scholarly journals Real-Time Detection of Application-Layer DDoS Attack Using Time Series Analysis

2013 ◽  
Vol 2013 ◽  
pp. 1-6 ◽  
Author(s):  
Tongguang Ni ◽  
Xiaoqing Gu ◽  
Hongyuan Wang ◽  
Yu Li
Keyword(s):  
Time Series ◽  
Denial Of Service ◽  
Support Vector ◽  
Svm Classifier ◽  
Ddos Attacks ◽  
Application Layer ◽  
Ip Address ◽  
Detection Systems ◽  
Ddos Attack ◽  
Novel Approach

Distributed denial of service (DDoS) attacks are one of the major threats to the current Internet, and application-layer DDoS attacks utilizing legitimate HTTP requests to overwhelm victim resources are more undetectable. Consequently, neither intrusion detection systems (IDS) nor victim server can detect malicious packets. In this paper, a novel approach to detect application-layer DDoS attack is proposed based on entropy of HTTP GET requests per source IP address (HRPI). By approximating the adaptive autoregressive (AAR) model, the HRPI time series is transformed into a multidimensional vector series. Then, a trained support vector machine (SVM) classifier is applied to identify the attacks. The experiments with several databases are performed and results show that this approach can detect application-layer DDoS attacks effectively.

scholarly journals Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

2020 ◽  
Vol 14 (1) ◽  
pp. 17-34
Author(s):  
Maryam Ghanbari ◽  
Witold Kinsner
Keyword(s):  
Smart Grid ◽  
Input Data ◽  
Denial Of Service ◽  
Support Vector ◽  
Discrete Wavelet ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Infrastructure Services ◽  
Distinguishing Features

Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.

User Activity Based Application-Layer DoS/DDoS Attack Defense Algorithm

2015 ◽  
Vol 742 ◽  
pp. 693-697
Author(s):  
Yu Lei Tsien ◽  
Rong Li Gai
Keyword(s):  
Intrusion Detection ◽  
System Performance ◽  
Intrusion Detection Systems ◽  
Ddos Attacks ◽  
Application Layer ◽  
Network Layer ◽  
Detection Systems ◽  
Ddos Attack ◽  
User Activity ◽  
Bottleneck Resources

In application-layer DoS/DDoS attacks, malicious users attack the victim server by sending lots of legitimate requesting packages, which overwhelm the server bottleneck resources. Normal user’s request thus may not be satisfied. The traditional intrusion detection systems for network-layer cannot effectively identify this attack, and recent researches on this kind of attack are mainly for Web servers. This paper proposed a new defense algorithm based on user activity for topic-based Pub/Sub communication servers in mobile push notification systems. Users consuming system bottleneck resources the most can get high scores and thus are considered overactive. With some resource retaken strategy, overactive users’ connections will be dropped according to system performance level. Therefore, the system can get rid of latent threatens. Experiments indicated that this algorithm can identify normal and abnormal users well.

scholarly journals An Adaptive Protection of Flooding Attacks Model for Complex Network Environments

2021 ◽  
Vol 2021 ◽  
pp. 1-17
Author(s):  
Bashar Ahmad Khalaf ◽  
Salama A. Mostafa ◽  
Aida Mustapha ◽  
Mazin Abed Mohammed ◽  
Moamin A. Mahmoud ◽  
...  
Keyword(s):  
Denial Of Service ◽  
Attack Behavior ◽  
Ddos Attacks ◽  
Ip Address ◽  
Agent Based ◽  
Ddos Attack ◽  
Adaptive Protection ◽  
Adaptive Agent ◽  
Processing Power ◽  
Flooding Attacks

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios’ changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model.

scholarly journals Advanced Support Vector Machine- (ASVM-) Based Detection for Distributed Denial of Service (DDoS) Attack on Software Defined Networking (SDN)

2019 ◽  
Vol 2019 ◽  
pp. 1-12 ◽  
Author(s):  
Myo Myint Oo ◽  
Sinchai Kamolphiwong ◽  
Thossaporn Kamolphiwong ◽  
Sangsuree Vasupongayya
Keyword(s):  
Support Vector Machine ◽  
Denial Of Service ◽  
Detection Technique ◽  
Support Vector ◽  
Testing Time ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Training Time ◽  
Ddos Attack ◽  
Advanced Support

Software Defined Networking (SDN) has many advantages over a traditional network. The great advantage of SDN is that the network control is physically separated from forwarding devices. SDN can solve many security issues of a legacy network. Nevertheless, SDN has many security vulnerabilities. The biggest issue of SDN vulnerabilities is Distributed Denial of Service (DDoS) attack. The DDoS attack on SDN becomes an important problem, and varieties of methods had been applied for detection and mitigation purposes. The objectives of this paper are to propose a detection method of DDoS attacks by using SDN based technique that will disturb the legitimate user's activities at the minimum and to propose Advanced Support Vector Machine (ASVM) technique as an enhancement of existing Support Vector Machine (SVM) algorithm to detect DDoS attacks. ASVM technique is a multiclass classification method consisting of three classes. In this paper, we can successfully detect two types of flooding-based DDoS attacks. Our detection technique can reduce the training time as well as the testing time by using two key features, namely, the volumetric and the asymmetric features. We evaluate the results by measuring a false alarm rate, a detection rate, and accuracy. The detection accuracy of our detection technique is approximately 97% with the fastest training time and testing time.

scholarly journals Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

2020 ◽  
Vol 12 (3) ◽  
pp. 1035 ◽  
Author(s):  
Huseyin Polat ◽  
Onur Polat ◽  
Aydin Cetin
Keyword(s):  
Machine Learning ◽  
Feature Selection ◽  
Denial Of Service ◽  
Attack Detection ◽  
Critical Threshold ◽  
Support Vector ◽  
Ddos Attacks ◽  
Selection Methods ◽  
Training Time ◽  
Ddos Attack

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

scholarly journals Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

2020 ◽  
Vol 8 (6) ◽  
pp. 208-212
Keyword(s):  
Machine Learning ◽  
Defense Mechanisms ◽  
Defense Mechanism ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Network Environment ◽  
Ddos Attacks ◽  
Application Layer ◽  
New Approach ◽  
Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

scholarly journals IoT DoS and DDoS Attack Detection using ResNet

2020 ◽  
Author(s):  
Faisal Hussain ◽  
Syed Ghazanfar Abbas ◽  
Muhammad Husnain ◽  
Ubaid U. Fayyaz ◽  
Farrukh Shahzad ◽  
...  
Keyword(s):  
Network Traffic ◽  
State Of The Art ◽  
Binary Classification ◽  
Denial Of Service ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Detection Systems ◽  
Ddos Attack ◽  
Attack Patterns ◽  
Iot Devices

Abstract The network attacks are increasing both in frequency and intensity with the rapid growth of internet of things (IoT) devices. Recently, denial of service (DoS) and distributed denial of service (DDoS) attacks are reported as the most frequent attacks in IoT networks. The traditional security solutions like firewalls, intrusion detection systems, etc., are unable to detect the complex DoS and DDoS attacks since most of them filter the normal and attack traffic based upon the static predefined rules. However, these solutions can become reliable and effective when integrated with artificial intelligence (AI) based techniques. During the last few years, deep learning models especially convolutional neural networks achieved high significance due to their outstanding performance in the image processing field. The potential of these convolutional neural network (CNN) models can be used to efficiently detect the complex DoS and DDoS by converting the network traffic dataset into images. Therefore, in this work, we proposed a methodology to convert the network traffic data into image form and trained a state-of-the-art CNN model, i.e., ResNet over the converted data. The proposed methodology accomplished 99.99\% accuracy for detecting the DoS and DDoS in case of binary classification. Furthermore, the proposed methodology achieved 87\% average precision for recognizing eleven types of DoS and DDoS attack patterns which is 9\% higher as compared to the state-of-the-art.

scholarly journals Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Sensors ◽  
2020 ◽  
Vol 20 (14) ◽  
pp. 3820
Author(s):  
Abdul Ghafar Jaafar ◽  
Saiful Adli Ismail ◽  
Mohd Shahidan Abdullah ◽  
Nazri Kama ◽  
Azri Azmi ◽  
...  
Keyword(s):  
Critical Analysis ◽  
Denial Of Service ◽  
Web Server ◽  
Recent Analysis ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Application Layer ◽  
Ddos Attack ◽  
Client Request ◽  
Attack Patterns

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

scholarly journals Detecting DDoS Attacks Using Polyscale Analysis and Deep Learning

2022 ◽  
pp. 1078-1096
Author(s):  
Maryam Ghanbari ◽  
Witold Kinsner
Keyword(s):  
Smart Grid ◽  
Input Data ◽  
Denial Of Service ◽  
Support Vector ◽  
Discrete Wavelet ◽  
Ddos Attacks ◽  
Ddos Attack ◽  
Infrastructure Services ◽  
Distinguishing Features

Distributed denial-of-service (DDoS) attacks are serious threats to the availability of a smart grid infrastructure services because they can cause massive blackouts. This study describes an anomaly detection method for improving the detection rate of a DDoS attack in a smart grid. This improvement was achieved by increasing the classification of the training and testing phases in a convolutional neural network (CNN). A full version of the variance fractal dimension trajectory (VFDTv2) was used to extract inherent features from the stochastic fractal input data. A discrete wavelet transform (DWT) was applied to the input data and the VFDTv2 to extract significant distinguishing features during data pre-processing. A support vector machine (SVM) was used for data post-processing. The implementation detected the DDoS attack with 87.35% accuracy.

scholarly journals Chi-Square and Entropy (CS-E):A Hybrid Method for DDoS Attack Detection and Trace Back

2019 ◽  
Vol 8 (4S2) ◽  
pp. 234-541
Keyword(s):  
Small Businesses ◽  
Large Scale ◽  
Attack Detection ◽  
Ddos Attacks ◽  
Chi Square ◽  
Ip Address ◽  
Ddos Attack ◽  
Legitimate User ◽  
Novel Approach ◽  
Trace Back

Internet becomes unavoidable and it provides us with a wealth of information and allows us to keep in touch with the outside world. However, there can also be risks on the internet that is, for example, even a naive hacker can access information and easily learn to generate a large scale DDoS attack with the help of downloadable user-friendly attacking tools. Nowadays, this has made even small businesses in trouble. One of the extensive DDoS attacks was done on October 2016 which is called “Mirai botnet”. In that, the attackers send 30 million packets per second to attack the financial department, industries, home system, etc. were affected. In the future, the attackers may hit the hardest even as banks, government sectors, and corporate sectors, etc. On DDoS attack time, the attackers are sending a lot of malicious packets to the server/victims. So the attacker’s throughput is increased and legitimate user throughput is decreased on time of the attack. In this paper, a novel approach is proposed to detect the DDoS attacks using Chi-Square method which compares the normal packets and current packets statistics to discriminate whether the particular flow is DDoS or not. Further; it identifies the IP address of attacking source using entropy statistic. The proposed method can be used to control internet crimes. The experimental results show that the proposed method outperforms the existing approaches by detecting the DDoS attack and also by identifying the wrongdoer IP address. In addition, it takes minimum time to perform the above.

Sign in / Sign up

Export Citation Format

Share Document