Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Maranhão, João Paulo A.; Costa, João Paulo; Freitas, Edison Pignaton de; Javidi, Elnaz; Júnior, Rafael Timóteo de Sousa

doi:10.3390/s20205845

Cited by 13 publications

(3 citation statements)

References 28 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This solution was not evaluated in a real or simulated network environment, though. The authors in [44] explored DT, Gradient Boosting (GB), and RF techniques and achieved accuracy up to 99.87% (GB) and FPR of 2.01%. However, their security solution was not evaluated online in a real or simulated testbed.…”

Section: ) Comparison With Previous Workmentioning

confidence: 99%

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks represent the most common and critical attacks targeting conventional and new generation networks, such as the Internet of Things (IoT), cloud computing, and fifth-generation (5G) communication networks. In recent years, DDoS attacks have become not only massive but also sophisticated. Software-Defined Networking (SDN) technology has demonstrated effectiveness in counter-measuring complex attacks since it provides flexibility on global network monitoring and inline network configuration. Although several works have been proposed to detect DDoS attacks, in most of them the authors did not use up-to-date datasets that contain the newest threats. Furthermore, only a few previous works assessed their solutions using simulated scenarios, easing the migration to production networks. This document presents the implementation of a modular and flexible SDN-based architecture to detect transport and application layer DDoS attacks using multiple Machine Learning (ML) and Deep Learning (DL) models. Exploring diverse ML/DL methods allowed us to resolve which methods perform better under different attack types and conditions. We tested the ML/DL models using two up-to-date security datasets, and they showed accuracy above 99% on classifying unseen traffic (testing set). We also deployed a simulated environment using the network emulator Mininet and the Open Network Operating System (ONOS) SDN controller. In this experimental setup, we demonstrated high detection rates, above 98% for transport DDoS attacks and up to 95% for application-layer DDoS attacks.INDEX TERMS Software Defined Networking, deep learning, machine learning, DDoS attack, transport layer, application layer, slow-rate attacks.

show abstract

Section: ) Comparison With Previous Workmentioning

confidence: 99%

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

2021

View full text Add to dashboard Cite

show abstract

“…Based on their experiment results, they found that the KNN classifier had the highest detection results, at approximately 98.3% [ 18 ]. Joao et al in [ 19 ] proposed a novel method to identify DDoS anomalies based on two phases. The first phase is filtering out the mean values of popular features from the data using higher order singular value decomposition (HOSVD).…”

Section: Related Workmentioning

confidence: 99%

“…They used the CICDDoS2019 and CICIDS2017 Datasets in their evaluation, and found that the accuracy for their proposed detection method was almost 98.94%. Finally, the detection rate for their proposed method was 97.7%, whereas the false positive rate was 4.35% [ 19 ].…”

Section: Related Workmentioning

confidence: 99%

Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

Ali

Sulaiman

Al-Haddad

et al. 2021

Sensors

View full text Add to dashboard Cite

One of the most dangerous kinds of attacks affecting computers is a distributed denial of services (DDoS) attack. The main goal of this attack is to bring the targeted machine down and make their services unavailable to legal users. This can be accomplished mainly by directing many machines to send a very large number of packets toward the specified machine to consume its resources and stop it from working. We implemented a method using Java based on entropy and sequential probabilities ratio test (ESPRT) methods to identify malicious flows and their switch interfaces that aid them in passing through. Entropy (E) is the first technique, and the sequential probabilities ratio test (SPRT) is the second technique. The entropy method alone compares its results with a certain threshold in order to make a decision. The accuracy and F-scores for entropy results thus changed when the threshold values changed. Using both entropy and SPRT removed the uncertainty associated with the entropy threshold. The false positive rate was also reduced when combining both techniques. Entropy-based detection methods divide incoming traffic into groups of traffic that have the same size. The size of these groups is determined by a parameter called window size. The Defense Advanced Research Projects Agency (DARPA) 1998, DARPA2000, and Canadian Institute for Cybersecurity (CIC-DDoS2019) databases were used to evaluate the implementation of this method. The metric of a confusion matrix was used to compare the ESPRT results with the results of other methods. The accuracy and f-scores for the DARPA 1998 dataset were 0.995 and 0.997, respectively, for the ESPRT method when the window size was set at 50 and 75 packets. The detection rate of ESPRT for the same dataset was 0.995 when the window size was set to 10 packets. The average accuracy for the DARPA 2000 dataset for ESPRT was 0.905, and the detection rate was 0.929. Finally, ESPRT was scalable to a multiple domain topology application.

show abstract

Multiclassification Analysis of Volumetric, Protocol, and Application Layer DDoS Attacks

Brown,

Fisher,

Hudon

et al. 2024

Advanced Information Networking and Applications

View full text Add to dashboard Cite

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Cited by 13 publications

References 28 publications

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning

Identification of Distributed Denial of Services Anomalies by Using Combination of Entropy and Sequential Probabilities Ratio Test Methods

Multiclassification Analysis of Volumetric, Protocol, and Application Layer DDoS Attacks

Contact Info

Product

Resources

About