Detection of smurf flooding attacks using Kullback-Leibler-based scheme

Bouyeddou, Benamar; Harrou, Fouzi; Sun, Ying; Kadri, Benamar

doi:10.1109/cata.2018.8398647

Cited by 19 publications

(17 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…CAIDA 2007 dataset is analyzed in detail in [30]. It is widely used until recently as the reliable dataset for many research work on network security, especially on DDoS modeling, detection and mitigation [6,22,[31][32][33]. The total size of the original dataset is 21 GB.…”

Section: Traffic Datasetmentioning

confidence: 99%

See 1 more Smart Citation

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Tuấn

Hung²,

Nghia

et al. 2020

Electronics

View full text Add to dashboard Cite

Keeping Internet users protected from cyberattacks and other threats is one of the most prominent security challenges for network operators nowadays. Among other critical threats, distributed denial-of-service (DDoS) becomes one of the most widespread attacks in the Internet, which is very challenging to mitigate appropriately as DDoS attacks cause the system to stop working by resource exhaustion. Software-defined networking (SDN) has recently emerged as a new networking technology offering unprecedented programmability that allows network operators to configure and manage their infrastructures dynamically. The flexible processing and centralized management of the SDN controller allow flexibly deploying complex security algorithms and mitigation methods. In this paper, we propose a novel DDoS attack mitigation in SDN-based Internet Service Provider (ISP) networks for TCP-SYN and ICMP flood attacks utilizing machine learning approach, i.e., K-Nearest-Neighbor (KNN) and XGBoost. By deploying a testbed, we implement the proposed algorithms, evaluate their accuracy, and address the trade-off between the accuracy and mitigation efficiency. Through extensive experiments, the results show that the algorithms can efficiently mitigate the attack by over 98.0% while benign traffic is not affected.

show abstract

Section: Traffic Datasetmentioning

confidence: 99%

“…Defeating against DDoS attacks has been extensively researched recently [4][5][6][7][8][9][10][11][12][13][14][15][16][21][22][23], but there exist some limitations of the current approaches that require further investigation, namely:…”

mentioning

confidence: 99%

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Tuấn

Hung²,

Nghia

et al. 2020

Electronics

View full text Add to dashboard Cite

show abstract

“…Practically, flooding cyber-attacks, such as DOS and DDOS attacks (e.g., TCP SYN flooding, UDP flooding and ICMPamplification) overwhelm the network's infrastructures with an important volume of traffic [5]. Other types of DOS and DDOS attacks, such as IP fragmentation, Land and Ping of death, utilize a deformed message (e.g., size exceeds 64 Ko, wrong fragments and wrong IP address) [6].…”

Section: Introductionmentioning

confidence: 99%

Detecting cyber-attacks using a CRPS-based monitoring approach

Harrou

Bouyeddou

Sun

et al. 2018

2018 IEEE Symposium Series on Computational Intelligence (SSCI)

Self Cite

View full text Add to dashboard Cite

Cyber-attacks can seriously affect the security of computers and network systems. Thus, developing an efficient anomaly detection mechanism is crucial for information protection and cyber security. To accurately detect TCP SYN flood attacks, two statistical schemes based on the continuous ranked probability score (CRPS) metric have been designed in this paper. Specifically, by integrating the CRPS measure with two conventional charts, Shewhart and the exponentially weighted moving average (EWMA) charts, novel anomaly detection strategies were developed: CRPS-Shewhart and CRPS-EWMA. The efficiency of the proposed methods has been verified using the 1999 DARPA intrusion detection evaluation datasets.

show abstract

“…All over the years, several methods have been developed for detecting DOS and DDOS attacks [2][3]. Nezhad et al [4] proposed a detection technique based on the Auto-Regressive Integrated Moving average (ARIMA) and the chaotic theory.…”

Section: Introductionmentioning

confidence: 99%

A Method to Detect DOS and DDOS Attacks based on Generalized Likelihood Ratio Test

Harrou

Bouyeddou

Sun

et al. 2018

2018 International Conference on Applied Smart Systems (ICASS)

Self Cite

View full text Add to dashboard Cite

Denial of service (DOS) and distributed DOS (DDOS) continue to be a significant concern in internet and networking systems. This paper targets to develop an anomaly detection mechanism based on the generalized likelihood ratio (GLR) scheme to detect TCP and ICMPv6 based DOS/DDOS attacks. The anomaly detection problem is addressed as a hypothesis testing problem. The proposed approach uses GLR test to monitor internet traffic for better detecting potential cyberattacks. The decision threshold of GLR approach has been computed nonparametrically based on kernel density estimation. To evaluate the performance of this approach, two network traffic datasets have been used namely the DARPA99 and ICMPv6 datasets. Results highlight the efficiency of the proposed method.

show abstract

Detection of smurf flooding attacks using Kullback-Leibler-based scheme

Cited by 19 publications

References 33 publications

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

A DDoS Attack Mitigation Scheme in ISP Networks Using Machine Learning Based on SDN

Detecting cyber-attacks using a CRPS-based monitoring approach

A Method to Detect DOS and DDOS Attacks based on Generalized Likelihood Ratio Test

Contact Info

Product

Resources

About