A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Xu, Ruomeng; Cheng, Jieren; Wang, Fengkai; Tang, Xiangyan; Xu, Jinying

doi:10.3390/sym11010078

Cited by 12 publications

(5 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The tree is inspected from top to bottom, where a given condition is checked at each node by analyzing the features of the input sample, leading to the following node [1,3,27,28]. • Random Forest: they are ensemble methods consisting of several Decision Trees, in which the output is computed after evaluating the prediction of each individual tree composing the "forest" [1,3,[27][28][29].…”

Section: Machine Learning For Cyber Detectionmentioning

confidence: 99%

AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

et al. 2020

View full text Add to dashboard Cite

Adversarial attacks represent a critical issue that prevents the reliable integration of machine learning methods into cyber defense systems. Past work has shown that even proficient detectors are highly affected just by small perturbations to malicious samples, and that existing countermeasures are immature. We address this problem by presenting AppCon, an original approach to harden intrusion detectors against adversarial evasion attacks. Our proposal leverages the integration of ensemble learning to realistic network environments, by combining layers of detectors devoted to monitor the behavior of the applications employed by the organization. Our proposal is validated through extensive experiments performed in heterogeneous network settings simulating botnet detection scenarios, and consider detectors based on distinct machine- and deep-learning algorithms. The results demonstrate the effectiveness of AppCon in mitigating the dangerous threat of adversarial attacks in over 75% of the considered evasion attempts, while not being affected by the limitations of existing countermeasures, such as performance degradation in non-adversarial settings. For these reasons, our proposal represents a valuable contribution to the development of more secure cyber defense platforms.

show abstract

Section: Machine Learning For Cyber Detectionmentioning

confidence: 99%

AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

et al. 2020

View full text Add to dashboard Cite

show abstract

“…In case of an attack, the DDoS filtering rule base module is notified, which detects attack packet features and filters out packets arriving from malicious clients, thus blocking a DDoS attack. Xu et al (2019) proposed a detection method for DRDoS using Deep Forest model in a Big Data environment. The model utilizes statistical information of DRDoS attack flow.…”

Section: Low Computation Complexitymentioning

confidence: 99%

“…The high volumes of structured, semi-structured and unstructured data generated at an express rate renders conventional methods to powerless in terms of management and analysis. Therefore, big data analytics is becoming increasingly appealing in recent times owing to its capacity to perform a detailed analysis on a variety of data (Cheng et al, 2018;Lan & Jun, 2013;Mahmood & Afzal, 2013;Raj, 2014;Singh et al, 2014;Xu et al, 2019). Still unexplored, big data analytics could prove as a silver bullet against mitigating botnet-based DDoS attacks in various environment.…”

Section: Open Challenges and Future Research Directionsmentioning

confidence: 99%

Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms

Singh

Gupta

2022

International Journal on Semantic Web and Information Systems

View full text Add to dashboard Cite

The demand for Internet security has escalated in the last two decades because the rapid proliferation in the number of Internet users has presented attackers with new detrimental opportunities. One of the simple yet powerful attack, lurking around the Internet today, is the Distributed Denial-of-Service (DDoS) attack. The expeditious surge in the collaborative environments, like IoT, cloud computing and SDN, have provided attackers with countless new avenues to benefit from the distributed nature of DDoS attacks. The attackers protect their anonymity by infecting distributed devices and utilizing them to create a bot army to constitute a large-scale attack. Thus, the development of an effective as well as efficient DDoS defense mechanism becomes an immediate goal. In this exposition, we present a DDoS threat analysis along with a few novel ground-breaking defense mechanisms proposed by various researchers for numerous domains. Further, we talk about popular performance metrics that evaluate the defense schemes. In the end, we list prevalent DDoS attack tools and open challenges.

show abstract

“…Karim et al [8] study about experimental performance of Snort-based IDS (S-IDS) in network. Xu et al [9] suggest Distributed Denial-of-Service (DRDoS) detection and defense model based on Deep Forest model (DDDF). In particular, they focus on attacks in Internet of Things (IoT) devices and big data environment.…”

Section: Trends Of Ids Studiesmentioning

confidence: 99%

CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

et al. 2020

View full text Add to dashboard Cite

As cyberattacks become more intelligent, it is challenging to detect advanced attacks in a variety of fields including industry, national defense, and healthcare. Traditional intrusion detection systems are no longer enough to detect these advanced attacks with unexpected patterns. Attackers bypass known signatures and pretend to be normal users. Deep learning is an alternative to solving these issues. Deep Learning (DL)-based intrusion detection does not require a lot of attack signatures or the list of normal behaviors to generate detection rules. DL defines intrusion features by itself through training empirical data. We develop a DL-based intrusion model especially focusing on denial of service (DoS) attacks. For the intrusion dataset, we use KDD CUP 1999 dataset (KDD), the most widely used dataset for the evaluation of intrusion detection systems (IDS). KDD consists of four types of attack categories, such as DoS, user to root (U2R), remote to local (R2L), and probing. Numerous KDD studies have been employing machine learning and classifying the dataset into the four categories or into two categories such as attack and benign. Rather than focusing on the broad categories, we focus on various attacks belonging to same category. Unlike other categories of KDD, the DoS category has enough samples for training each attack. In addition to KDD, we use CSE-CIC-IDS2018 which is the most up-to-date IDS dataset. CSE-CIC-IDS2018 consists of more advanced DoS attacks than that of KDD. In this work, we focus on the DoS category of both datasets and develop a DL model for DoS detection. We develop our model based on a Convolutional Neural Network (CNN) and evaluate its performance through comparison with an Recurrent Neural Network (RNN). Furthermore, we suggest the optimal CNN design for the better performance through numerous experiments.

show abstract

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Cited by 12 publications

References 40 publications

AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

AppCon: Mitigating Evasion Attacks to ML Cyber Detectors

Distributed Denial-of-Service (DDoS) Attacks and Defense Mechanisms in Various Web-Enabled Computing Platforms

CNN-Based Network Intrusion Detection against Denial-of-Service Attacks

Contact Info

Product

Resources

About