Entropy Based Features Distribution for Anti-DDoS Model in SDN

Raja Majid Ali Ujjan; Zeeshan Pervez; Keshav Dahal; Wajahat Ali Khan; Asad Masood Khattak; Bashir Hayat

doi:10.3390/su13031522

Entropy Based Features Distribution for Anti-DDoS Model in SDN

Sustainability ◽

10.3390/su13031522 ◽

2021 ◽

Vol 13 (3) ◽

pp. 1522

Author(s):

Raja Majid Ali Ujjan ◽

Zeeshan Pervez ◽

Keshav Dahal ◽

Wajahat Ali Khan ◽

Asad Masood Khattak ◽

...

Keyword(s):

Network Security ◽

False Positive ◽

Denial Of Service ◽

Network Services ◽

Detection Accuracy ◽

Data Sets ◽

Traffic Patterns ◽

Average Accuracy ◽

Ddos Detection ◽

Quantitative Results

In modern network infrastructure, Distributed Denial of Service (DDoS) attacks are considered as severe network security threats. For conventional network security tools it is extremely difficult to distinguish between the higher traffic volume of a DDoS attack and large number of legitimate users accessing a targeted network service or a resource. Although these attacks have been widely studied, there are few works which collect and analyse truly representative characteristics of DDoS traffic. The current research mostly focuses on DDoS detection and mitigation with predefined DDoS data-sets which are often hard to generalise for various network services and legitimate users’ traffic patterns. In order to deal with considerably large DDoS traffic flow in a Software Defined Networking (SDN), in this work we proposed a fast and an effective entropy-based DDoS detection. We deployed generalised entropy calculation by combining Shannon and Renyi entropy to identify distributed features of DDoS traffic—it also helped SDN controller to effectively deal with heavy malicious traffic. To lower down the network traffic overhead, we collected data-plane traffic with signature-based Snort detection. We then analysed the collected traffic for entropy-based features to improve the detection accuracy of deep learning models: Stacked Auto Encoder (SAE) and Convolutional Neural Network (CNN). This work also investigated the trade-off between SAE and CNN classifiers by using accuracy and false-positive results. Quantitative results demonstrated SAE achieved relatively higher detection accuracy of 94% with only 6% of false-positive alerts, whereas the CNN classifier achieved an average accuracy of 93%.

Download Full-text

DDoS Detection and Prevention Based on Joint Entropy and Conditional Entropy

Key Engineering Materials ◽

10.4028/www.scientific.net/kem.474-476.2129 ◽

2011 ◽

Vol 474-476 ◽

pp. 2129-2133

Author(s):

Yong Hao Gu ◽

Wei Ming Wu

Keyword(s):

False Positive ◽

False Positive Rate ◽

Denial Of Service ◽

Conditional Entropy ◽

High Sensitivity ◽

Joint Entropy ◽

Positive Rate ◽

Single Attribute ◽

Ddos Detection ◽

The Stability

Distributed Denial of Service (DDoS) imposes a very serious threat to the stability of the Internet. Compared with many detection approaches, detecting DDoS attacks based on entropy has advantages such as simplicity, high sensitivity and low false positive rate. But the method with single attribute entropy has high false positive rate when detecting attribute forged attacks. This paper presents a detecting method based on joint entropy and a filtering way based on conditional entropy. The efficiency of this scheme is validated with simulation on the research lab network.

Download Full-text

Research of MDCOP mining based on time aggregated graph for large spatio-temproal data sets

Computer Science and Information Systems ◽

10.2298/csis180828032w ◽

2019 ◽

Vol 16 (3) ◽

pp. 891-914 ◽

Cited By ~ 1

Author(s):

Zhanquan Wang ◽

Taoli Han ◽

Huiqun Yu

Keyword(s):

Network Security ◽

Spatial Correlation ◽

Denial Of Service ◽

Temporal Correlation ◽

Data Sets ◽

Event Data ◽

Computationally Efficient ◽

Long Time ◽

Feature Information ◽

Occurrence Patterns

Discovering mixed-drove spatiotemporal co-occurrence patterns (MDCOPs) is important for network security such as distributed denial of service (DDoS) attack. There are usually many features when we are suffering from a DDoS attacks such as the server CPU is heavily occupied for a long time, bandwidth is hoovered and so on. In distributed cooperative intrusion, the feature information from multiple intrusion detection sources should be analyzed simultaneously to find the spatial correlation among the feature information. In addition to spatial correlation, intrusion also has temporal correlation. Some invasions are gradually penetrating, and attacks are the result of cumulative effects over a period of time. So it is necessary to discover mixed-drove spatiotemporal co-occurrence patterns (MDCOPs) in network security. However, it is difficult to mine MDCOPs from large attack event data sets because mining MDCOPs is computationally very expensive. In information security, the set of candidate co-occurrence attack event data sets is exponential in the number of object-types and the spatiotemporal data sets are too large to be managed in memory. To reduce the number of candidate co-occurrence instances, we present a computationally efficient MDCOP Graph Miner algorithm by using Time Aggregated Graph. which can deal with large attack event data sets by means of file index. The correctness, completeness and efficiency of the proposed methods are analyzed.

Download Full-text

An Enhanced Deep Autoencoder-based Approach for DDoS Attack Detection

WSEAS TRANSACTIONS ON SYSTEMS AND CONTROL ◽

10.37394/23203.2020.15.72 ◽

2020 ◽

Vol 15 ◽

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

False Positive ◽

Denial Of Service ◽

Attack Detection ◽

Detection Accuracy ◽

Ddos Attack ◽

High Detection ◽

Sparse Autoencoder ◽

Ddos Attack Detection

Intrusion detection systems play a crucial role in preventing security threats and defending networks from attacks. Among the attacks, distributed Denial-of-Service (DDoS) attacks literally get into the network and, in addition, they are terribly troublesome to avoid. With the advent of unknown threats, traditional machine learning approaches are impacted by lower detection rates and higher false-positive rates. As a result, the DDoS detection system requires an over-performing machine learning classifier with minimal false-positive and high detection accuracy. In this context, we propose an Improved Deep Sparse Autoencoder-based Framework (EDSA) for DDoS Attack Detection with a cost minimization strategy. The sparse autoencoder is used for dataset extraction functionality, while the softmax layer is used for traffic classification as malicious or bengin. However, intrusion detection includes the risk elements of inaccurate prediction; hence, we have used research metrics such as accuracy, precision, detection rate and specificity for our model analysis. The proposed solution uses the CICDDoS 2019 datasets and demonstrates high detection accuracy with a much less false positives percentage.

Download Full-text

Multiple-Features-Based Semisupervised Clustering DDoS Detection Method

Mathematical Problems in Engineering ◽

10.1155/2017/5202836 ◽

2017 ◽

Vol 2017 ◽

pp. 1-10 ◽

Cited By ~ 5

Author(s):

Yonghao Gu ◽

Yongfei Wang ◽

Zhen Yang ◽

Fei Xiong ◽

Yimu Gao

Keyword(s):

Detection Method ◽

Convergence Speed ◽

Detection Accuracy ◽

Data Sets ◽

Attack Behavior ◽

Data Set ◽

Multiple Features ◽

Ddos Attack ◽

Ddos Detection ◽

Semisupervised Clustering

DDoS attack stream from different agent host converged at victim host will become very large, which will lead to system halt or network congestion. Therefore, it is necessary to propose an effective method to detect the DDoS attack behavior from the massive data stream. In order to solve the problem that large numbers of labeled data are not provided in supervised learning method, and the relatively low detection accuracy and convergence speed of unsupervised k-means algorithm, this paper presents a semisupervised clustering detection method using multiple features. In this detection method, we firstly select three features according to the characteristics of DDoS attacks to form detection feature vector. Then, Multiple-Features-Based Constrained-K-Means (MF-CKM) algorithm is proposed based on semisupervised clustering. Finally, using MIT Laboratory Scenario (DDoS) 1.0 data set, we verify that the proposed method can improve the convergence speed and accuracy of the algorithm under the condition of using a small amount of labeled data sets.

Download Full-text

Railway Fastener Fault Diagnosis Based on Generative Adversarial Network and Residual Network Model

Shock and Vibration ◽

10.1155/2020/8823050 ◽

2020 ◽

Vol 2020 ◽

pp. 1-15

Author(s):

Dechen Yao ◽

Qiang Sun ◽

Jianwei Yang ◽

Hengchang Liu ◽

Jiao Zhang

Keyword(s):

Fault Diagnosis ◽

Image Data ◽

Detection Accuracy ◽

Data Sets ◽

Residual Network ◽

Generative Adversarial Network ◽

Failure Data ◽

Adversarial Network ◽

Average Accuracy ◽

Inspection Tasks

The present work aimed at the problems of less negative samples and more positive samples in rail fastener fault diagnosis and low detection accuracy of heavy manual patrol inspection tasks. Exploiting the capacity of a Convolution Neural Network (CNN) to process unbalanced data to solve tedious and inefficient manual processing, a fault diagnosis method based on a Generative Adversarial Network (GAN) and a Residual Network (ResNet) was developed. First, GAN was used to track the distribution of rail fastener failure data. To study the noise distribution, the mapping relationship between image data was established. Additional real fault samples were then generated to balance and extend the existing data sets, and these data sets were used as input to ResNet for recognition and detection training. Finally, the average accuracy of multiple experiments was used as the evaluation index. The experimental results revealed that the fault diagnosis of rail fastener based on GAN and ResNet could improve the fault detection accuracy in the case of a serious shortage of fault data.

Download Full-text

A New DDoS Detection Method in Software Defined Network

10.21203/rs.2.24212/v1 ◽

2020 ◽

Author(s):

afsaneh banitalebi dehkordi ◽

MohammadReza Soltanaghaei ◽

farsad zamani boroujeni

Keyword(s):

Machine Learning ◽

Network Architecture ◽

Denial Of Service ◽

Network Control ◽

Detection Accuracy ◽

Ddos Attacks ◽

Network Resources ◽

Network Information ◽

Security Challenges ◽

Ddos Detection

Abstract Software Defined Networking (SDN) is a new network architecture in which network control is separated from direct traffic and is programmed directly. Any change in network information and its configuration can be easily implemented in software by using the controller. Although SDN networks with their new structure and controller make way for new and innovative applications for network administrators, but the security challenges and attacks of SDN networks have created problems for these networks. One of these malicious attacks is Distributed Denial of Service (DDoS) attacks. The DDoS attack is aimed at removing machine and network resources from its legitimate users. In this paper, we propose a hybrid method for detecting DDoS attacks in SDN Networks. This method is consisting of statistical and machine learning method. Statistical method calculates the new correlation measure among all features and the dynamic thresholds, then extracts a portion of the data is recognized as attack. This portion is then redirected to the machine learning section to increase the DDoS detection accuracy. The experimental results on UNB-ISCX, CTU-13 and ISOT datasets showed that the proposed method outperforms the existing techniques in terms of the accuracy of detecting DDOS attacks in SDN networks.

Download Full-text

A computer vision approach to identifying the manufacturer and model of anterior cervical spinal hardware

Journal of Neurosurgery Spine ◽

10.3171/2019.6.spine19463 ◽

2019 ◽

Vol 31 (6) ◽

pp. 844-850 ◽

Cited By ~ 1

Author(s):

Kevin T. Huang ◽

Michael A. Silva ◽

Alfred P. See ◽

Kyle C. Wu ◽

Troy Gallerani ◽

...

Keyword(s):

Computer Vision ◽

Feature Detection ◽

High Accuracy ◽

Detection Accuracy ◽

Data Sets ◽

Visual Words ◽

Fusion Systems ◽

Kaze Feature ◽

Applications Of Machine Learning ◽

Cervical Plating

OBJECTIVERecent advances in computer vision have revolutionized many aspects of society but have yet to find significant penetrance in neurosurgery. One proposed use for this technology is to aid in the identification of implanted spinal hardware. In revision operations, knowing the manufacturer and model of previously implanted fusion systems upfront can facilitate a faster and safer procedure, but this information is frequently unavailable or incomplete. The authors present one approach for the automated, high-accuracy classification of anterior cervical hardware fusion systems using computer vision.METHODSPatient records were searched for those who underwent anterior-posterior (AP) cervical radiography following anterior cervical discectomy and fusion (ACDF) at the authors’ institution over a 10-year period (2008–2018). These images were then cropped and windowed to include just the cervical plating system. Images were then labeled with the appropriate manufacturer and system according to the operative record. A computer vision classifier was then constructed using the bag-of-visual-words technique and KAZE feature detection. Accuracy and validity were tested using an 80%/20% training/testing pseudorandom split over 100 iterations.RESULTSA total of 321 total images were isolated containing 9 different ACDF systems from 5 different companies. The correct system was identified as the top choice in 91.5% ± 3.8% of the cases and one of the top 2 or 3 choices in 97.1% ± 2.0% and 98.4 ± 13% of the cases, respectively. Performance persisted despite the inclusion of variable sizes of hardware (i.e., 1-level, 2-level, and 3-level plates). Stratification by the size of hardware did not improve performance.CONCLUSIONSA computer vision algorithm was trained to classify at least 9 different types of anterior cervical fusion systems using relatively sparse data sets and was demonstrated to perform with high accuracy. This represents one of many potential clinical applications of machine learning and computer vision in neurosurgical practice.

Download Full-text

GAMPAL: an anomaly detection mechanism for Internet backbone traffic by flow size prediction with LSTM-RNN

annals of telecommunications - annales des télécommunications ◽

10.1007/s12243-021-00874-8 ◽

2021 ◽

Author(s):

Taku Wakui ◽

Takao Kondo ◽

Fumio Teraoka

Keyword(s):

Anomaly Detection ◽

Short Term Memory ◽

Denial Of Service ◽

General Purpose ◽

Traffic Information ◽

Traffic Patterns ◽

Detection Mechanism ◽

Internet Service ◽

Internet Backbone ◽

Backbone Network

AbstractThis paper proposes a general-purpose anomaly detection mechanism for Internet backbone traffic named GAMPAL (General-purpose Anomaly detection Mechanism using Prefix Aggregate without Labeled data). GAMPAL does not require labeled data to achieve general-purpose anomaly detection. For scalability to the number of entries in the BGP RIB (Border Gateway Protocol Routing Information Base), GAMPAL introduces prefix aggregate. The BGP RIB entries are classified into prefix aggregates, each of which is identified with the first three AS (Autonomous System) numbers in the AS_PATH attribute. GAMPAL establishes a prediction model for traffic sizes based on past traffic sizes. It adopts a LSTM-RNN (Long Short-Term Memory Recurrent Neural Network) model that focuses on the periodicity of the Internet traffic patterns at a weekly scale. The validity of GAMPAL is evaluated using real traffic information, BGP RIBs exported from the WIDE backbone network (AS2500), a nationwide backbone network for research and educational organizations in Japan, and the dataset of an ISP (Internet Service Provider) in Spain. As a result, GAMPAL successfully detects anomalies such as increased traffic due to an event, DDoS (Distributed Denial of Service) attacks targeted at a stub organization, a connection failure, an SSH (Secure Shell) scan attack, and anomaly spam.

Download Full-text

LifeChair: A Conductive Fabric Sensor-Based Smart Cushion for Actively Shaping Sitting Posture

Sensors ◽

10.3390/s18072261 ◽

2018 ◽

Vol 18 (7) ◽

pp. 2261 ◽

Cited By ~ 9

Author(s):

Karlos Ishac ◽

Kenji Suzuki

Keyword(s):

Detection Accuracy ◽

Upright Posture ◽

Performance Study ◽

Vibrotactile Feedback ◽

Pressure Sensing ◽

Sitting Posture ◽

Conductive Fabric ◽

The Past ◽

Sensing System ◽

Average Accuracy

The LifeChair is a smart cushion that provides vibrotactile feedback by actively sensing and classifying sitting postures to encourage upright posture and reduce slouching. The key component of the LifeChair is our novel conductive fabric pressure sensing array. Fabric sensors have been explored in the past, but a full sensing solution for embedded real world use has not been proposed. We have designed our system with commercial use in mind, and as a result, it has a high focus on manufacturability, cost-effectiveness and adaptiveness. We demonstrate the performance of our fabric sensing system by installing it into the LifeChair and comparing its posture detection accuracy with our previous study that implemented a conventional flexible printed PCB-sensing system. In this study, it is shown that the LifeChair can detect all 11 postures across 20 participants with an improved average accuracy of 98.1%, and it demonstrates significantly lower variance when interfacing with different users. We also conduct a performance study with 10 participants to evaluate the effectiveness of the LifeChair device in improving upright posture and reducing slouching. Our performance study demonstrates that the LifeChair is effective in encouraging users to sit upright with an increase of 68.1% in time spent seated upright when vibrotactile feedback is activated.

Download Full-text

Key Parts of Transmission Line Detection Using Improved YOLO v3

The International Arab Journal of Information Technology ◽

10.34028/iajit/18/6/1 ◽

2021 ◽

Vol 18 (6) ◽

Author(s):

Tu Renwei ◽

Zhu Zhongjie ◽

Bai Yongqiang ◽

Gao Ming ◽

Ge Zhifeng

Keyword(s):

Transmission Line ◽

Detection Accuracy ◽

Data Sets ◽

Feature Maps ◽

Data Set ◽

Detection Model ◽

The Neural Network ◽

Low Efficiency ◽

The One ◽

Detection Speed

Unmanned Aerial Vehicle (UAV) inspection has become one of main methods for current transmission line inspection, but there are still some shortcomings such as slow detection speed, low efficiency, and inability for low light environment. To address these issues, this paper proposes a deep learning detection model based on You Only Look Once (YOLO) v3. On the one hand, the neural network structure is simplified, that is the three feature maps of YOLO v3 are pruned into two to meet specific detection requirements. Meanwhile, the K-means++ clustering method is used to calculate the anchor value of the data set to improve the detection accuracy. On the other hand, 1000 sets of power tower and insulator data sets are collected, which are inverted and scaled to expand the data set, and are fully optimized by adding different illumination and viewing angles. The experimental results show that this model using improved YOLO v3 can effectively improve the detection accuracy by 6.0%, flops by 8.4%, and the detection speed by about 6.0%.

Download Full-text