A dynamic MLP-based DDoS attack detection method using feature selection and feedback

Wang, Meng; Lu, Yiqin; Qin, Jiancheng

doi:10.1016/j.cose.2019.101645

Cited by 148 publications

(74 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…M.Wang et al [36] proposed an MLP based model for feature selection and Sequential Backward Selection (SBS) which is a wrapper feature selection method. The method was tested on the NSL-KDD dataset and showed that using feedback mechanism the proposed method can effec-tively perceive the detection errors.…”

Section: Related Workmentioning

confidence: 99%

Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud

2020

View full text Add to dashboard Cite

Cloud computing has very attractive features like elastic, on demand and fully managed computer system resources and services. However, due to its distributed and dynamic nature as well as vulnerabilities in virtualization implementation, the cloud environment is prone to various cyber-attacks and security issues related to cloud model. Some of them are inability to access data coming to and from cloud service, theft and misuse of data hosted, no control over sensitive data access, advance threats like malware injection attack, wrapping attacks, virtual machine escape, distributed denial of service attack (DDoS) etc. DDoS is one of the notorious attack. Despite a number of available potential solutions for the detection of DDoS attacks, the increasing frequency and potency of recent attacks and the constantly evolving attack vectors, necessitate the development of improved detection approaches. This paper proposes a novel architecture that combines a well posed stacked sparse AutoEncoder (AE) for feature learning with a Deep Neural Network (DNN) for classification of network traffic into benign traffic and DDoS attack traffic. AE and DNN are optimized for detection of DDoS attacks by tuning the parameters using appropriately designed techniques. The improvements suggested in this paper lead to low reconstruction error, prevent exploding and vanishing gradients, and lead to smaller network which avoids overfitting. A comparative analysis of the proposed approach with ten state-of-the-art approaches using performance metrics-detection accuracy, precision, recall and F1-Score, has been conducted. Experiments have been performed on CICIDS2017 and NSL-KDD standard datasets for validation. Proposed approach outperforms existing approaches over the NSL-KDD dataset and yields competitive results over the CICIDS2017 dataset.

show abstract

Section: Related Workmentioning

confidence: 99%

Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud

2020

View full text Add to dashboard Cite

show abstract

“…The first method is the k-Nearest Neighbor (kNN) [65], a supervised classifier with a low computing cost, used to detect malicious events in a datacenter. The second method is the Multi-layer Perceptron (MLP) [66], an artificial neural network applied in the detection of DDoS attacks. Another method is based on Support Vector Machine (SVM) [67] to detect flooding attacks.…”

Section: Evaluation Scenariomentioning

confidence: 99%

Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment

et al. 2020

View full text Add to dashboard Cite

Computer networks become complex and dynamic structures. As a result of this fact, the configuration and the managing of this whole structure is a challenging activity. Software-Defined Networks(SDN) is a new network paradigm that, through an abstraction of network plans, seeks to separate the control plane and data plane, and tends as an objective to overcome the limitations in terms of network infrastructure configuration. As in the traditional network environment, the SDN environment is also liable to security vulnerabilities. This work presents a system of detection and mitigation of Distributed Denial of Service (DDoS) attacks and Portscan attacks in SDN environments (LSTM-FUZZY). The LSTM-FUZZY system presented in this work has three distinct phases: characterization, anomaly detection, and mitigation. The system was tested in two scenarios. In the first scenario, we applied IP flows collected from the SDN Floodlight controllers through emulation on Mininet. On the other hand, in the second scenario, the CICDDoS 2019 dataset was applied. The results gained show that the efficiency of the system to assist in network management, detect and mitigate the occurrence of the attacks.

show abstract

“…Next, Lima Filho et al [ 14 ] proposed a random forest-based DDoS detection system in which several volumetric attacks, such as Transmission Control Protocol (TCP) flood, User Datagram Protocol (UDP) flood, and Hyper Text Transfer Protocol (HTTP) flood, are early identified. Finally, Wang et al [ 6 ] proposed a method for detecting DDoS attacks in which the optimal features are obtained by combining feature selection and multilayer perceptron (MLP) classification algorithm. Further, when considerable detection errors are dynamically perceived, a feedback mechanism reconstructs the IDS.…”

Section: Related Workmentioning

confidence: 99%

“…In this sense, it is crucial to develop highly reliable intrusion detection systems for CPSs such that safety-critical applications can be controlled and protected in an efficient way. Currently, intrusion detection schemes are highly sophisticated, involving advanced signal processing techniques [ 5 ], as well as machine learning (ML)-based solutions [ 6 ]. The scope of this paper is the security of the CPS against Distributed Denial of Service (DDoS) attacks, which are one of the major security threats in existence today.…”

Section: Introductionmentioning

confidence: 99%

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Maranhão

Costa

Freitas

et al. 2020

Sensors

View full text Add to dashboard Cite

In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.

show abstract

A dynamic MLP-based DDoS attack detection method using feature selection and feedback

Cited by 148 publications

References 36 publications

Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud

Hyperband Tuned Deep Neural Network With Well Posed Stacked Sparse AutoEncoder for Detection of DDoS Attacks in Cloud

Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Contact Info

Product

Resources

About