Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing

Cheng, Jieren; Li, Mengyang; Tang, Xiangyan; Sheng, Victor S.; Liu, Yifu; Guo, Wei

doi:10.1155/2018/6459326

Cited by 22 publications

(15 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…e Smart Detection system has reached high accuracy and low false-positive rate. Experiments were conducted using two Virtual Linux boxes, Define all the descriptor database variables as the current variables; (5) while True do (6) Split dataset in training and test partitions; (7) Create and train the model using training data partition; (8) Select the most important variables from the trained model; (9) Calculate the cumulative importance of variables from the trained model; (10) if max (cumulative importance of variables) < Variable importance threshold then (11) Exit loop; (12) end (13) Train the model using only the most important variables; (14) Test the trained model and calculate the accuracy; (15) if Calculated accuracy < Accuracy threshold then (16) Exit loop; (17) end (18) Add current model to optimized model set; (19) Define the most important variables from the trained model as the current variables; (20) end (21) end (22) Group the models by number of variables; (23) Remove outliers from the grouped model set; (24) Select the group of models with the highest frequency and their number of variables "N"; (25) Rank the variables by the mean of the importance calculated in step 7; (26) Return the "N" most important variables; [2004][2005] have been used by the researchers to evaluate the performance of their proposed intrusion detection and prevention approaches. However, many such datasets are out of date and unreliable to use [25].…”

Section: Resultsmentioning

confidence: 99%

“…Finding the balance between academic propositions and the industrial practice of combating DDoS is a big challenge. e academy invests in techniques such as machine learning (ML) and proposes to apply them in areas such as DDoS detection in Internet of ings (IoT) [20,21] sensors, wireless sensors [22], cloud computing [23] and softwaredefined networking (SDN) [18] and work on producing more realistic datasets [24,25] and more effective means of result validation [26,27]. On the other hand, industry segments gradually invested in new paradigms in their solutions such as network function virtualization (NFV) and SDN [28,29] to apply scientific discoveries and modernize network structures.…”

Section: Problem Statements Ddos Detection and Mitigationmentioning

confidence: 99%

See 1 more Smart Citation

Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Filho

Silveira

Júnior

et al. 2019

Security and Communication Networks

175

View full text Add to dashboard Cite

Users and Internet service providers (ISPs) are constantly affected by denial-of-service (DoS) attacks. This cyber threat continues to grow even with the development of new protection technologies. Developing mechanisms to detect this threat is a current challenge in network security. This article presents a machine learning- (ML-) based DoS detection system. The proposed approach makes inferences based on signatures previously extracted from samples of network traffic. The experiments were performed using four modern benchmark datasets. The results show an online detection rate (DR) of attacks above 96%, with high precision (PREC) and low false alarm rate (FAR) using a sampling rate (SR) of 20% of network traffic.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Problem Statements Ddos Detection and Mitigationmentioning

confidence: 99%

Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Filho

Silveira

Júnior

et al. 2019

Security and Communication Networks

175

View full text Add to dashboard Cite

show abstract

“…However, adoption of absolute database leads to a misclassification of false positive and false negative due to a high possibility of occurrence. Cheng, et al [ 13 ] noted that this approach requires information from the available dataset to capture the behavior and information about various attacks. The signature-based detection was built based on the network behavior and there are also various terms that have been used to describe it including misuse, knowledge-based, rule-based and pattern-based detection [ 13 , 14 ].…”

Section: Introductionmentioning

confidence: 99%

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

Jaafar

Ismail

Abdullah

et al. 2020

Sensors

View full text Add to dashboard Cite

Application Layer Distributed Denial of Service (DDoS) attacks are very challenging to detect. The shortfall at the application layer allows formation of HTTP DDoS as the request headers are not compulsory to be attached in an HTTP request. Furthermore, the header is editable, thus providing an attacker with the advantage to execute HTTP DDoS as it contains almost similar request header that can emulate a genuine client request. To the best of the authors’ knowledge, there are no recent studies that provide forged request headers pattern with the execution of the current HTTP DDoS attack scripts. Besides that, the current dataset for HTTP DDoS is not publicly available which leads to complexity for researchers to disclose false headers, causing them to rely on old dataset rather than more current attack patterns. Hence, this study conducted an analysis to disclose forged request headers patterns created by HTTP DDoS. The results of this study successfully disclose eight forged request headers patterns constituted by HTTP DDoS. The analysis was executed by using actual machines and eight real attack scripts which are capable of overwhelming a web server in a minimal duration. The request headers patterns were explained supported by a critical analysis to provide the outcome of this paper.

show abstract

“…Recently, an abnormal network flow based DDoS detection method was presented [14], which showed a better performance among other existing methods. Also, Jieren C. proposed an DDoS detection method for socially aware networking [15] and a method using flow correlation degree [16]. Ruizhi Z. presented a DDoS attack security situation assessment model [17] that formed the basic evaluation solution to the attacks.Security detection is an important tool that can strengthen the security of information and communication in networks [18][19][20][21][22].…”

mentioning

confidence: 99%

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Cheng

Wang

et al. 2019

Symmetry

Self Cite

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) has developed multiple variants, one of which is Distributed Reflective Denial of Service (DRDoS). With the increasing number of Internet of Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. The existing DDoS detection methods cannot be generalized in DRDoS early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flows. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on the deep forest, which consists of 1 extreme gradient boost (XGBoost) forest estimator, 2 random forest estimators, and 2 extra random forest estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the traffic identified in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flows, and dramatically mitigate the damage of a DRDoS attack.Symmetry 2019, 11, 78 2 of 22 access requests, and the internal server or devices reflecting more packets, the DRDoS attack brings the danger of congestion effectively, and the high accessibility of conducting such attacks is achieved due to the easy-use tools and relatively low cost.In 26 September 2016, and 21 October 2016, the network in the United States was also attacked by DRDoS, the attackers unitized tens of millions of webcams and digital video recorders (DVR), sending packets to the Internet service provider (ISP), causing over 1200 websites, including Twitter, Amazon, Reddit, and Netflix to be inaccessible for millions of Internet users. Moreover, the DRDoS attacks witnessed this year have the trend to be more dedicated and sophisticated with higher diversities, as a consequence, a swift, smart and solid cyber-attack detection mechanism is needed for security control for the increasingly vulnerable network.The rest of the paper is organized as follows. Related work is discussed in Section 2. In Section 3, we analyze the feature of general type DRDoS attack as the base theorem for the method we proposed in Section 4, where we will introduce the algorithm of the DRDoS detection method and characterized each part of it. We will then introduce the deep forest model for classification and apply differentiated service in the defense method. And we define differentiated service as a procedure that implements a simple and scalable mechani...

show abstract

Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing

Cited by 22 publications

References 36 publications

Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Recent Analysis of Forged Request Headers Constituted by HTTP DDoS

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Contact Info

Product

Resources

About