摘要 :
Distributed denial of service (DDoS) attacks pose an increasing threat to businesses and government agencies. They harm internet businesses, limit access to information and services, and damage corporate brands. Attackers use appl...
展开
Distributed denial of service (DDoS) attacks pose an increasing threat to businesses and government agencies. They harm internet businesses, limit access to information and services, and damage corporate brands. Attackers use application layer DDoS attacks that are not easily detectable because of impersonating authentic users. In this study, we address novel application layer DDoS attacks by analyzing the characteristics of incoming packets, including the size of HTTP frame packets, the number of Internet Protocol (IP) addresses sent, constant mappings of ports, and the number of IP addresses using proxy IP. We analyzed client behavior in public attacks using standard datasets, the CTU-13 dataset, real weblogs (dataset) from our organization, and experimentally created datasets from DDoS attack tools: Slow Lairs, Hulk, Golden Eyes, and Xerex. A multilayer perceptron (MLP), a deep learning algorithm, is used to evaluate the effectiveness of metrics-based attack detection. Simulation results show that the proposed MLP classification algorithm has an efficiency of 98.99% in detecting DDoS attacks. The performance of our proposed technique provided the lowest value of false positives of 2.11% compared to conventional classifiers, i.e., Na?ve Bayes, Decision Stump, Logistic Model Tree, Na?ve Bayes Updateable, Na?ve Bayes Multinomial Text, AdaBoostM1, Attribute Selected Classifier, Iterative Classifier, and OneR.
收起
摘要 :
Distributed Denail-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of ord...
展开
Distributed Denail-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of order alpha of the generalized (Renyi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. In information theory, entropies make up the basis for distance and divergence measures among various probability densities. We design our abnormal-based detection metric using the generalized entropy. The experimental results show that our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order alpha = 2, and two hops earlier than the Shannon metric while order alpha = 10.) but can also reduce both the false positive rate and the false negative rate, compared with the traditional Shannon entropy metric approach.
收起
摘要 :
Distributed Denail-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of ord...
展开
Distributed Denail-of-Service (DDoS) attacks are a serious threat to the safety and security of cyberspace. In this paper we propose a novel metric to detect DDoS attacks in the Internet. More precisely, we use the function of order α of the generalized (Renyi) entropy to distinguish DDoS attacks traffic from legitimate network traffic effectively. In information theory, entropies make up the basis for distance and divergence measures among various probability densities. We design our abnormal-based detection metric using the generalized entropy. The experimental results show that our proposed approach can not only detect DDoS attacks early (it can detect attacks one hop earlier than using the Shannon metric while order α = 2, and two hops earlier than the Shannon metric while order α = 10.) but can also reduce both the false positive rate and the false negative rate, compared with, the traditional Shannon entropy metric approach.
收起
摘要 :
Effectively detecting and preventing Distributed Denial of Service (DDoS) attacks is getting more and more important for internet service quality. Due to computer limitations for counting the number of flows present in network tra...
展开
Effectively detecting and preventing Distributed Denial of Service (DDoS) attacks is getting more and more important for internet service quality. Due to computer limitations for counting the number of flows present in network traffic, earlier work on DDoS detection has either focused on offline analysis of log data or ranged in a small number of potential victim destinations. However, those methods are not sufficient for detecting possible DDoS activity in real time over large networks. This paper proposes novel data-streaming algorithms for real-time detection of DDoS activity in large networks. The key idea is a hash-based synopsis data structure for sampling network data streams. This structure can efficiently track, guarantees small space, and offers accurate synopses. It also presents an algorithm for counting the number of potentially malicious (e.g., "half-open") connections from the network streams. Moreover, the algorithm focuses on counting the distinct destination or source IP by distinguishing difference connection types.
收起
摘要 :
Security and safety are fundamental issues in any wireless network. The problem becomes serious when the specified network is Vehicular Adhoc Network (VANET). VANET faces Distributed Denial of Service (DDoS) attacks, when several ...
展开
Security and safety are fundamental issues in any wireless network. The problem becomes serious when the specified network is Vehicular Adhoc Network (VANET). VANET faces Distributed Denial of Service (DDoS) attacks, when several vehicles carry out various types of Denial of Service (DoS) attacks to disrupt the normal functioning of network, thereby endangering human lives. A highly efficient and reliable algorithm is required to be developed to detect and prevent DDoS attacks in VANET. This paper presents a hybrid detection algorithm based on the SVM kernel methods of AnovaDot and RBFDot for detecting DDoS attacks in VANETs. In this hybrid algorithm, features like collisions, packet drop, jitter etc. have been used to simulate real time network communication scenario where the network is operating under normal conditions, as well as under DDoS attacks. These features are used both for training and for testing the model based on the proposed hybrid algorithm. The performance of the model based on the proposed hybrid algorithm is compared with the models based on single SVM kernel algorithms AnovaDot and RBFDot based on Accuracy, Gini, KS, MER and H. The experimental results show that the model based on the proposed hybrid algorithm is superior to detect DDoS attacks as compared to the models based on single SVM kernel algorithms AnovaDot and RBFDot. The results also prove that by combining the the SVM kernel algorithms, an efficient and effective hybrid algorithm can be developed.
收起
摘要 :
Distributed Denial of Service attack has been a huge threat to the Internet and may carry extreme losses to systems, companies, and national security. The invader can disseminate Distributed denial of service (DDoS) attacks easily...
展开
Distributed Denial of Service attack has been a huge threat to the Internet and may carry extreme losses to systems, companies, and national security. The invader can disseminate Distributed denial of service (DDoS) attacks easily, and it ends up being significantly harder to recognize and forestall DDoS attacks. In recent years, many IT-based companies are attacked by DDoS attacks. In this view, the primary concern of this work is to detect and prevent DDoS attacks. To fulfill the objective, various data mining techniques such that Jrip, J48, and k-NN have been employed for DDoS attacks detection. These algorithms are implemented and thoroughly evaluated individually to validate their performance in this domain. The presented work has been evaluated using the latest dataset CICIDS2017. The dataset characterizes different DDoS attacks viz. brute force SSH, brute force FTP, Heartbleed, infiltration, botnet TCP, UDP, and HTTP with port scan attack. Further, the prevention method takes place in progress to block the malicious nodes participates in any of the said attacks. The proposed DDoS prevention works in a proactive mode to defend all these attack types and gets evaluated concerning various parameters such as Throughput, PDR, End-to-End Delay, and NRL. This study claimed that the proposed technique outperforms with respect to the AODV routing algorithm.
收起
摘要 :
The aim of a Software Defined Network is to provide flexibility and programmability towards ensuring network manageability and centralized control to deal with the growing users of future network. However, the advantages that SDN ...
展开
The aim of a Software Defined Network is to provide flexibility and programmability towards ensuring network manageability and centralized control to deal with the growing users of future network. However, the advantages that SDN presents comes with security concerns arising from some vulnerabilities in its Architecture. Security concerns such as DDOS attack in SDN is growing in strength and sophistication trying to exploit the programmability and centralized control features of SDN Architecture. Although SDN is vulnerable to attack, SDN itself could be used to defeat attacks. This Article reviews DDOS Attack Detection and mitigation approaches and is further clustered into four as follows: Statistical based technique, techniques based on Machine Learning, Neural network and other detection approaches or Techniques. The capability and weakness of the detection techniques were pointed out. The metrics for the performance Evaluation of some of the various techniques as well as Data set repository were presented. Finally, some general research challenges and Gaps to guide future research in this area were discussed.
收起
摘要 :
Distributed Denial of Service (DDoS) attack has become one of the most destructive network attacks which can pose a mortal threat to Internet security. Existing detection methods cannot effectively detect early attacks. In this pa...
展开
Distributed Denial of Service (DDoS) attack has become one of the most destructive network attacks which can pose a mortal threat to Internet security. Existing detection methods cannot effectively detect early attacks. In this paper, we propose a detection method of DDoS attacks based on generalized multiple kernel learning (GMKL) combining with the constructed parameter R. The super-fusion feature value (SFV) and comprehensive degree of feature (CDF) are defined to describe the characteristic of attack flow and normal flow. A method for calculating R based on SFV and CDF is proposed to select the combination of kernel function and regularization paradigm. A DDoS attack detection classifier is generated by using the trained GMKL model with R parameter. The experimental results show that kernel function and regularization parameter selection method based on R parameter reduce the randomness of parameter selection and the error of model detection, and the proposed method can effectively detect DDoS attacks in complex environments with higher detection rate and lower error rate.
收起
摘要 :
The strength of Vehicular Ad hoc Networks (VANETs) and the rapid deployment capability, can be used in many situations where the network should be arranged in a short time and there is a need to collect sensitive information. We c...
展开
The strength of Vehicular Ad hoc Networks (VANETs) and the rapid deployment capability, can be used in many situations where the network should be arranged in a short time and there is a need to collect sensitive information. We consider cluster-based attack detection in data compilation wherever the neighbor nodes give the important information to the cluster head. Moreover, evidence is obtainable in the cluster head may possibly be accumulated by some vehicular nodes and executes numerous responsibilities such as decision making about delivering information. The existence of malicious nodes threatens determination making through transmitting malevolent information, which is not appropriate to the VANET categorized data and might send a substantial number of packets to the vehicles or Road Side Unit (RSU). To overcome this issue, we have proposed a Stream Position Performance Analysis (SPPA) approach. This approach monitors the position of any field station in sending the information to perform a Distributed Denial of Service (DDoS) attack. The method computes various factors like Conflict field, Conflict data and Attack signature sample rate (CCA). Using all these factors, the method identifies the trustworthiness of the packet and includes it in decision making. The proposed approach increases the performance of a Distributed Denial of Service (DDoS) attack detection in a VANET environment.
收起
摘要 :
Classification of high-entropy data sources is one of the key problems in the field of information security. Currently, there are many methods for classification of encrypted and compressed sequences; however, they mostly use digi...
展开
Classification of high-entropy data sources is one of the key problems in the field of information security. Currently, there are many methods for classification of encrypted and compressed sequences; however, they mostly use digital signatures or service information found in the headers of the containers used to store or transfer data. This paper analyzes the state of research in the field of classification of encrypted and compressed data and develops a model of encrypted and compressed sequences. Our experiments demonstrate a high accuracy of the proposed approach, which allows us to conclude that the methods for classifying encrypted and compressed data used in our study have been improved. The approach can be implemented in data leak prevention systems or corporate email systems to analyze the attachments sent outside the controlled perimeter of a government agency or enterprise. Purpose of the research - develop a model of pseudo-random sequences generated by data encryption and compression algorithms that most accurately reflects statistical properties of these sequences. Methods of the research - statistical data analysis, mathematical statistics, and machine learning. Result of the research - An analysis of the studies aimed at solving the problem of classification for encrypted and compressed sequences in the field of information security is carried out. A model of pseudo-random sequences generated by encryption and compression algorithms is developed taking into account their statistical features: distribution of bytes and distribution of subsequences of limited length, which constitute a new probabilistic space. The choice of the statistical features used in the pseudo-random sequence model is justified. Experiments for determining the hyperparameters of the classifier on a dataset generated from encrypted and compressed files without taking their headers into account are carried out. The constraints used in the pseudo-random sequence model, namely, the length of pseudo-random sequences (approximately 600 Kb), are defined. Experiments for determining the effect of the statistical features used in the model on classification accuracy are conducted. The proposed approach allows encrypted and compressed data to be classified with an accuracy of 0.97.
收起