Defensive Mechanism Against DDoS Attack to Preserve Resource Availability for IoT Applications

International Journal of Handheld Computing Research ◽

10.4018/ijhcr.2017100104 ◽

2017 ◽

Vol 8 (4) ◽

pp. 40-51

Author(s):

Manimaran Aridoss

Keyword(s):

Virtual Machines ◽

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Ddos Attacks ◽

Detection Techniques ◽

Iot Applications ◽

Cloud Server ◽

The Status ◽

Defensive Mechanism

The major challenge of Internet of Things (IoT) generated data is its hypervisor level vulnerabilities. Malicious VM deployment and termination are so simple due to its multitenant shared nature and distributed elastic cloud features. These features enable the attackers to launch Distributed Denial of Service attacks to degrade cloud server performance. Attack detection techniques are applied to the VMs that are used by malicious tenants to hold the cloud resources by launching DDoS attacks at data center subnets. Traditional dataflow-based attack detection methods rely on the similarities of incoming requests which consist of IP and TCP header information flows. The proposed approach classifies the status patterns of malicious VMs and ideal VMs to identify the attackers. In this article, information theory is used to calculate the entropy value of the malicious virtual machines for detecting attack behaviors. Experimental results prove that the proposed system works well against DDoS attacks in IoT applications.

Download Full-text

Detection of DDoS Attacks in Software Defined Networking Using Entropy

Applied Sciences ◽

10.3390/app12010370 ◽

2021 ◽

Vol 12 (1) ◽

pp. 370

Author(s):

Cong Fan ◽

Nitheesh Murugan Kaliyamurthy ◽

Shi Chen ◽

He Jiang ◽

Yiwen Zhou ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Software Defined Networking ◽

Attack Detection ◽

Detection Methods ◽

Network Architectures ◽

Security Threats ◽

Ddos Attacks ◽

Internet Users ◽

Detection Effect

Software Defined Networking (SDN) is one of the most commonly used network architectures in recent years. With the substantial increase in the number of Internet users, network security threats appear more frequently, which brings more concerns to SDN. Distributed denial of Service (DDoS) attacks are one of the most dangerous and frequent attacks in software defined networks. The traditional attack detection method using entropy has some defects such as slow attack detection and poor detection effect. In order to solve this problem, this paper proposed a method of fusion entropy, which detects attacks by measuring the randomness of network events. This method has the advantages of fast attack detection speed and obvious decrease in entropy value. The complementarity of information entropy and log energy entropy is effectively utilized. The experimental results show that the entropy value of the attack scenarios 91.25% lower than normal scenarios, which has greater advantages and significance compared with other attack detection methods.

Download Full-text

Machine Learning-Based Distributed Denial of Service Attack Detection on Intrusion Detection System Regarding to Feature Selection

International Journal of Artificial Intelligence Research ◽

10.29099/ijair.v4i1.156 ◽

2020 ◽

Vol 4 (1) ◽

Author(s):

Ahmad Azhari ◽

Arif Wirawan Muhammad ◽

Cik Feresa Mohd Foozy

Keyword(s):

Machine Learning ◽

Intrusion Detection ◽

Intrusion Detection System ◽

Policy Development ◽

Detection System ◽

Denial Of Service ◽

Attack Detection ◽

Machine Learning Techniques ◽

Ddos Attacks ◽

Detection Techniques

Distributed Service Denial (DDoS) is a type of network attack, which each year increases in volume and intensity. DDoS attacks also form part of the major types of cyber security threats so far. Early detection plays a key role in avoiding the catastrophic effects on server infrastructure from DDoS attacks. Detection techniques in the traditional Intrusion Detection System (IDS) are far from perfect compared to a number of modern techniques and tools used by attackers, because the traditional IDS only uses signature-based detection or anomaly-based detection models and causes a lot of false positive flags, since the flow of computer network data packets has complex properties in terms of both size and source. Based on the deficiency in the ordinary IDS, this study aims to detect DDoS attacks by using machine learning techniques to enhance IDS policy development. According to the experiment the selection of features plays an important role in the precision of the detection results and in the performance of machine learning in classification problems. The combination of seven key selected dataset features used as an input neural network classifier in this study provides the highest accuracy value at 97.76%.

Download Full-text

Standalone Behaviour-Based Attack Detection Techniques for Distributed Software Systems via Blockchain

Applied Sciences ◽

10.3390/app11125685 ◽

2021 ◽

Vol 11 (12) ◽

pp. 5685

Author(s):

Hosam Aljihani ◽

Fathy Eassa ◽

Khalid Almarhabi ◽

Abdullah Algarni ◽

Abdulaziz Attaallah

Keyword(s):

Attack Detection ◽

Detection Methods ◽

Software Systems ◽

Distributed Software ◽

Detection Techniques ◽

Detection Systems ◽

Novel Approach ◽

Validation Experiment ◽

Critical Issues ◽

Concrete Solution

With the rapid increase of cyberattacks that presently affect distributed software systems, cyberattacks and their consequences have become critical issues and have attracted the interest of research communities and companies to address them. Therefore, developing and improving attack detection techniques are prominent methods to defend against cyberattacks. One of the promising attack detection methods is behaviour-based attack detection methods. Practically, attack detection techniques are widely applied in distributed software systems that utilise network environments. However, there are some other challenges facing attack detection techniques, such as the immutability and reliability of the detection systems. These challenges can be overcome with promising technologies such as blockchain. Blockchain offers a concrete solution for ensuring data integrity against unauthorised modification. Hence, it improves the immutability for detection systems’ data and thus the reliability for the target systems. In this paper, we propose a design for standalone behaviour-based attack detection techniques that utilise blockchain’s functionalities to overcome the above-mentioned challenges. Additionally, we provide a validation experiment to prove our proposal in term of achieving its objectives. We argue that our proposal introduces a novel approach to develop and improve behaviour-based attack detection techniques to become more reliable for distributed software systems.

Download Full-text

Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Security and Communication Networks ◽

10.1155/2018/5198685 ◽

2018 ◽

Vol 2018 ◽

pp. 1-19 ◽

Cited By ~ 8

Author(s):

Jieren Cheng ◽

Chen Zhang ◽

Xiangyan Tang ◽

Victor S. Sheng ◽

Zhe Dong ◽

...

Keyword(s):

Detection Method ◽

Denial Of Service ◽

Multiple Kernel Learning ◽

Attack Detection ◽

Kernel Learning ◽

Economic Losses ◽

Ddos Attacks ◽

Ddos Attack ◽

Multiple Kernel ◽

Ddos Attack Detection

Distributed denial of service (DDoS) attacks has caused huge economic losses to society. They have become one of the main threats to Internet security. Most of the current detection methods based on a single feature and fixed model parameters cannot effectively detect early DDoS attacks in cloud and big data environment. In this paper, an adaptive DDoS attack detection method (ADADM) based on multiple-kernel learning (MKL) is proposed. Based on the burstiness of DDoS attack flow, the distribution of addresses, and the interactivity of communication, we define five features to describe the network flow characteristic. Based on the ensemble learning framework, the weight of each dimension is adaptively adjusted by increasing the interclass mean with a gradient ascent and reducing the intraclass variance with a gradient descent, and the classifier is established to identify an early DDoS attack by training simple multiple-kernel learning (SMKL) models with two characteristics including interclass mean squared difference growth (M-SMKL) and intraclass variance descent (S-SMKL). The sliding window mechanism is used to coordinate the S-SMKL and M-SMKL to detect the early DDoS attack. The experimental results indicate that this method can detect DDoS attacks early and accurately.

Download Full-text

SOFT COMPUTING BASED AUTONOMOUS LOW RATE DDOS ATTACK DETECTION AND SECURITY FOR CLOUD COMPUTING

Journal of Soft Computing Paradigm - September 2019 ◽

10.36548/jscp.2019.2.003 ◽

2019 ◽

Vol 2019 (2) ◽

pp. 80-90 ◽

Cited By ~ 4

Author(s):

Mugunthan S. R.

Keyword(s):

Cloud Computing ◽

Soft Computing ◽

High Speed ◽

Denial Of Service ◽

Attack Detection ◽

Ddos Attacks ◽

Counter Measures ◽

Cloud Architecture ◽

Ddos Attack Detection ◽

Low Rate

The fundamental advantage of the cloud environment is its instant scalability in rendering the service according to the various demands. The recent technological growth in the cloud computing makes it accessible to people from everywhere at any time. Multitudes of user utilizes the cloud platform for their various needs and store their complete details that are personnel as well as confidential in the cloud architecture. The storage of the confidential information makes the cloud architecture attractive to its hackers, who aim in misusing the confidential/secret information’s. The misuse of the services and the resources of the cloud architecture has become a common issue in the day to day usage due to the DDOS (distributed denial of service) attacks. The DDOS attacks are highly mature and continue to grow at a high speed making the detecting and the counter measures a challenging task. So the paper uses the soft computing based autonomous detection for the Low rate-DDOS attacks in the cloud architecture. The proposed method utilizes the hidden Markov Model for observing the flow in the network and the Random forest in classifying the detected attacks from the normal flow. The proffered method is evaluated to measure the performance improvement attained in terms of the Recall, Precision, specificity, accuracy and F-measure.

Download Full-text

Multi-Aspect DDOS Detection System for Securing Cloud Network

Cloud Security ◽

10.4018/978-1-5225-8176-5.ch096 ◽

2019 ◽

pp. 1952-1983

Author(s):

Pourya Shamsolmoali ◽

Masoumeh Zareapoor ◽

M.Afshar Alam

Keyword(s):

Cloud Computing ◽

Detection System ◽

Denial Of Service ◽

Complex Form ◽

Internet Security ◽

Detection Methods ◽

Ddos Attacks ◽

Dos Attacks ◽

Ddos Detection ◽

Cloud Network

Distributed Denial of Service (DDoS) attacks have become a serious attack for internet security and Cloud Computing environment. This kind of attacks is the most complex form of DoS (Denial of Service) attacks. This type of attack can simply duplicate its source address, such as spoofing attack, which defending methods do not able to disguises the real location of the attack. Therefore, DDoS attack is the most significant challenge for network. In this chapter we present different aspect of security in Cloud Computing, mostly we concentrated on DDOS Attacks. The Authors illustrated all types of Dos Attacks and discussed the most effective detection methods.

Download Full-text

Detecting DDoS Attacks on Multiple Network Hosts

Developments in Information Security and Cybernetic Wars - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-8304-2.ch006 ◽

2019 ◽

pp. 121-139 ◽

Cited By ~ 1

Author(s):

Konstantinos F. Xylogiannopoulos ◽

Panagiotis Karampelas ◽

Reda Alhajj

Keyword(s):

Denial Of Service ◽

Attack Detection ◽

Detection Methods ◽

Distributed Denial Of Service ◽

Secondary Sources ◽

Ddos Attack ◽

Timely Fashion ◽

Multiple Network ◽

Ddos Attack Detection ◽

Low Traffic

The proliferation of low security internet of things devices has widened the range of weapons that malevolent users can utilize in order to attack legitimate services in new ways. In the recent years, apart from very large volumetric distributed denial of service attacks, low and slow attacks initiated from intelligent bot networks have been detected to target multiple hosts in a network in a timely fashion. However, even if the attacks seem to be “innocent” at the beginning, they generate huge traffic in the network without practically been detected by the traditional DDoS attack detection methods. In this chapter, an advanced pattern detection method is presented that is able to collect and classify in real time all the incoming traffic and detect a developing slow and low DDoS attack by monitoring the traffic in all the hosts of the network. The experimental analysis on a real dataset provides useful insights about the effectiveness of the method by identifying not only the main source of attack but also secondary sources that produce low traffic, targeting though multiple hosts.

Download Full-text

Proposed statistical-based approach for detecting distribute denial of service against the controller of software defined network (SADDCS)

MATEC Web of Conferences ◽

10.1051/matecconf/201821802012 ◽

2018 ◽

Vol 218 ◽

pp. 02012 ◽

Cited By ~ 3

Author(s):

Mohammad A. AL-Adaileh ◽

Mohammed Anbar ◽

Yung-Wey Chong ◽

Ahmed Al-Ani

Keyword(s):

Statistical Analysis ◽

Denial Of Service ◽

Attack Detection ◽

Detection Accuracy ◽

Ddos Attacks ◽

Large Area ◽

Network Resources ◽

Network Resource ◽

High Bandwidth ◽

Sdn Controller

Software-defined networkings (SDNs) have grown rapidly in recent years be-cause of SDNs are widely used in managing large area networks and securing networks from Distributed Denial of Services (DDoS) attacks. SDNs allow net-works to be monitored and managed through centralized controller. Therefore, SDN controllers are considered as the brain of networks and are considerably vulnerable to DDoS attacks. Thus, SDN controller suffer from several challenges that exhaust network resources. For SDN controller, the main target of DDoS attacks is to prevent legitimate users from using a network resource or receiving their services. Nevertheless, some approaches have been proposed to detect DDoS attacks through the examination of the traffic behavior of networks. How-ever, these approaches take too long to process all incoming packets, thereby leading to high bandwidth consumption and delays in the detection of DDoS at-tacks. In addition, most existing approaches for the detection of DDoS attacks suffer from high positive/negative false rates and low detection accuracy. This study proposes a new approach to detecting DDoS attacks. The approach is called the statistical-based approach for detecting DDoS against the controllers of software-defined networks. The proposed approach is designed to detect the presence of DDoS attacks accurately, reduce false positive/negative flow rates, and minimize the complexity of targeting SDN controllers according to a statistical analysis of packet features. The proposed approach passively captures net-work traffic, filters traffic, and selects the most significant features that contribute to DDoS attack detection. The general stages of the proposed approach are (i) da-ta preprocessing, (ii) statistical analysis, (iii) correlation identification between two vectors, and (iv) rule-based DDoS detection.

Download Full-text

An Enhanced Way of Distributed Denial of Service Attack Detection by Applying Machine Learning Algorithms in Cloud Computing

Journal of Computational and Theoretical Nanoscience ◽

10.1166/jctn.2020.9317 ◽

2020 ◽

Vol 17 (8) ◽

pp. 3765-3769

Author(s):

N. P. Ponnuviji ◽

M. Vigilson Prem

Keyword(s):

Machine Learning ◽

Cloud Computing ◽

Denial Of Service ◽

Learning Algorithms ◽

Attack Detection ◽

Machine Learning Algorithms ◽

Distributed Denial Of Service ◽

Detection Techniques ◽

Network Bandwidth ◽

Ddos Attack

Cloud Computing has revolutionized the Information Technology by allowing the users to use variety number of resources in different applications in a less expensive manner. The resources are allocated to access by providing scalability flexible on-demand access in a virtual manner, reduced maintenance with less infrastructure cost. The majority of resources are handled and managed by the organizations over the internet by using different standards and formats of the networking protocols. Various research and statistics have proved that the available and existing technologies are prone to threats and vulnerabilities in the protocols legacy in the form of bugs that pave way for intrusion in different ways by the attackers. The most common among attacks is the Distributed Denial of Service (DDoS) attack. This attack targets the cloud’s performance and cause serious damage to the entire cloud computing environment. In the DDoS attack scenario, the compromised computers are targeted. The attacks are done by transmitting a large number of packets injected with known and unknown bugs to a server. A huge portion of the network bandwidth of the users’ cloud infrastructure is affected by consuming enormous time of their servers. In this paper, we have proposed a DDoS Attack detection scheme based on Random Forest algorithm to mitigate the DDoS threat. This algorithm is used along with the signature detection techniques and generates a decision tree. This helps in the detection of signature attacks for the DDoS flooding attacks. We have also used other machine learning algorithms and analyzed based on the yielded results.

Download Full-text