Visible to the public Biblio

Filters: Keyword is denial-of-service attack  [Clear All Filters]
2022-01-11
Lee, Yun-kyung, Kim, Young-ho, Kim, Jeong-nyeo.  2021.  IoT Standard Platform Architecture That Provides Defense against DDoS Attacks. 2021 IEEE International Conference on Consumer Electronics-Asia (ICCE-Asia). :1–3.
IoT devices have evolved with the goal of becoming more connected. However, for security it is necessary to reduce the attack surface by allowing only necessary devices to be connected. In addition, as the number of IoT devices increases, DDoS attacks targeting IoT devices also increase. In this paper, we propose a method to apply the zero trust concept of SDP as a way to enhance security and prevent DDoS attacks in the IoT device network to which the OCF platform, one of the IoT standard platforms, is applied. The protocol proposed in this paper needs to perform additional functions in IoT devices, and the processing overhead due to the functions is 62.6ms on average. Therefore, by applying the method proposed in this paper, although there is a small amount of processing overhead, DDoS attacks targeting the IoT network can be defended and the security of the IoT network can be improved.
McCarthy, Andrew, Andriotis, Panagiotis, Ghadafi, Essam, Legg, Phil.  2021.  Feature Vulnerability and Robustness Assessment against Adversarial Machine Learning Attacks. 2021 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (CyberSA). :1–8.
Whilst machine learning has been widely adopted for various domains, it is important to consider how such techniques may be susceptible to malicious users through adversarial attacks. Given a trained classifier, a malicious attack may attempt to craft a data observation whereby the data features purposefully trigger the classifier to yield incorrect responses. This has been observed in various image classification tasks, including falsifying road sign detection and facial recognition, which could have severe consequences in real-world deployment. In this work, we investigate how these attacks could impact on network traffic analysis, and how a system could perform misclassification of common network attacks such as DDoS attacks. Using the CICIDS2017 data, we examine how vulnerable the data features used for intrusion detection are to perturbation attacks using FGSM adversarial examples. As a result, our method provides a defensive approach for assessing feature robustness that seeks to balance between classification accuracy whilst minimising the attack surface of the feature space.
2022-01-10
Acharya, Abiral, Oluoch, Jared.  2021.  A Dual Approach for Preventing Blackhole Attacks in Vehicular Ad Hoc Networks Using Statistical Techniques and Supervised Machine Learning. 2021 IEEE International Conference on Electro Information Technology (EIT). :230–235.
Vehicular Ad Hoc Networks (VANETs) have the potential to improve road safety and reduce traffic congestion by enhancing sharing of messages about road conditions. Communication in VANETs depends upon a Public Key Infrastructure (PKI) that checks for message confidentiality, integrity, and authentication. One challenge that the PKI infrastructure does not eliminate is the possibility of malicious vehicles mounting a Distributed Denial of Service (DDoS) attack. We present a scheme that combines statistical modeling and machine learning techniques to detect and prevent blackhole attacks in a VANET environment.Simulation results demonstrate that on average, our model produces an Area Under The Curve (ROC) and Receiver Operating Characteristics (AUC) score of 96.78% which is much higher than a no skill ROC AUC score and only 3.22% away from an ideal ROC AUC score. Considering all the performance metrics, we show that the Support Vector Machine (SVM) and Gradient Boosting classifier are more accurate and perform consistently better under various circumstances. Both have an accuracy of over 98%, F1-scores of over 95%, and ROC AUC scores of over 97%. Our scheme is robust and accurate as evidenced by its ability to identify and prevent blackhole attacks. Moreover, the scheme is scalable in that addition of vehicles to the network does not compromise its accuracy and robustness.
Freas, Christopher B., Shah, Dhara, Harrison, Robert W..  2021.  Accuracy and Generalization of Deep Learning Applied to Large Scale Attacks. 2021 IEEE International Conference on Communications Workshops (ICC Workshops). :1–6.
Distributed denial of service attacks threaten the security and health of the Internet. Remediation relies on up-to-date and accurate attack signatures. Signature-based detection is relatively inexpensive computationally. Yet, signatures are inflexible when small variations exist in the attack vector. Attackers exploit this rigidity by altering their attacks to bypass the signatures. Our previous work revealed a critical problem with conventional machine learning models. Conventional models are unable to generalize on the temporal nature of network flow data to classify attacks. We thus explored the use of deep learning techniques on real flow data. We found that a variety of attacks could be identified with high accuracy compared to previous approaches. We show that a convolutional neural network can be implemented for this problem that is suitable for large volumes of data while maintaining useful levels of accuracy.
Ugwu, Chukwuemeka Christian, Obe, Olumide Olayinka, Popoọla, Olugbemiga Solomon, Adetunmbi, Adebayo Olusọla.  2021.  A Distributed Denial of Service Attack Detection System using Long Short Term Memory with Singular Value Decomposition. 2020 IEEE 2nd International Conference on Cyberspac (CYBER NIGERIA). :112–118.
The increase in online activity during the COVID 19 pandemic has generated a surge in network traffic capable of expanding the scope of DDoS attacks. Cyber criminals can now afford to launch massive DDoS attacks capable of degrading the performances of conventional machine learning based IDS models. Hence, there is an urgent need for an effective DDoS attack detective model with the capacity to handle large magnitude of DDoS attack traffic. This study proposes a deep learning based DDoS attack detection system using Long Short Term Memory (LSTM). The proposed model was evaluated on UNSW-NB15 and NSL-KDD intrusion datasets, whereby twenty-three (23) and twenty (20) attack features were extracted from UNSW-NB15 and NSL-KDD, respectively using Singular Value Decomposition (SVD). The results from the proposed model show significant improvement when compared with results from some conventional machine learning techniques such as Naïve Bayes (NB), Decision Tree (DT), and Support Vector Machine (SVM) with accuracies of 94.28% and 90.59% on both datasets, respectively. Furthermore, comparative analysis of LSTM with other deep learning results reported in literature justified the choice of LSTM among its deep learning peers in detecting DDoS attacks over a network.
Shirmarz, Alireza, Ghaffari, Ali, Mohammadi, Ramin, Akleylek, Sedat.  2021.  DDOS Attack Detection Accuracy Improvement in Software Defined Network (SDN) Using Ensemble Classification. 2021 International Conference on Information Security and Cryptology (ISCTURKEY). :111–115.
Nowadays, Denial of Service (DOS) is a significant cyberattack that can happen on the Internet. This attack can be taken place with more than one attacker that in this case called Distributed Denial of Service (DDOS). The attackers endeavour to make the resources (server & bandwidth) unavailable to legitimate traffic by overwhelming resources with malicious traffic. An appropriate security module is needed to discriminate the malicious flows with high accuracy to prevent the failure resulting from a DDOS attack. In this paper, a DDoS attack discriminator will be designed for Software Defined Network (SDN) architecture so that it can be deployed in the POX controller. The simulation results present that the proposed model can achieve an accuracy of about 99.4%which shows an outstanding percentage of improvement compared with Decision Tree (DT), K-Nearest Neighbour (KNN), Support Vector Machine (SVM) approaches.
Sudar, K.Muthamil, Beulah, M., Deepalakshmi, P., Nagaraj, P., Chinnasamy, P..  2021.  Detection of Distributed Denial of Service Attacks in SDN using Machine learning techniques. 2021 International Conference on Computer Communication and Informatics (ICCCI). :1–5.
Software-defined network (SDN) is a network architecture that used to build, design the hardware components virtually. We can dynamically change the settings of network connections. In the traditional network, it's not possible to change dynamically, because it's a fixed connection. SDN is a good approach but still is vulnerable to DDoS attacks. The DDoS attack is menacing to the internet. To prevent the DDoS attack, the machine learning algorithm can be used. The DDoS attack is the multiple collaborated systems that are used to target the particular server at the same time. In SDN control layer is in the center that link with the application and infrastructure layer, where the devices in the infrastructure layer controlled by the software. In this paper, we propose a machine learning technique namely Decision Tree and Support Vector Machine (SVM) to detect malicious traffic. Our test outcome shows that the Decision Tree and Support Vector Machine (SVM) algorithm provides better accuracy and detection rate.
Abdullah, Rezhna M., Abdullah, Syamnd M., Abdullah, Saman M..  2021.  Neighborhood Component Analysis and Artificial Neural Network for DDoS Attack Detection over IoT Networks. 2021 7th International Engineering Conference ``Research Innovation amid Global Pandemic" (IEC). :1–6.
Recently, modern networks have been made up of connections of small devices that have less memory, small CPU capability, and limited resources. Such networks apparently known as Internet of Things networks. Devices in such network promising high standards of live for human, however, they increase the size of threats lead to bring more risks to network security. One of the most popular threats against such networks is known as Distributed Denial of Service (DDoS). Reports from security solution providers show that number of such attacks are in increase considerably. Therefore, more researches on detecting the DDoS attacks are necessary. Such works need monitoring network packets that move over Internet and networks and, through some intelligent techniques, monitored packets could be classified as benign or as DDoS attack. This work focuses on combining Neighborhood Component Analysis and Artificial Neural Network-Backpropagation to classify and identify packets as forward by attackers or as come from authorized and illegible users. This work utilized the activities of four type of the network protocols to distinguish five types of attacks from benign packets. The proposed model shows the ability of classifying packets to normal or to attack classes with an accuracy of 99.4%.
2021-12-21
Cinà, Antonio Emanuele, Vascon, Sebastiano, Demontis, Ambra, Biggio, Battista, Roli, Fabio, Pelillo, Marcello.  2021.  The Hammer and the Nut: Is Bilevel Optimization Really Needed to Poison Linear Classifiers? 2021 International Joint Conference on Neural Networks (IJCNN). :1–8.
One of the most concerning threats for modern AI systems is data poisoning, where the attacker injects maliciously crafted training data to corrupt the system's behavior at test time. Availability poisoning is a particularly worrisome subset of poisoning attacks where the attacker aims to cause a Denial-of-Service (DoS) attack. However, the state-of-the-art algorithms are computationally expensive because they try to solve a complex bi-level optimization problem (the ``hammer''). We observed that in particular conditions, namely, where the target model is linear (the ``nut''), the usage of computationally costly procedures can be avoided. We propose a counter-intuitive but efficient heuristic that allows contaminating the training set such that the target system's performance is highly compromised. We further suggest a re-parameterization trick to decrease the number of variables to be optimized. Finally, we demonstrate that, under the considered settings, our framework achieves comparable, or even better, performances in terms of the attacker's objective while being significantly more computationally efficient.
Bandi, Nahid, Tajbakhsh, Hesam, Analoui, Morteza.  2021.  FastMove: Fast IP Switching Moving Target Defense to Mitigate DDOS Attacks. 2021 IEEE Conference on Dependable and Secure Computing (DSC). :1–7.
Distributed denial of service attacks are still one of the greatest threats for computer systems and networks. We propose an intelligent moving target solution against DDOS flooding attacks. Our solution will use a fast-flux approach combined with moving target techniques to increase attack cost and complexity by bringing dynamics and randomization in network address space. It continually increases attack costs and makes it harder and almost infeasible for botnets to launch an attack. Along with performing selective proxy server replication and shuffling clients among this proxy, our solution can successfully separate and isolate attackers from benign clients and mitigate large-scale and complex flooding attacks. Our approach effectively stops both network and application-layer attacks at a minimum cost. However, while we try to make prevalent attack launches difficult and expensive for Bot Masters, this approach is good enough to combat zero-day attacks, too. Using DNS capabilities to change IP addresses frequently along with the proxy servers included in the proposed architecture, it is possible to hide the original server address from the attacker and invalidate the data attackers gathered during the reconnaissance phase of attack and make them repeat this step over and over. Our simulations demonstrate that we can mitigate large-scale attacks with minimum possible cost and overhead.
2021-12-20
Cheng, Xia, Shi, Junyang, Sha, Mo, Guo, Linke.  2021.  Launching Smart Selective Jamming Attacks in WirelessHART Networks. IEEE INFOCOM 2021 - IEEE Conference on Computer Communications. :1–10.
As a leading industrial wireless standard, WirelessHART has been widely implemented to build wireless sensor-actuator networks (WSANs) in industrial facilities, such as oil refineries, chemical plants, and factories. For instance, 54,835 WSANs that implement the WirelessHART standard have been deployed globally by Emerson process management, a WirelessHART network supplier, to support process automation. While the existing research to improve industrial WSANs focuses mainly on enhancing network performance, the security aspects have not been given enough attention. We have identified a new threat to WirelessHART networks, namely smart selective jamming attacks, where the attacker first cracks the channel usage, routes, and parameter configuration of the victim network and then jams the transmissions of interest on their specific communication channels in their specific time slots, which makes the attacks energy efficient and hardly detectable. In this paper, we present this severe, stealthy threat by demonstrating the step-by-step attack process on a 50-node network that runs a publicly accessible WirelessHART implementation. Experimental results show that the smart selective jamming attacks significantly reduce the network reliability without triggering network updates.
2021-11-08
Abbas, Syed Ghazanfar, Zahid, Shahzaib, Hussain, Faisal, Shah, Ghalib A., Husnain, Muhammad.  2020.  A Threat Modelling Approach to Analyze and Mitigate Botnet Attacks in Smart Home Use Case. 2020 IEEE 14th International Conference on Big Data Science and Engineering (BigDataSE). :122–129.
Despite the surging development and utilization of IoT devices, the security of IoT devices is still in infancy. The security pitfalls of IoT devices have made it easy for hackers to take over IoT devices and use them for malicious activities like botnet attacks. With the rampant emergence of IoT devices, botnet attacks are surging. The botnet attacks are not only catastrophic for IoT device users but also for the rest of the world. Therefore, there is a crucial need to identify and mitigate the possible threats in IoT devices during the design phase. Threat modelling is a technique that is used to identify the threats in the earlier stages of the system design activity. In this paper, we propose a threat modelling approach to analyze and mitigate the botnet attacks in an IoT smart home use case. The proposed methodology identifies the development-level and application-level threats in smart home use case using STRIDE and VAST threat modelling methods. Moreover, we reticulate the identified threats with botnet attacks. Finally, we propose the mitigation techniques for all identified threats including the botnet threats.
2021-09-30
Hu, Zenghui, Mu, Xiaowu.  2020.  Event-triggered Control for Stochastic Networked Control Systems under DoS Attacks. 2020 39th Chinese Control Conference (CCC). :4389–4394.
This paper investigates the event-triggered control (ETC) problem for stochastic networked control systems (NCSs) with exogenous disturbances and Denial-of-Service (DoS) attacks. The ETC strategy is proposed to reduce the utilization of network resource while defending the DoS attacks. Based on the introduced ETC strategy, sufficient conditions, which rely on the frequency and duration properties of DoS attacks, are obtained to achieve the stochastic input-to-state stability and Zeno-freeness of the ETC stochastic NCSs. An example of air vehicle system is given to explain the effectiveness of proposed ETC strategy.
2021-09-16
Ruggeri, Armando, Celesti, Antonio, Fazio, Maria, Galletta, Antonino, Villari, Massimo.  2020.  BCB-X3DH: A Blockchain Based Improved Version of the Extended Triple Diffie-Hellman Protocol. 2020 Second IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications (TPS-ISA). :73–78.
The Extended Triple Diffie-Hellman (X3DH) protocol has been used for years as the basis of secure communication establishment among parties (i.e, humans and devices) over the Internet. However, such a protocol has several limits. It is typically based on a single trust third-party server that represents a single point of failure (SPoF) being consequently exposed to well- known Distributed Denial of Service (DDOS) attacks. In order to address such a limit, several solutions have been proposed so far that are often cost expensive and difficult to be maintained. The objective of this paper is to propose a BlockChain-Based X3DH (BCB-X3DH) protocol that allows eliminating such a SPoF, also simplifying its maintenance. Specifically, it combines the well- known X3DH security mechanisms with the intrinsic features of data non-repudiation and immutability that are typical of Smart Contracts. Furthermore, different implementation approaches are discussed to suits both human-to-human and device-to-device scenarios. Experiments compared the performance of both X3DH and BCB-X3DH.
2021-09-08
R, Naveen, Chaitanya, N.S.V, M, Nikhil Srinivas, Vineeth, Nandhini.  2020.  Implementation of a Methodology for Detection and Prevention of Security Attacks in Vehicular Adhoc Networks. 2020 IEEE International Conference for Innovation in Technology (INOCON). :1–6.
In the current generation, road accidents and security problems increase dramatically worldwide in our day to day life. In order to overcome this, Vehicular Ad-hoc Network (VANETs) is considered as a key element of future Intelligent Transportation Systems (ITS). With the advancement in vehicular communications, the attacks have also increased, and such architecture is still exposed to many weaknesses which led to numerous security threats that must be addressed before VANET technology is practically and safely adopted. Distributed Denial of Service (DDoS) attack, replay attacks and Sybil attacks are the significant security threats that affect the communication and privacy in VANET. An algorithm to detect and prevent various kinds of security attacks in VANET communication has been designed and proposed in this work. An analysis has also been done by applying four protocols on an existing scenario of real traffic simulator using OpenStreetMap and the best suitable protocol has been selected for further application. The evaluation has been done using SUMO, NS3 and Java simulation environment. Simulation results and extensive performance analysis shows that our proposed Algorithm performs well in detecting and preventing the attacks in VANET communication.
Ali, Jehad, Roh, Byeong-hee, Lee, Byungkyu, Oh, Jimyung, Adil, Muhammad.  2020.  A Machine Learning Framework for Prevention of Software-Defined Networking Controller from DDoS Attacks and Dimensionality Reduction of Big Data. 2020 International Conference on Information and Communication Technology Convergence (ICTC). :515–519.
The controller is an indispensable entity in software-defined networking (SDN), as it maintains a global view of the underlying network. However, if the controller fails to respond to the network due to a distributed denial of service (DDoS) attacks. Then, the attacker takes charge of the whole network via launching a spoof controller and can also modify the flow tables. Hence, faster, and accurate detection of DDoS attacks against the controller will make the SDN reliable and secure. Moreover, the Internet traffic is drastically increasing due to unprecedented growth of connected devices. Consequently, the processing of large number of requests cause a performance bottleneck regarding SDN controller. In this paper, we propose a hierarchical control plane SDN architecture for multi-domain communication that uses a statistical method called principal component analysis (PCA) to reduce the dimensionality of the big data traffic and the support vector machine (SVM) classifier is employed to detect a DDoS attack. SVM has high accuracy and less false positive rate while the PCA filters attribute drastically. Consequently, the performance of classification and accuracy is improved while the false positive rate is reduced.
Potluri, Sirisha, Mangla, Monika, Satpathy, Suneeta, Mohanty, Sachi Nandan.  2020.  Detection and Prevention Mechanisms for DDoS Attack in Cloud Computing Environment. 2020 11th International Conference on Computing, Communication and Networking Technologies (ICCCNT). :1–6.
For optimal use of cloud resources and to reduce the latency of cloud users, the cloud computing model extends the services such as networking facilities, computational capabilities and storage facilities based on demand. Due to the dynamic behavior, distributed paradigm and heterogeneity present among the processing elements, devices and service oriented pay per use policies; the cloud computing environment is having its availability, security and privacy issues. Among these various issues one of the important issues in cloud computing paradigm is DDoS attack. This paper put in plain words the DDoS attack, its detection as well as prevention mechanisms in cloud computing environment. The inclusive study also explains about the effects of DDoS attack on cloud platform and the related defense mechanisms required to be considered.
2021-09-07
Sanjeetha, R, Shastry, K.N Ajay, Chetan, H.R, Kanavalli, Anita.  2020.  Mitigating HTTP GET FLOOD DDoS Attack Using an SDN Controller. 2020 International Conference on Recent Trends on Electronics, Information, Communication Technology (RTEICT). :6–10.
DDoS attacks are pre-dominant in traditional networks, they are used to bring down the services of important servers in the network, thereby affecting its performance. One such kind of attack is HTTP GET Flood DDoS attack in which a lot of HTTP GET request messages are sent to the victim web server, overwhelming its resources and bringing down its services to the legitimate clients. The solution to such attacks in traditional networks is usually implemented at the servers, but this consumes its resources which could otherwise be used to process genuine client requests. Software Defined Network (SDN) is a new network architecture that helps to deal with these attacks in a different way. In SDN the mitigation can be done using the controller without burdening the server. In this paper, we first show how an HTTP GET Flood DDoS attack can be performed on the webserver in an SDN environment and then propose a solution to mitigate the same with the help of the SDN controller. At the server, the attack is detected by checking the number of requests arriving to the web server for a certain period of time, if the number of request is greater than a particular threshold then the hosts generating such attacks will be blocked for the attack duration.
Zebari, Rizgar R., Zeebaree, Subhi R. M., Sallow, Amira Bibo, Shukur, Hanan M., Ahmad, Omar M., Jacksi, Karwan.  2020.  Distributed Denial of Service Attack Mitigation Using High Availability Proxy and Network Load Balancing. 2020 International Conference on Advanced Science and Engineering (ICOASE). :174–179.
Nowadays, cybersecurity threat is a big challenge to all organizations that present their services over the Internet. Distributed Denial of Service (DDoS) attack is the most effective and used attack and seriously affects the quality of service of each E-organization. Hence, mitigation this type of attack is considered a persistent need. In this paper, we used Network Load Balancing (NLB) and High Availability Proxy (HAProxy) as mitigation techniques. The NLB is used in the Windows platform and HAProxy in the Linux platform. Moreover, Internet Information Service (IIS) 10.0 is implemented on Windows server 2016 and Apache 2 on Linux Ubuntu 16.04 as web servers. We evaluated each load balancer efficiency in mitigating synchronize (SYN) DDoS attack on each platform separately. The evaluation process is accomplished in a real network and average response time and average CPU are utilized as metrics. The results illustrated that the NLB in the Windows platform achieved better performance in mitigation SYN DDOS compared to HAProxy in the Linux platform. Whereas, the average response time of the Window webservers is reduced with NLB. However, the impact of the SYN DDoS on the average CPU usage of the IIS 10.0 webservers was more than those of the Apache 2 webservers.
Al'aziz, Bram Andika Ahmad, Sukarno, Parman, Wardana, Aulia Arif.  2020.  Blacklisted IP Distribution System to Handle DDoS Attacks on IPS Snort Based on Blockchain. 2020 6th Information Technology International Seminar (ITIS). :41–45.
The mechanism for distributing information on the source of the attack by combining blockchain technology with the Intrusion Prevention System (IPS) can be done so that DDoS attack mitigation becomes more flexible, saves resources and costs. Also, by informing the blacklisted Internet Protocol(IP), each IPS can share attack source information so that attack traffic blocking can be carried out on IPS that are closer to the source of the attack. Therefore, the attack traffic passing through the network can be drastically reduced because the attack traffic has been blocked on the IPS that is closer to the attack source. The blocking of existing DDoS attack traffic is generally carried out on each IPS without a mechanism to share information on the source of the attack so that each IPS cannot cooperate. Also, even though the DDoS attack traffic did not reach the server because it had been blocked by IPS, the attack traffic still flooded the network so that network performance was reduced. Through smart contracts on the Ethereum blockchain, it is possible to inform the source of the attack or blacklisted IP addresses without requiring additional infrastructure. The blacklisted IP address is used by IPS to detect and handle DDoS attacks. Through the blacklisted IP distribution scheme, testing and analysis are carried out to see information on the source of the attack on each IPS and the attack traffic that passes on the network. The result is that each IPS can have the same blacklisted IP so that each IPS can have the same attack source information. The results also showed that the attack traffic through the network infrastructure can be drastically reduced. Initially, the total number of attack packets had an average of 115,578 reduced to 27,165.
Abisoye, Opeyemi Aderiike, Shadrach Akanji, Oluwatobi, Abisoye, Blessing Olatunde, Awotunde, Joseph.  2020.  Slow Hypertext Transfer Protocol Mitigation Model in Software Defined Networks. 2020 International Conference on Data Analytics for Business and Industry: Way Towards a Sustainable Economy (ICDABI). :1–5.
Distributed Denial of Service (DDoS) attacks have been one of the persistent forms of attacks on information technology infrastructure connected to a public network due to the ease of access to DDoS attack tools. Researchers have been able to develop several techniques to curb volumetric DDoS attacks which overwhelms the target with large number of request packets. However, compared to volumetric DDoS, low amount of research has been executed on mitigating slow DDoS. Data mining approaches and various Artificial Intelligence techniques have been proved by researchers to be effective for reduce DDoS attacks. This paper provides the scholarly community with slow DDoS attack detection techniques using Genetic Algorithm and Support Vector Machine aimed at mitigating slow DDoS attack in a Software-Defined Networking (SDN) environment simulated in GNS3. Genetic algorithm was employed to select the features which indicates the presence of an attack and also determine the appropriate regularization parameter, C, and gamma parameter for the Support Vector Machine classifier. Results obtained shows that the classifier had detection accuracy, Area Under Receiver Operating Curve (AUC), true positive rate, false positive rate and false negative rate of 99.89%, 99.89%, 99.95%, 0.18%, and 0.05% respectively. Also, the algorithm for subsequent implementation of the selective adaptive bubble burst mitigation mechanism was presented.
Sudugala, A.U, Chanuka, W.H, Eshan, A.M.N, Bandara, U.C.S, Abeywardena, K.Y.  2020.  WANHEDA: A Machine Learning Based DDoS Detection System. 2020 2nd International Conference on Advancements in Computing (ICAC). 1:380–385.
In today's world computer communication is used almost everywhere and majority of them are connected to the world's largest network, the Internet. There is danger in using internet due to numerous cyber-attacks which are designed to attack Confidentiality, Integrity and Availability of systems connected to the internet. One of the most prominent threats to computer networking is Distributed Denial of Service (DDoS) Attack. They are designed to attack availability of the systems. Many users and ISPs are targeted and affected regularly by these attacks. Even though new protection technologies are continuously proposed, this immense threat continues to grow rapidly. Most of the DDoS attacks are undetectable because they act as legitimate traffic. This situation can be partially overcome by using Intrusion Detection Systems (IDSs). There are advanced attacks where there is no proper documented way to detect. In this paper authors present a Machine Learning (ML) based DDoS detection mechanism with improved accuracy and low false positive rates. The proposed approach gives inductions based on signatures previously extracted from samples of network traffic. Authors perform the experiments using four distinct benchmark datasets, four machine learning algorithms to address four of the most harmful DDoS attack vectors. Authors achieved maximum accuracy and compared the results with other applicable machine learning algorithms.
Shi, Jiayu, Wu, Bin.  2020.  Detection of DDoS Based on Gray Level Co-Occurrence Matrix Theory and Deep Learning. 2020 5th International Conference on Mechanical, Control and Computer Engineering (ICMCCE). :1615–1618.
There have been researches on Distributed Denial of Service (DDoS) attack detection based on deep learning, but most of them use the feature data processed by data mining for feature learning and classification. Based on the original data flow, this paper combines the method of Gray Level Co-occurrence Matrix (GLCM), which not only retains the original data but also can further extract the potential relationship between the original data. The original data matrix and the reconstructed matrix were taken as the input of the model, and the Convolutional Neural Network(CNN) was used for feature learning. Finally, the classifier model was trained for detection. The experimental part is divided into two parts: comparing the detection effect of different data processing methods and different deep learning algorithms; the effectiveness and objectivity of the proposed method are verified by comparing the detection effect of the deep learning algorithm with that of the statistical analysis feature algorithm.
Atasever, Süreyya, Öz\c celık, İlker, Sa\u giro\u glu, \c Seref.  2020.  An Overview of Machine Learning Based Approaches in DDoS Detection. 2020 28th Signal Processing and Communications Applications Conference (SIU). :1–4.
Many detection approaches have been proposed to address growing threat of Distributed Denial of Service (DDoS) attacks on the Internet. The attack detection is the initial step in most of the mitigation systems. This study examined the methods used to detect DDoS attacks with the focus on learning based approaches. These approaches were compared based on their efficiency, operating load and scalability. Finally, it is discussed in details.
2021-04-09
Chytas, S. P., Maglaras, L., Derhab, A., Stamoulis, G..  2020.  Assessment of Machine Learning Techniques for Building an Efficient IDS. 2020 First International Conference of Smart Systems and Emerging Technologies (SMARTTECH). :165—170.
Intrusion Detection Systems (IDS) are the systems that detect and block any potential threats (e.g. DDoS attacks) in the network. In this project, we explore the performance of several machine learning techniques when used as parts of an IDS. We experiment with the CICIDS2017 dataset, one of the biggest and most complete IDS datasets in terms of having a realistic background traffic and incorporating a variety of cyber attacks. The techniques we present are applicable to any IDS dataset and can be used as a basis for deploying a real time IDS in complex environments.