A Firegroup Mechanism to Provide Intrusion Detection and Prevention System Against DDos Attack in Collaborative Clustered Networks

2014 ◽  
Vol 8 (2) ◽  
pp. 1-18 ◽  
Author(s):  
M. Poongodi ◽  
S. Bose
Keyword(s):  
Intrusion Detection ◽  
Network Performance ◽  
Performance Metrics ◽  
Denial Of Service ◽  
Collaborative Networks ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Prevention System ◽  
Packet Data ◽  
Intrusion Detection And Prevention

Distributed Denial of Service (DDOS) attacks are the major concern for security in the collaborative networks. Although non DDOS attacks are also make the network performances poor, the effect of DDOS attacks is severe. In DDOS attacks, flooding of the particular node as victim and jam it with massive traffic happens and the complete network performance is affected. In this paper, a novel Intrusion Detection and Prevention System is designed which detects the flooding DDOS attacks based on Firecol and prevents the attacks based on Dynamic Growing Self Organizing Tree (DGSOT) for collaborative networks. Simulation results in NS2 shows that DGSOT with Firecol (Firegroup) produces better intrusion detection and prevention system. Performance metrics based on the parameters delay, throughput, average path length, packet data ratio and energy conservation are better in Firegroup than the traditional Firecol system.

scholarly journals SDN-Based Intrusion Detection System for Early Detection and Mitigation of DDoS Attacks

Information ◽  
2019 ◽  
Vol 10 (3) ◽  
pp. 106 ◽  
Author(s):  
Pedro Manso ◽  
José Moura ◽  
Carlos Serrão
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Network Performance ◽  
Detection System ◽  
Denial Of Service ◽  
Cyber Attacks ◽  
Normal Operation ◽  
Ddos Attacks ◽  
Network Infrastructure ◽  
Sdn Controller

The current paper addresses relevant network security vulnerabilities introduced by network devices within the emerging paradigm of Internet of Things (IoT) as well as the urgent need to mitigate the negative effects of some types of Distributed Denial of Service (DDoS) attacks that try to explore those security weaknesses. We design and implement a Software-Defined Intrusion Detection System (IDS) that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. Our proposal includes an IDS that automatically detects several DDoS attacks, and then as an attack is detected, it notifies a Software Defined Networking (SDN) controller. The current proposal also downloads some convenient traffic forwarding decisions from the SDN controller to network devices. The evaluation results suggest that our proposal timely detects several types of cyber-attacks based on DDoS, mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. Our work sheds light on the programming relevance over an abstracted view of the network infrastructure to timely detect a Botnet exploitation, mitigate malicious traffic at its source, and protect benign traffic.

Neural Network-Based Approach for Detection and Mitigation of DDoS Attacks in SDN Environments

2020 ◽  
Vol 14 (3) ◽  
pp. 50-71
Author(s):  
Oussama Hannache ◽  
Mohamed Chaouki Batouche
Keyword(s):  
Neural Network ◽  
Performance Metrics ◽  
Denial Of Service ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Analysis Method ◽  
Organizational Network ◽  
Ddos Attack ◽  
Data Plane ◽  
Ddos Detection

Software defined networking (SDN) is a networking paradigm that allows for the easy programmability of network devices by decoupling the data plane and the control plane. On the other hand, Distributed Denial of Service (DDoS) attacks remains one of the major concerns for organizational network infrastructures and Cloud providers. In this article, the authors propose a Neural Network based Traffic Flow Classifier (TFC-NN) for live DDoS detection in SDN environments. This study provides a live traffic analysis method with a neural network. The training of the TFC-NN model is performed by a labelled dataset constructed from SDN normal traffic and an-under DDoS traffic. The study also provides a live mitigation process combined with the live TFC-NN-based DDoS detection. The approach is deployed and evaluated on an SDN architecture based on different performance metrics with different under-DDoS attack scenarios.

scholarly journals DDOS ATTACK DETECTION AND MITIGATION AT SDN ENVIROMENT

2021 ◽  
Vol 4 (1) ◽  
pp. 1-9
Author(s):  
Huda S. Abdulkarem ◽  
Ammar D. Alethawy
Keyword(s):  
Network Performance ◽  
Denial Of Service ◽  
Attack Detection ◽  
Normal Operation ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Negative Effects ◽  
Network Infrastructure ◽  
Ddos Attack ◽  
Negative Impacts

Abstract- Software-Defined Networking (SDN) is a promising sample that allows the programming behind the network’s operation with some abstraction level from the underlying networking devices .the insistence to detect and mitigate Distributed Denial of Service (DDoS) which introduced by network devices tries to discover network security weaknesses and the negative effects of some types of Distributed Denial of Service (DDoS) attacks. An SDN-based generic solution to mitigate DDoS attacks when and where they originate. Briefly, it compares at runtime the expected trend of normal traffic against the trend of abnormal traffic; if big deviation on the traffic trend is detected, then an event is created; as an event associated to a DDoS attack is produced, an SDN (OpenDayLight) controller creates flow rules for blocking the malign traffic, By designing and implementing an application that reactively impairs the attacks at its origin, ensuring the “normal operation” of the network infrastructure. The evaluation results suggest that the proposal timely detect the characteristics of a flooding DDoS attacks, and mitigates their negative impacts on the network performance, and ensures the correct data delivery of normal traffic. The work sheds light on the programming relevance over an abstracted view of the network infrastructure.

scholarly journals Towards 5G Intrusion Detection Scenarios with OMNeT++

10.29007/2jg6 ◽  
2019 ◽  
Author(s):  
Katina Kralevska ◽  
Michele Garau ◽  
Mathias Førland ◽  
Danilo Gligoroski
Keyword(s):  
Performance Analysis ◽  
Intrusion Detection ◽  
Denial Of Service ◽  
Software Defined Networking ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Simulation Environment ◽  
Security Applications ◽  
Mitigation Methods ◽  
Compromised Nodes

We implement an intrusion detection application to investigate the security capabilities of Software Defined Networking (SDN) in a 5G-like environment under Distributed Denial- of-Service (DDoS) attacks. The simulation environment is created in OMNeT++ with a novel integration of two OMNeT++ extension libraries, SimuLTE and OpenFlow OM- NeT++ Suite. The 5G-like environment enables vast and diverse testing of 5G topologies, as well as performance analysis of SDN security applications with various detection and mitigation methods. We analyze distributed synchronize (SYN) flood attack performed by compromised nodes. We report our findings about the sensitivity and the specificity of detection and mitigation of SYN flood for different number of attack and benign nodes.

SCEF: A Model for Prevention of DDoS Attacks From the Cloud

2020 ◽  
Vol 10 (3) ◽  
pp. 67-80 ◽  
Author(s):  
Ganeshayya Ishwarayya Shidaganti ◽  
Amogh Shreedhar Inamdar ◽  
Sindhuja V. Rai ◽  
Anagha M. Rajeev
Keyword(s):  
Network Performance ◽  
Virtual Machines ◽  
Denial Of Service ◽  
Cloud Service ◽  
Packet Transmission ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Virtual Machine Monitor ◽  
Cloud Service Provider ◽  
Different Types

Distributed denial of service (DDoS) attacks are some of the biggest threats to network performance and security today. With the advent of cloud computing, these attacks can be performed remotely on rented virtual machines (VMs), potentially increasing their capabilities and making them harder to trace and mitigate, and negatively affecting the cloud service provider as well. By analyzing packet transmission statistics, attacks can be detected on a virtual machine monitor (VMM) that controls the behavior of the VMs. This article proposes a solution to stop such detected attacks from the source, and analyses solutions proposed for a few different types of such attacks. The authors propose a model called selective cloud egress filter (SCEF) which implements specific modules to deal with detected attacks. If an attack is detected, the SCEF relays information to the VMM about which VMs are participating in the attack, allowing for specific corrective action.

scholarly journals Hybrid Intrusion Detection System for DDoS Attacks

2016 ◽  
Vol 2016 ◽  
pp. 1-8 ◽  
Author(s):  
Özge Cepheli ◽  
Saliha Büyükçorak ◽  
Güneş Karabulut Kurt
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Detection System ◽  
Denial Of Service ◽  
Detection Methods ◽  
Detection Accuracy ◽  
Distributed Denial Of Service ◽  
Ddos Attacks ◽  
Hybrid Detection ◽  
Security Problem

Distributed denial-of-service (DDoS) attacks are one of the major threats and possibly the hardest security problem for today’s Internet. In this paper we propose a hybrid detection system, referred to as hybrid intrusion detection system (H-IDS), for detection of DDoS attacks. Our proposed detection system makes use of both anomaly-based and signature-based detection methods separately but in an integrated fashion and combines the outcomes of both detectors to enhance the overall detection accuracy. We apply two distinct datasets to our proposed system in order to test the detection performance of H-IDS and conclude that the proposed hybrid system gives better results than the systems based on nonhybrid detection.

scholarly journals Distributed Denial-of-Service Prediction on IoT Framework by Learning Techniques

2020 ◽  
Vol 10 (1) ◽  
pp. 220-230
Author(s):  
Shubhra Dwivedi ◽  
Manu Vardhan ◽  
Sarsij Tripathi
Keyword(s):  
Intrusion Detection ◽  
Intrusion Detection System ◽  
Information Gain ◽  
Learning Algorithm ◽  
Detection System ◽  
False Positive Rate ◽  
Denial Of Service ◽  
Support Vector ◽  
Distributed Denial Of Service ◽  
Ddos Attacks

AbstractDistributed denial-of-service (DDoS) attacks on the Internet of Things (IoT) pose a serious threat to several web-based networks. The intruder’s ability to deal with the power of various cooperating devices to instigate an attack makes its administration even more multifaceted. This complexity can be further increased while lots of intruders attempt to overload an attack against a device. To counter and defend against modern DDoS attacks, several effective and powerful techniques have been used in the literature, such as data mining and artificial intelligence for the intrusion detection system (IDS), but they have some limitations. To overcome the existing limitations, in this study, we propose an intrusion detection mechanism that is an integration of a filter-based selection technique and a machine learning algorithm, called information gain-based intrusion detection system (IGIDS). In addition, IGIDS selects the most relevant features from the original IDS datasets that can help to distinguish typical low-speed DDoS attacks and, then, the selected features are passed on to the classifiers, i.e. support vector machine (SVM), decision tree (C4.5), naïve Bayes (NB) and multilayer perceptron (MLP) to detect attacks. The publicly available datasets as KDD Cup 99, CAIDA DDOS Attack 2007, CONFICKER worm, and UNINA traffic traces, are used for our experimental study. From the results of the simulation, it is clear that IGIDS with C4.5 acquires high detection and accuracy with a low false-positive rate.

Sign in / Sign up

Export Citation Format

Share Document