Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

In today’s world of network security, wireless communication attacks such as Distributed Denial of Services (DDoS) attacks are one of the most severe cybercriminal attacks. For the information technology and computer systems, a cyber security rule is required to compel different group as well as businesses to secure their systems and information from cyber-attacks. The occurrence of attacks in the healthcare system is responsible for affecting financial as well as prestige losses the patient. To cyber defense networks from this type of attack, it is essential to design an autonomous detection system by considering some essential countermeasures. Our aim is to detect Distributed Denial of Service (DDoS) attack, which is one of the most commonly present cyber-attacks. This research presented an automatic cybersecurity system against DDoS attacks in healthcare applications. This paper focused on deep learning technology along with the concept of a nature-inspired optimization algorithm to detect the affected node. The designed network is simulated in MATLAB tool and provides better results in terms of Packet Delivery Rate, delay and detection rate with Cuckoo Search (CS) and Artificial Neural Network (ANN) as prevention algorithm. In this paper, author has discussed the importance of the information of the patient data in the healthcare. The detail architecture of the health care information system has also been demonstrated and various security requirement are also been discussed. To analyse the performance of this proposed work, the computed metrices are Throughput %, PDR, Detection Rate and Delay.

Download Full-text

DDoS Attacks and Defense Mechanisms Using Machine Learning Techniques for SDN

Research Anthology on Combating Denial-of-Service Attacks ◽

10.4018/978-1-7998-5348-0.ch013 ◽

2021 ◽

pp. 248-264

Author(s):

Rochak Swami ◽

Mayank Dave ◽

Virender Ranga

Keyword(s):

Machine Learning ◽

Defense Mechanisms ◽

Denial Of Service ◽

Machine Learning Techniques ◽

Learning Approaches ◽

Ddos Attacks ◽

Ddos Attack ◽

Learning Techniques ◽

New Generation ◽

Networking Technology

Distributed denial of service (DDoS) attack is one of the most disastrous attacks that compromises the resources and services of the server. DDoS attack makes the services unavailable for its legitimate users by flooding the network with illegitimate traffic. Most commonly, it targets the bandwidth and resources of the server. This chapter discusses various types of DDoS attacks with their behavior. It describes the state-of-the-art of DDoS attacks. An emerging technology named “Software-defined networking” (SDN) has been developed for new generation networks. It has become a trending way of networking. Due to the centralized networking technology, SDN suffers from DDoS attacks. SDN controller manages the functionality of the complete network. Therefore, it is the most vulnerable target of the attackers to be attacked. This work illustrates how DDoS attacks affect the whole working of SDN. The objective of this chapter is also to provide a better understanding of DDoS attacks and how machine learning approaches may be used for detecting DDoS attacks.

Download Full-text

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Sensors ◽

10.3390/s20205845 ◽

2020 ◽

Vol 20 (20) ◽

pp. 5845

Author(s):

João Paulo Abreu Maranhão ◽

João Paulo Carvalho Lustosa da Costa ◽

Edison Pignaton de Freitas ◽

Elnaz Javidi ◽

Rafael Timóteo de Sousa Júnior

Keyword(s):

Machine Learning ◽

False Alarm ◽

False Alarm Rate ◽

Detection Rate ◽

Denial Of Service ◽

Attack Detection ◽

Gradient Boosting ◽

Distributed Denial Of Service ◽

Machine Learning Classification ◽

Ddos Attack

In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.

Download Full-text

Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models

Sustainability ◽

10.3390/su12031035 ◽

2020 ◽

Vol 12 (3) ◽

pp. 1035 ◽

Cited By ~ 9

Author(s):

Huseyin Polat ◽

Onur Polat ◽

Aydin Cetin

Keyword(s):

Machine Learning ◽

Feature Selection ◽

Denial Of Service ◽

Attack Detection ◽

Critical Threshold ◽

Support Vector ◽

Ddos Attacks ◽

Selection Methods ◽

Training Time ◽

Ddos Attack

Software Defined Networking (SDN) offers several advantages such as manageability, scaling, and improved performance. However, SDN involves specific security problems, especially if its controller is defenseless against Distributed Denial of Service (DDoS) attacks. The process and communication capacity of the controller is overloaded when DDoS attacks occur against the SDN controller. Consequently, as a result of the unnecessary flow produced by the controller for the attack packets, the capacity of the switch flow table becomes full, leading the network performance to decline to a critical threshold. In this study, DDoS attacks in SDN were detected using machine learning-based models. First, specific features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Then, a new dataset was created using feature selection methods on the existing dataset. Feature selection methods were preferred to simplify the models, facilitate their interpretation, and provide a shorter training time. Both datasets, created with and without feature selection methods, were trained and tested with Support Vector Machine (SVM), Naive Bayes (NB), Artificial Neural Network (ANN), and K-Nearest Neighbors (KNN) classification models. The test results showed that the use of the wrapper feature selection with a KNN classifier achieved the highest accuracy rate (98.3%) in DDoS attack detection. The results suggest that machine learning and feature selection algorithms can achieve better results in the detection of DDoS attacks in SDN with promising reductions in processing loads and times.

Download Full-text

Application Layer DDoS Attack Defense Methods and A new Defense Mechanism against Flooding

International Journal of Recent Technology and Engineering - 2 ◽

10.35940/ijrte.f6986.038620 ◽

2020 ◽

Vol 8 (6) ◽

pp. 208-212

Keyword(s):

Machine Learning ◽

Defense Mechanisms ◽

Defense Mechanism ◽

Denial Of Service ◽

Distributed Denial Of Service ◽

Network Environment ◽

Ddos Attacks ◽

Application Layer ◽

New Approach ◽

Ddos Attack

In a network environment, Distributed Denial of Service (DDoS) attacks eemploys a network or server is unavailable to its normal users. Application-layer Distributed Denial of Service (App-DDoS) attacks are serious issues for the webserver itself. The multitude and variety of such attacks and defense approaches are overwhelming. This paper here follows, we analyze the different defense mechanisms for application-layer DDoS attacks and proposes a new approach to defend using machine learning.

Download Full-text

Development of a new system to detect denial of service attack using machine learning classification

Indonesian Journal of Electrical Engineering and Computer Science ◽

10.11591/ijeecs.v23.i2.pp1068-1072 ◽

2021 ◽

Vol 23 (2) ◽

pp. 1068

Author(s):

Mohammad M. Rasheed ◽

Alaa K. Faieq ◽

Ahmed A. Hashim

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Denial Of Service ◽

Denial Of Service Attacks ◽

Dos Attack ◽

Machine Learning Classification ◽

Denial Of Service Attack ◽

Different Types ◽

Service Attack

<div>Denial of service (DoS) attack is among the most significant types of attacks in cyber security. The objective of this research is to introduce a new algorithm to distinguish normal service requests from the denial of service attacks. Our proposed approach can detect the denial of service attacks by the analysis of the packets sent from the client to the server, which depend on machine learning. Our algorithm collects different datasets of benign network traffic and different types of denial of service attacks, such as DDoS, DoS Hulk, DoS GoldenEye, DoS Slowhttptest and DoS Slowloris, that were used for training. Moreover, our algorithm monitors the network every specific time to find denial of service attack. Our results show that the algorithm can detect the benign cases and distinguish the types of denial of service attack. Furthermore, the results could achieve 99 percentage of correct classification of all selected cases.</div>

Download Full-text

Detecting DDoS Attacks in IoT Environment

International Journal of Information Security and Privacy ◽

10.4018/ijisp.2021040108 ◽

2021 ◽

Vol 15 (2) ◽

pp. 145-180

Author(s):

Yasmine Labiod ◽

Abdelaziz Amara Korba ◽

Nacira Ghoualmi-Zine

Keyword(s):

Machine Learning ◽

Cyber Security ◽

Detection System ◽

False Positive Rate ◽

Cyber Attacks ◽

Machine Learning Techniques ◽

Ddos Attacks ◽

High Detection Rate ◽

Detection Techniques ◽

Detection Model

With the great potential of internet of things (IoT) infrastructure in different domains, cyber-attacks are also rising commensurately. Distributed denials of service (DDoS) attacks are one of the cyber security threats. This paper will focus on DDoS attacks by adding the design of an intrusion detection system (IDS) tailored to IoT systems. Moreover, machine learning techniques will be investigated to distinguish the data representing flows of network traffic, which include both normal and DDoS traffic. In addition, these techniques will be used to help make a refined detection model for identifying different types of DDoS attacks. Furthermore, the performance of machine learning-based proposed solution is validated using N-BaIoT dataset and compared through different evaluation metrics. The experimental results show that the proposed IDS not only detects DDoS attacks types but also has a high detection rate and low false positive rate, which argues the usefulness of the proposed approach in comparison with several existing DDoS attacks detection techniques.

Download Full-text

Detection of Adversarial DDoS Attacks Using Generative Adversarial Networks with Dual Discriminators

Symmetry ◽

10.3390/sym14010066 ◽

2022 ◽

Vol 14 (1) ◽

pp. 66

Author(s):

Chin-Shiuh Shieh ◽

Thanh-Tuan Nguyen ◽

Wan-Wei Lin ◽

Yong-Lin Huang ◽

Mong-Fong Horng ◽

...

Keyword(s):

Machine Learning ◽

Short Term Memory ◽

Denial Of Service ◽

Training Data ◽

Generative Adversarial Networks ◽

Ddos Attacks ◽

Ddos Attack ◽

Adversarial Networks ◽

Ddos Detection ◽

The Impact

DDoS (Distributed Denial of Service) has emerged as a serious and challenging threat to computer networks and information systems’ security and integrity. Before any remedial measures can be implemented, DDoS assaults must first be detected. DDoS attacks can be identified and characterized with satisfactory achievement employing ML (Machine Learning) and DL (Deep Learning). However, new varieties of aggression arise as the technology for DDoS attacks keep evolving. This research explores the impact of a new incarnation of DDoS attack–adversarial DDoS attack. There are established works on ML-based DDoS detection and GAN (Generative Adversarial Network) based adversarial DDoS synthesis. We confirm these findings in our experiments. Experiments in this study involve the extension and application of the GAN, a machine learning framework with symmetric form having two contending neural networks. We synthesize adversarial DDoS attacks utilizing Wasserstein Generative Adversarial Networks featuring Gradient Penalty (GP-WGAN). Experiment results indicate that the synthesized traffic can traverse the detection systems such as k-Nearest Neighbor (KNN), Multi-Layer Perceptron (MLP) and Random Forest (RF) without being identified. This observation is a sobering and pessimistic wake-up call, implying that countermeasures to adversarial DDoS attacks are urgently needed. To this problem, we propose a novel DDoS detection framework featuring GAN with Dual Discriminators (GANDD). The additional discriminator is designed to identify adversary DDoS traffic. The proposed GANDD can be an effective solution to adversarial DDoS attacks, as evidenced by the experimental results. We use adversarial DDoS traffic synthesized by GP-WGAN to train GANDD and validate it alongside three other DL technologies: DNN (Deep Neural Network), LSTM (Long Short-Term Memory) and GAN. GANDD outperformed the other DL models, demonstrating its protection with a TPR of 84.3%. A more sophisticated test was also conducted to examine GANDD’s ability to handle unseen adversarial attacks. GANDD was evaluated with adversarial traffic not generated from its training data. GANDD still proved effective with a TPR around 71.3% compared to 7.4% of LSTM.

Download Full-text

DDoS Attacks and Defense Mechanisms Using Machine Learning Techniques for SDN

Security and Privacy Issues in Sensor Networks and IoT - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-7998-0373-7.ch008 ◽

2020 ◽

pp. 193-214 ◽

Cited By ~ 1

Author(s):

Rochak Swami ◽

Mayank Dave ◽

Virender Ranga

Keyword(s):

Machine Learning ◽

Defense Mechanisms ◽

Denial Of Service ◽

Machine Learning Techniques ◽

Learning Approaches ◽

Ddos Attacks ◽

Ddos Attack ◽

Learning Techniques ◽

New Generation ◽

Networking Technology

Distributed denial of service (DDoS) attack is one of the most disastrous attacks that compromises the resources and services of the server. DDoS attack makes the services unavailable for its legitimate users by flooding the network with illegitimate traffic. Most commonly, it targets the bandwidth and resources of the server. This chapter discusses various types of DDoS attacks with their behavior. It describes the state-of-the-art of DDoS attacks. An emerging technology named “Software-defined networking” (SDN) has been developed for new generation networks. It has become a trending way of networking. Due to the centralized networking technology, SDN suffers from DDoS attacks. SDN controller manages the functionality of the complete network. Therefore, it is the most vulnerable target of the attackers to be attacked. This work illustrates how DDoS attacks affect the whole working of SDN. The objective of this chapter is also to provide a better understanding of DDoS attacks and how machine learning approaches may be used for detecting DDoS attacks.

Download Full-text

Real-Time DDoS Attack Detection System Using Big Data Approach

Sustainability ◽

10.3390/su131910743 ◽

2021 ◽

Vol 13 (19) ◽

pp. 10743

Author(s):

Mazhar Javed Awan ◽

Umar Farooq ◽

Hafiz Muhammad Aqeel Babar ◽

Awais Yasin ◽

Haitham Nobanee ◽

...

Keyword(s):

Machine Learning ◽

Big Data ◽

Real Time ◽

Denial Of Service ◽

Attack Detection ◽

Testing Time ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Attack ◽

Data Framework

Currently, the Distributed Denial of Service (DDoS) attack has become rampant, and shows up in various shapes and patterns, therefore it is not easy to detect and solve with previous solutions. Classification algorithms have been used in many studies and have aimed to detect and solve the DDoS attack. DDoS attacks are performed easily by using the weaknesses of networks and by generating requests for services for software. Real-time detection of DDoS attacks is difficult to detect and mitigate, but this solution holds significant value as these attacks can cause big issues. This paper addresses the prediction of application layer DDoS attacks in real-time with different machine learning models. We applied the two machine learning approaches Random Forest (RF) and Multi-Layer Perceptron (MLP) through the Scikit ML library and big data framework Spark ML library for the detection of Denial of Service (DoS) attacks. In addition to the detection of DoS attacks, we optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework (Spark ML). We achieved a mean accuracy of 99.5% of the models both with and without big data approaches. However, in training and testing time, the big data approach outperforms the non-big data approach due to that the Spark computations in memory are in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively. Using a big data tool (Apache Spark), the maximum intermediate training and testing time in minutes was 34.11 and 0.46, respectively, using a non-big data approach. We also achieved these results using the big data approach. We can detect an attack in real-time in few milliseconds.

Download Full-text