A Way to Estimate TCP Throughput under Low-Rate DDoS Attacks: One TCP Flow

Author(s):  
Minh Viet Kieu ◽  
Dai Tho Nguyen ◽  
Thanh Thuy Nguyen
Keyword(s):  
2019 ◽  
Vol 2019 (2) ◽  
pp. 80-90 ◽  
Author(s):  
Mugunthan S. R.

The fundamental advantage of the cloud environment is its instant scalability in rendering the service according to the various demands. The recent technological growth in the cloud computing makes it accessible to people from everywhere at any time. Multitudes of user utilizes the cloud platform for their various needs and store their complete details that are personnel as well as confidential in the cloud architecture. The storage of the confidential information makes the cloud architecture attractive to its hackers, who aim in misusing the confidential/secret information’s. The misuse of the services and the resources of the cloud architecture has become a common issue in the day to day usage due to the DDOS (distributed denial of service) attacks. The DDOS attacks are highly mature and continue to grow at a high speed making the detecting and the counter measures a challenging task. So the paper uses the soft computing based autonomous detection for the Low rate-DDOS attacks in the cloud architecture. The proposed method utilizes the hidden Markov Model for observing the flow in the network and the Random forest in classifying the detected attacks from the normal flow. The proffered method is evaluated to measure the performance improvement attained in terms of the Recall, Precision, specificity, accuracy and F-measure.


2020 ◽  
Vol 112 (3) ◽  
pp. 1735-1762
Author(s):  
Neha Agrawal ◽  
Shashikala Tapaswi

2021 ◽  
Vol 100 ◽  
pp. 102107
Author(s):  
Xinqian Liu ◽  
Jiadong Ren ◽  
Haitao He ◽  
Qian Wang ◽  
Chen Song

Author(s):  
Jiarun Lin ◽  
Changwang Zhang ◽  
Zhiping Cai ◽  
Qiang Liu ◽  
Jianping Yin
Keyword(s):  

Author(s):  
Mohammad A. Aladaileh ◽  
Mohammed Anbar ◽  
Iznan H. Hasbullah ◽  
Yousef K. Sanjalawe

The number of network users and devices has exponentially increased in the last few decades, giving rise to sophisticated security threats while processing users’ and devices’ network data. Software-Defined Networking (SDN) introduces many new features, but none is more revolutionary than separating the control plane from the data plane. The separation helps DDoS attack detection mechanisms by introducing novel features and functionalities. Since the controller is the most critical part of the SDN network, its ability to control and monitor network traffic flow behavior ensures the network functions properly and smoothly. However, the controller’s importance to the SDN network makes it an attractive target for attackers. Distributed Denial of Service (DDoS) attack is one of the major threats to network security. This paper presents a comprehensive review of information theory-based approaches to detect low-rate and high-rate DDoS attacks on SDN controllers. Additionally, this paper provides a qualitative comparison between this work and the existing reviews on DDoS attack detection approaches using various metrics to highlight this work’s uniqueness. Moreover, this paper provides in-depth discussion and insight into the existing DDoS attack detection approaches to point out their weaknesses that open the avenue for future research directions. Meanwhile, the finding of this paper can be used by other researchers to propose a new or enhanced approach to protect SDN controllers from the threats of DDoS attacks by accurately detecting both low-rate and high-rate DDoS attacks.


Electronics ◽  
2021 ◽  
Vol 10 (17) ◽  
pp. 2105
Author(s):  
Vasudha Vedula ◽  
Palden Lama ◽  
Rajendra V. Boppana ◽  
Luis A. Trejo

Distributed denial of service (DDoS) attacks aim to deplete the network bandwidth and computing resources of targeted victims. Low-rate DDoS attacks exploit protocol features such as the transmission control protocol (TCP) three-way handshake mechanism for connection establishment and the TCP congestion-control induced backoffs to attack at a much lower rate and still effectively bring down the targeted network and computer systems. Most of the statistical and machine/deep learning-based detection methods proposed in the literature require keeping track of packets by flows and have high processing overheads for feature extraction. This paper presents a novel two-stage model that uses Long Short-Term Memory (LSTM) and Random Forest (RF) to detect the presence of attack flows in a group of flows. This model has a very low data processing overhead; it uses only two features and does not require keeping track of packets by flows, making it suitable for continuous monitoring of network traffic and on-the-fly detection. The paper also presents an LSTM Autoencoder to detect individual attack flows with high detection accuracy using only two features. Additionally, the paper presents an analysis of a support vector machine (SVM) model that detects attack flows in slices of network traffic collected for short durations. The low-rate attack dataset used in this study is made available to the research community through GitHub.


Sign in / Sign up

Export Citation Format

Share Document