DDoS detection and traceback with decision tree and grey relational analysis

Abbas

Mobile Information Systems

et al. 2015

Due to the scattered nature of DDoS attacks and advancement of new technologies such as cloud-assisted WBAN, it becomes challenging to detect malicious activities by relying on conventional security mechanisms. The detection of such attacks demands an adaptive and incremental learning classifier capable of accurate decision making with less computation. Hence, the DDoS attack detection using existing machine learning techniques requires full data set to be stored in the memory and are not appropriate for real-time network traffic. To overcome these shortcomings, Very Fast Decision Tree (VFDT) algorithm has been proposed in the past that can handle high speed streaming data efficiently. Whilst considering the data generated by WBAN sensors, noise is an obvious aspect that severely affects the accuracy and increases false alarms. In this paper, an enhanced VFDT (EVFDT) is proposed to efficiently detect the occurrence of DDoS attack in cloud-assisted WBAN. EVFDT uses an adaptive tie-breaking threshold for node splitting. To resolve the tree size expansion under extreme noise, a lightweight iterative pruning technique is proposed. To analyze the performance of EVFDT, four metrics are evaluated: classification accuracy, tree size, time, and memory. Simulation results show that EVFDT attains significantly high detection accuracy with fewer false alarms.

Section: Data Mining Techniquesmentioning

confidence: 99%

“…Wu et al [7] proposed a destination-based DDoS attack detection technique. In this technique, a decision tree is deployed for attack detection and a traffic pattern matching technique for attack identification and its traceback.…”

Section: Mobile Information Systemsmentioning

confidence: 99%

EVFDT: An Enhanced Very Fast Decision Tree Algorithm for Detecting Distributed Denial of Service Attack in Cloud-Assisted Wireless Body Area Network

Abbas

Mobile Information Systems

et al. 2015

“…Attack prevention and detection techniques in networks have been studied steadily over the past two decades with various approaches, such as stochastic modeling, decision theory, and game theory [1][2][3][4]. Recently, machine learning (ML) techniques, such as multilayer perceptron (MLP), have been applied to network attack detection [5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23]. In addition, as social media outlets, such as Facebook and Twitter, are regarded as possible vehicles for the next large cybercrime [24], research on the prediction of cyberattacks based on social media data has been studied [20].…”

Section: Introductionmentioning

confidence: 99%

Supervised learning‐based DDoS attacks detection: Tuning hyperparameters

Kim

2019

ETRI Journal

Two supervised learning algorithms, a basic neural network and a long short‐term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.

2019 European Conference on Networks and Communications (EuCNC)

“…Therefore, traditional detection and mitigation systems, which are not aware of these random changes in topology, will not be able to protect 5G mobile networks. Trace back mechanisms, such as packet marking or link testing [3], are not viable in case of a DDoS attack because of their high computational, network or management overheads. One crucial objective declared by the 5G-PPP Architecture Working Group is to create a cognitive and autonomic network management system that can self-adapt to the changing conditions of the network, which includes changes in the topology of the network [4].…”

Section: Introductionmentioning

confidence: 99%

Towards the Detection of Mobile DDoS Attacks in 5G Multi-Tenant Networks

Serrano-Mamolar

Pervez

Wang

et al. 2019

The fifth-generation (5G) mobile networks target a variety of new use cases that involve a massive amount of heterogeneous devices connected to the same infrastructure. This trend also brings new security threats, and one of the most critical ones for the availability of network services is a Distributed Denial of Service (DDoS) attack. A small portion of the billions of connected devices can be employed as a botnet to trigger a massive DDoS flooding attack that can bring down important services or affect the complete infrastructure. Traditional security systems against DDoS attacks are generally designed to work in infrastructures with a particular topology. However, the mobility of many devices subscribed to the network should be taken into account when designing defence systems. Otherwise, both the detection and the trace back of the attacker will be limited to non-mobile devices as the source of the attack. This is specially relevant when security needs to be part of the definition of the network slices associated to the 5G networks. This paper presents a novel approach to overcome the limitation of traditional detection systems. A novel sensor provides the required information to trace back an attacker even if it is moving among different locations. The proposed approach is suitable to be deployed in almost all 5G network segments including the Edge. Architectural design is described and empirical experiments have validated the proposed approach.