A DDoS attack detection system based on spark framework

Han, Dong‐Guk; Bi, Kexin; Liu, Han; Jia, Jianxin

doi:10.2298/csis161217028h

Cited by 9 publications

(6 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We characterize and compare the proposed K-DDoS-SDN with existing works. 5,9,10,27,28,[30][31][32][33][34][36][37][38][44][45][46][47]56 DSPF-based approaches, 5,9,10,[30][31][32]38,43,56 for DDoS attacks deployed on the Spark and Kafka framework. This type of mechanism analyzes network streams in micro-batch processing mode (near-to-live).…”

Section: Characterization With Existing Workmentioning

confidence: 99%

See 1 more Smart Citation

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

Kaur,

Krishna,

Patil

2023

Concurrency and Computation

View full text Add to dashboard Cite

SummarySoftware‐defined networking (SDN) is an advanced networking paradigm that decouples forwarding control logic from the data plane. Therefore, it provides a loosely‐coupled architecture between the control and data plane. This separation provides flexibility in the SDN environment for addressing any transformations. Further, it delivers a centralized way of managing networks due to control logic embedded in the SDN controller. However, this advanced networking paradigm has been facing several security issues, such as topology spoofing, exhausting bandwidth, flow table updating, and distributed denial of service (DDoS) attacks. A DDoS attack is one of the most powerful menaces to the SDN environment. Further, the central data controller of SDN becomes the primary target of DDoS attacks. In this article, we propose a Kafka‐based distributed DDoS attacks detection approach for protecting the SDN environment named K‐DDoS‐SDN. The K‐DDoS‐SDN consists of two modules: (i) Network traffic classification (NTClassification) module and (ii) Network traffic storage (NTStorage) module. The NTClassification module is the detection approach designed using scalable H2O ML techniques in a distributed manner and deployed an efficient model on the two‐nodes Kafka Streams cluster to classify incoming network traces in real‐time. The NTStorage module collects raw packets, network flows, and 21 essential attributes and then systematically stores them in the HDFS to re‐train existing models. The proposed K‐DDoS‐SDN designed and evaluated using the recent and publically available CICDDoS2019 dataset. The average classification accuracy of the proposed distributed K‐DDoS‐SDN for classifying network traces into legitimate and one of the most popular attacks, such as DDoS_UDP is 99.22%. Further, the outcomes demonstrate that proposed distributed K‐DDoS‐SDN classifies traffic traces into five categories with at least 81% classification accuracy.

show abstract

Section: Characterization With Existing Workmentioning

confidence: 99%

“…We characterize and compare the proposed K‐DDoS‐SDN with existing works 5,9,10,27,28,30‐34,36‐38,44‐47,56 …”

Section: Performance Evaluationmentioning

confidence: 99%

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

Kaur,

Krishna,

Patil

2023

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…Few [34,35,43,46,54] researchers proposed Apache Spark-based classification approaches for DDoS attacks. This type of approach analyzes network streams in micro-batch processing mode (near-to-live).…”

Section: Comparison With Existing Approachesmentioning

confidence: 99%

KS-DDoS: Kafka streams-based classification approach for DDoS attacks

2022

View full text Add to dashboard Cite

A distributed denial of service (DDoS) attack is the most destructive threat for internet-based systems and their resources. It stops the execution of victims by transferring large numbers of network traces. Due to this, legitimate users experience a delay while accessing internet-based systems and their resources. Even a short delay in responses leads to a massive financial loss. Numerous techniques have been proposed to protect internet-based systems from various kinds of DDoS attacks. However, the frequency and strength of attacks are increasing year-after-year. This paper proposes a novel Apache Kafka Streams-based distributed classification approach named KS-DDoS. For this classification approach, firstly, we design distributed classification models on the Hadoop cluster using highly scalable machine learning algorithms by fetching data from Hadoop distributed files system (HDFS). Secondly, we deploy an efficient distributed classification model on the Kafka Stream cluster to classify incoming network traces into nine classes in real-time. Further, this distributed classification approach stores highly discriminative features with predicted outcomes into HDFS for creating/updating models using a new set of instances. We implemented a distributed processing framework-based experimental environment to design, deploy, and validate the proposed classification approach for DDoS attacks. The results show that the proposed distributed KS-DDoS classification approach efficiently classifies incoming network traces with at least 80% classification accuracy.

show abstract

“…By utilizing the entropy difference between business streams, a universal detection algorithm is proposed by Behal et al [Behal and Kumar (2017)] which could detect different types of DDoS attacks. A framework was proposed by Han et al [Han, Bi, Liu et al (2017)] which was based on Spark's new DDoS attack detection system including information entropy-based algorithm and dynamic sampling k-means parallel algorithm. The method proposed by Hoque et al [Hoque, Kashyap and Bhattacharyya (2017)] is a real-time detection method for DDoS which can identify DDoS attack and generate high detection accuracy.…”

Section: Introductionmentioning

confidence: 99%

A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning

Cheng¹,

Li²,

Tang³

et al. 2020

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attack has become one of the most destructive network attacks which can pose a mortal threat to Internet security. Existing detection methods can not effectively detect early attacks. In this paper, we propose a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) combining with the constructed parameter R. The super-fusion feature value (SFV) and comprehensive degree of feature (CDF) are defined to describe the characteristic of attack flow and normal flow. A method for calculating R based on SFV and CDF is proposed to select the combination of kernel function and regularization paradigm. A DDoS attack detection classifier is generated by using the trained GMKL model with R parameter. The experimental results show that kernel function and regularization parameter selection method based on R parameter reduce the randomness of parameter selection and the error of model detection, and the proposed method can effectively detect DDoS attacks in complex environments with higher detection rate and lower error rate.

show abstract

A DDoS attack detection system based on spark framework

Cited by 9 publications

References 1 publication

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

K‐DDoS‐SDN: A distributed DDoS attacks detection approach for protecting SDN environment

KS-DDoS: Kafka streams-based classification approach for DDoS attacks

A Novel DDoS Attack Detection Method Using Optimized Generalized Multiple Kernel Learning

Contact Info

Product

Resources

About