes normalization,feature selection with SHapley Additive exPlanations(SHAP),and class balancing via Synthetic Minority Over-sampling Technique(SMOTE).Eleven classifiers are benchmarked—including eXtreme Gradient Boosting(XGBoost),Categorical Boosting(CatBoost),Adaptive Boosting(AdaBoost),Gradient Boosting(GB),and an Artificial Neural Network(ANN)—using stratified 5-fold cross-validation.XGBoost,GB,CatBoost and ANN achieve the highest performance(weighted F1-score=97%).To assess robustness under non-ideal conditions,we introduce an adversarial evaluation with packet-loss and traffic-jitter(small-sample deformation);the top models retain strong performance,supporting real-time applicability.Collectively,these results demonstrate that the proposed highway-focused framework is accurate,resilient,and well-suited for deployment in VANET security for emergency communications.
文摘Distributed Denial of Service(DDoS)attacks are one of the severe threats to network infrastructure,sometimes bypassing traditional diagnosis algorithms because of their evolving complexity.PresentMachine Learning(ML)techniques for DDoS attack diagnosis normally apply network traffic statistical features such as packet sizes and inter-arrival times.However,such techniques sometimes fail to capture complicated relations among various traffic flows.In this paper,we present a new multi-scale ensemble strategy given the Graph Neural Networks(GNNs)for improving DDoS detection.Our technique divides traffic into macro-and micro-level elements,letting various GNN models to get the two corase-scale anomalies and subtle,stealthy attack models.Through modeling network traffic as graph-structured data,GNNs efficiently learn intricate relations among network entities.The proposed ensemble learning algorithm combines the results of several GNNs to improve generalization,robustness,and scalability.Extensive experiments on three benchmark datasets—UNSW-NB15,CICIDS2017,and CICDDoS2019—show that our approach outperforms traditional machine learning and deep learning models in detecting both high-rate and low-rate(stealthy)DDoS attacks,with significant improvements in accuracy and recall.These findings demonstrate the suggested method’s applicability and robustness for real-world implementation in contexts where several DDoS patterns coexist.
基金supported in part by Shanghai Natural Science Foundation(24ZR1454700)the National Natural Science Foundation of China(62503331,62533016,62573279,62173231,62203288)Shanghai Pujiang Program(23PJD033)。
文摘In this paper,a security defense issue is investigated for networked control systems susceptible to stochastic denial of service(DoS) attacks by using the sliding mode control method.To utilize network communication resources more effectively,a novel adaptive event-triggered(AET) mechanism is introduced,whose triggering coefficient can be adaptively adjusted according to the evolution trend of system states.Differing from existing event-triggered(ET) mechanisms,the proposed one demonstrates exceptional relevance and flexibility.It is closely related to attack probability,and its triggering coefficient dynamically adjusts depending on the presence or absence of an attack.To leverage attacker information more effectively,a switching-like sliding mode security controller is designed,which can autonomously select different controller gains based on the sliding function representing the attack situation.Sufficient conditions for the existence of the switching-like sliding mode secure controller are presented to ensure the stochastic stability of the system and the reachability of the sliding surface.Compared with existing time-invariant control strategies within the triggered interval,more resilient defense performance can be expected since the correlation with attack information is established in both the proposed AET scheme and the control strategy.Finally,a simulation example is conducted to verify the effectiveness and feasibility of the proposed security control method.
基金supported by Korea National University of Transportation Industry-Academy Cooperation Foundation in 2024.
文摘As cyber threats become increasingly sophisticated,Distributed Denial-of-Service(DDoS)attacks continue to pose a serious threat to network infrastructure,often disrupting critical services through overwhelming traffic.Although unsupervised anomaly detection using convolutional autoencoders(CAEs)has gained attention for its ability to model normal network behavior without requiring labeled data,conventional CAEs struggle to effectively distinguish between normal and attack traffic due to over-generalized reconstructions and naive anomaly scoring.To address these limitations,we propose CA-CAE,a novel anomaly detection framework designed to improve DDoS detection through asymmetric joint reconstruction learning and refined anomaly scoring.Our architecture connects two CAEs sequentially with asymmetric filter allocation,which amplifies reconstruction errors for anomalous data while preserving low errors for normal traffic.Additionally,we introduce a scoring mechanism that incorporates exponential decay weighting to emphasize recent anomalies and relative traffic volume adjustment to highlight highrisk instances,enabling more accurate and timely detection.We evaluate CA-CAE on a real-world network traffic dataset collected using Cisco NetFlow,containing over 190,000 normal instances and only 78 anomalous instances—an extremely imbalanced scenario(0.0004% anomalies).We validate the proposed framework through extensive experiments,including statistical tests and comparisons with baseline models.Despite this challenge,our method achieves significant improvement,increasing the F1-score from 0.515 obtained by the baseline CAE to 0.934,and outperforming other models.These results demonstrate the effectiveness,scalability,and practicality of CA-CAE for unsupervised DDoS detection in realistic network environments.By combining lightweight model architecture with a domain-aware scoring strategy,our framework provides a robust solution for early detection of DDoS attacks without relying on labeled attack data.
基金This work was supported by the National Natural Science Foundation of China[No.61762033,61363071,61702539]The National Natural Science Foundation of Hainan[No.617048,2018CXTD333]+1 种基金Hainan University Doctor Start Fund Project[No.kyqd1328]Hainan University Youth Fund Project[No.qnjj1444].
文摘Distributed denial-of-service(DDoS)is a rapidly growing problem with the fast development of the Internet.There are multitude DDoS detection approaches,however,three major problems about DDoS attack detection appear in the big data environment.Firstly,to shorten the respond time of the DDoS attack detector;secondly,to reduce the required compute resources;lastly,to achieve a high detection rate with low false alarm rate.In the paper,we propose an abnormal network flow feature sequence prediction approach which could fit to be used as a DDoS attack detector in the big data environment and solve aforementioned problems.We define a network flow abnormal index as PDRA with the percentage of old IP addresses,the increment of the new IP addresses,the ratio of new IP addresses to the old IP addresses and average accessing rate of each new IP address.We design an IP address database using sequential storage model which has a constant time complexity.The autoregressive integrated moving average(ARIMA)trending prediction module will be started if and only if the number of continuous PDRA sequence value,which all exceed an PDRA abnormal threshold(PAT),reaches a certain preset threshold.And then calculate the probability that is the percentage of forecasting PDRA sequence value which exceed the PAT.Finally we identify the DDoS attack based on the abnormal probability of the forecasting PDRA sequence.Both theorem and experiment show that the method we proposed can effectively reduce the compute resources consumption,identify DDoS attack at its initial stage with higher detection rate and lower false alarm rate.
基金This research work was funded by TMR&D Sdn Bhd under project code RDTC160902.
文摘In software-defined networks(SDNs),controller placement is a critical factor in the design and planning for the future Internet of Things(IoT),telecommunication,and satellite communication systems.Existing research has concentrated largely on factors such as reliability,latency,controller capacity,propagation delay,and energy consumption.However,SDNs are vulnerable to distributed denial of service(DDoS)attacks that interfere with legitimate use of the network.The ever-increasing frequency of DDoS attacks has made it necessary to consider them in network design,especially in critical applications such as military,health care,and financial services networks requiring high availability.We propose a mathematical model for planning the deployment of SDN smart backup controllers(SBCs)to preserve service in the presence of DDoS attacks.Given a number of input parameters,our model has two distinct capabilities.First,it determines the optimal number of primary controllers to place at specific locations or nodes under normal operating conditions.Second,it recommends an optimal number of smart backup controllers for use with different levels of DDoS attacks.The goal of the model is to improve resistance to DDoS attacks while optimizing the overall cost based on the parameters.Our simulated results demonstrate that the model is useful in planning for SDN reliability in the presence of DDoS attacks while managing the overall cost.
基金supported by the Key Research and Development Program of Hainan Province(Grant No.ZDYF2020040,ZDYF2021GXJS003)Major science and technology project of Hainan Province(Grant No.ZDKJ2020012)+2 种基金National Natural Science Foundation of China(NSFC)(Grant No.62162022,62162024 and 61762033)Hainan Provincial Natural Science Foundation of China(Grant No.620MS021)Opening Project of Shanghai Trusted Industrial Control Platform(Grant No.TICPSH202003005-ZC).
文摘Distributed Denial of Service(DDoS)attacks is always one of the major problems for service providers.Using blockchain to detect DDoS attacks is one of the current popular methods.However,the problems of high time overhead and cost exist in the most of the blockchain methods for detecting DDoS attacks.This paper proposes a blockchain-based collaborative detection method for DDoS attacks.First,the trained DDoS attack detection model is encrypted by the Intel Software Guard Extensions(SGX),which provides high security for uploading the DDoS attack detection model to the blockchain.Secondly,the service provider uploads the encrypted model to Inter Planetary File System(IPFS)and then a corresponding Content-ID(CID)is generated by IPFS which greatly saves the cost of uploading encrypted models to the blockchain.In addition,due to the small amount of model data,the time cost of uploading the DDoS attack detection model is greatly reduced.Finally,through the blockchain and smart contracts,the CID is distributed to other service providers,who can use the CID to download the corresponding DDoS attack detection model from IPFS.Blockchain provides a decentralized,trusted and tamper-proof environment for service providers.Besides,smart contracts and IPFS greatly improve the distribution efficiency of the model,while the distribution of CID greatly improves the efficiency of the transmission on the blockchain.In this way,the purpose of collaborative detection can be achieved,and the time cost of transmission on blockchain and IPFS can be considerably saved.We designed a blockchain-based DDoS attack collaborative detection framework to improve the data transmission efficiency on the blockchain,and use IPFS to greatly reduce the cost of the distribution model.In the experiment,compared with most blockchain-based method for DDoS attack detection,the proposed model using blockchain distribution shows the advantages of low cost and latency.The remote authentication mechanism of Intel SGX provides high security and integrity,and ensures the availability of distributed models.
基金This work was supported by Universiti Sains Malaysia under external grant(Grant Number 304/PNAV/650958/U154).
文摘The Software-Defined Networking(SDN)technology improves network management over existing technology via centralized network control.The SDN provides a perfect platform for researchers to solve traditional network’s outstanding issues.However,despite the advantages of centralized control,concern about its security is rising.The more traditional network switched to SDN technology,the more attractive it becomes to malicious actors,especially the controller,because it is the network’s brain.A Distributed Denial of Service(DDoS)attack on the controller could cripple the entire network.For that reason,researchers are always looking for ways to detect DDoS attacks against the controller with higher accuracy and lower false-positive rate.This paper proposes an entropy-based approach to detect low-rate and high-rate DDoS attacks against the SDN controller,regardless of the number of attackers or targets.The proposed approach generalized the Rényi joint entropy for analyzing the network traffic flow to detect DDoS attack traffic flow of varying rates.Using two packet header features and generalized Rényi joint entropy,the proposed approach achieved a better detection rate than the EDDSC approach that uses Shannon entropy metrics.
文摘Distributed denial of service (DDoS) attacks continues to grow as a threat to organizations worldwide. From the first known attack in 1999 to the highly publicized Operation Ababil, the DDoS attacks have a history of flooding the victim network with an enormous number of packets, hence exhausting the resources and preventing the legitimate users to access them. After having standard DDoS defense mechanism, still attackers are able to launch an attack. These inadequate defense mechanisms need to be improved and integrated with other solutions. The purpose of this paper is to study the characteristics of DDoS attacks, various models involved in attacks and to provide a timeline of defense mechanism with their improvements to combat DDoS attacks. In addition to this, a novel scheme is proposed to detect DDoS attack efficiently by using MapReduce programming model.
文摘In the era of the Internet of Things(IoT),the proliferation of connected devices has raised security concerns,increasing the risk of intrusions into diverse systems.Despite the convenience and efficiency offered by IoT technology,the growing number of IoT devices escalates the likelihood of attacks,emphasizing the need for robust security tools to automatically detect and explain threats.This paper introduces a deep learning methodology for detecting and classifying distributed denial of service(DDoS)attacks,addressing a significant security concern within IoT environments.An effective procedure of deep transfer learning is applied to utilize deep learning backbones,which is then evaluated on two benchmarking datasets of DDoS attacks in terms of accuracy and time complexity.By leveraging several deep architectures,the study conducts thorough binary and multiclass experiments,each varying in the complexity of classifying attack types and demonstrating real-world scenarios.Additionally,this study employs an explainable artificial intelligence(XAI)AI technique to elucidate the contribution of extracted features in the process of attack detection.The experimental results demonstrate the effectiveness of the proposed method,achieving a recall of 99.39%by the XAI bidirectional long short-term memory(XAI-BiLSTM)model.
文摘Recent DDoS attacks against several web sites operated by SONY Playstation caused wide spread outage for several days, and loss of user account information. DDoS attacks by WikiLeaks supporters against VISA, MasterCard, and Paypal servers made headline news globally. These DDoS attack floods are known to crash, or reduce the performance of web based applications, and reduce the number of legitimate client connections/sec. TCP SYN flood is one of the common DDoS attack, and latest operating systems have some form of protection against this attack to prevent the attack in reducing the performance of web applications, and user connections. In this paper, we evaluated the performance of the TCP-SYN attack protection provided in Microsoft’s windows server 2003. It is found that the SYN attack protection provided by the server is effective in preventing attacks only at lower loads of SYN attack traffic, however this built-in protection is found to be not effective against high intensity of SYN attack traffic. Measurement results in this paper can help network operators understand the effectiveness of built-in protection mechanism that exists in millions of Windows server 2003 against one of the most popular DDoS attacks, namely the TCP SYN attack, and help enhance security of their network by additional means.
文摘Distributed denial of service(DDoS)attack is the most common attack that obstructs a network and makes it unavailable for a legitimate user.We proposed a deep neural network(DNN)model for the detection of DDoS attacks in the Software-Defined Networking(SDN)paradigm.SDN centralizes the control plane and separates it from the data plane.It simplifies a network and eliminates vendor specification of a device.Because of this open nature and centralized control,SDN can easily become a victim of DDoS attacks.We proposed a supervised Developed Deep Neural Network(DDNN)model that can classify the DDoS attack traffic and legitimate traffic.Our Developed Deep Neural Network(DDNN)model takes a large number of feature values as compared to previously proposed Machine Learning(ML)models.The proposed DNN model scans the data to find the correlated features and delivers high-quality results.The model enhances the security of SDN and has better accuracy as compared to previously proposed models.We choose the latest state-of-the-art dataset which consists of many novel attacks and overcomes all the shortcomings and limitations of the existing datasets.Our model results in a high accuracy rate of 99.76%with a low false-positive rate and 0.065%low loss rate.The accuracy increases to 99.80%as we increase the number of epochs to 100 rounds.Our proposed model classifies anomalous and normal traffic more accurately as compared to the previously proposed models.It can handle a huge amount of structured and unstructured data and can easily solve complex problems.
