A feature reduction based reflected and exploited DDoS attacks detection system

Kshirsagar, Deepak; Kumar, Sandeep

doi:10.1007/s12652-021-02907-5

Cited by 51 publications

(16 citation statements)

References 40 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, this type of system fails to recognize a low-volume of DDoS attacks. Few authors [55] designed there system using recent dataset. Therefore, there is a need for a new classification approach that can be validated using recent datasets, such as CICDDoS2019.…”

Section: Related Workmentioning

confidence: 99%

SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks

2022

View full text Add to dashboard Cite

Distributed denial of service (DDoS) is an immense threat for Internet based-applications and their resources. It immediately floods the victim system by transmitting a large number of network packets, and due to this, the victim system resources become unavailable for legitimate users. Therefore, this attack is claimed to be a dangerous attack for Internet-based applications and their resources. Several security approaches have been proposed in the literature to protect Internet-based applications from this type of threat. However, the frequency and strength of DDoS attacks are increasing day-by-day. Further, most of the traditional and distributed processing frameworks-based DDoS attack detection systems analyzed network flows in offline batch processing. Hence, they failed to classify network flows in real-time. This paper proposes a novel Spark Streaming and Kafka-based distributed classification system, named by SSK-DDoS, for classifying different types of DDoS attacks and legitimate network flows. This classification approach is implemented using a distributed Spark MLlib machine learning algorithms on a Hadoop cluster and deployed on the Spark streaming platform to classify streams in real-time. The incoming streams consume by Kafka’s topic to perform preprocessing tasks such as extracting and formulating features for classifying them into seven groups: Benign, DDoS-DNS, DDoS-LDAP, DDoS-MSSQL, DDoS-NetBIOS, DDoS-UDP, and DDoS-SYN. Further, the SSK-DDoS classification system stores formulated features with their predicted class into the HDFS that will help to retrain the distributed classification approach using a new set of samples. The proposed SSK-DDoS classification system has been validated using the recent CICDDoS2019 dataset. The results show that the proposed SSK-DDoS efficiently classified network flows into seven classes and stored formulated features with the predicted value of each incoming network flow into HDFS.

show abstract

Section: Related Workmentioning

confidence: 99%

SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks

2022

View full text Add to dashboard Cite

show abstract

“…Selvakumar et al [34] combined filtered and wrapped methods on the KDD Cup99 dataset and finally used the selected 10 features to improve the detection performance while reducing the computation time. Kshirsagar et al [35] combined information gain and correlation by selecting 0, 0.25, and 0.5 thresholds, union features greater than 0.5, intersecting features between 0.25 and 0.5, removing features less than 0.25, and finally merging to obtain the selected subset. Krishnaveni et al [21] used a univariate integrated feature selection technique combined with the majority voting for validation on the NSL-KDD dataset, based on 10-100% of the different proportions selected for the experiment, and the accuracy and stability were improved.…”

Section: Related Workmentioning

confidence: 99%

“…It is also evident that the designed feature selection approach is critical for increasing the efficiency of large data detection. In previous problems of selecting the number of subsets for features, in the face of filtered and embedded methods, many used artificially set ratios to select features or those based on fixed thresholds [18,20,[33][34][35][36][37]. Such methods are significantly subjective and require empirical knowledge, and they do not adequately consider the applicability to different scenarios.…”

Section: Automatic Feature Selection Performance Analysismentioning

confidence: 99%

An Effective Ensemble Automatic Feature Selection Method for Network Intrusion Detection

Zhang

2022

Information

View full text Add to dashboard Cite

The mass of redundant and irrelevant data in network traffic brings serious challenges to intrusion detection, and feature selection can effectively remove meaningless information from the data. Most current filtered and embedded feature selection methods use a fixed threshold or ratio to determine the number of features in a subset, which requires a priori knowledge. In contrast, wrapped feature selection methods are computationally complex and time-consuming; meanwhile, individual feature selection methods have a bias in evaluating features. This work designs an ensemble-based automatic feature selection method called EAFS. Firstly, we calculate the feature importance or ranks based on individual methods, then add features to subsets sequentially by importance and evaluate subset performance comprehensively by designing an NSOM to obtain the subset with the largest NSOM value. When searching for a subset, the subset with higher accuracy is retained to lower the computational complexity by calculating the accuracy when the full set of features is used. Finally, the obtained subsets are ensembled, and by comparing the experimental results on three large-scale public datasets, the method described in this study can help in the classification, and also compared with other methods, we discover that our method outperforms other recent methods in terms of performance.

show abstract

“…Simple Service Discovery Protocol (SSDP) [2] amplification floods can be sent to a target system using Universal Plug and Play (UPnP) devices which can access the network devices. Microsoft SQL (MSSQL) [3] Server Resolution protocol is used for database instance enumeration service. The service is vulnerable to reflection-based DDoS attacks.…”

Section: Reflection-based Ddos Attacksmentioning

confidence: 99%

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Dasari¹,

Devarakonda²

2021

ISI

View full text Add to dashboard Cite

Cyber attacks are one of the world's most serious challenges nowadays. A Distributed Denial of Service (DDoS) attack is one of the most common cyberattacks that has affected availability, which is one of the most important principles of information security. It leads to so many negative consequences in terms of business, production, reputation, data theft, etc. It shows the importance of effective DDoS detection mechanisms to reduce losses. In order to detect DDoS attacks, statistical and data mining methods have not been given good accuracy values. Researchers get good accuracy values while detecting DDoS attacks by using classification algorithms. But researchers, use individual classification algorithms on generalized DDoS attacks. This study used six machine learning classification algorithms to detect eleven different DDoS attacks on different DDoS attack datasets. We used the CICDDoS2019 dataset which is collected from the Canadian Institute of Cyber security in this study. It contains eleven different DDoS attack datasets in CSV file format. On each DDoS attack, we evaluated the effectiveness of the classification methods Logistic regression, Decision tree, Random Forest, Ada boost, KNN, and Naive Bayes, and determined the best classification algorithms for detection.

show abstract

A feature reduction based reflected and exploited DDoS attacks detection system

Cited by 51 publications

References 40 publications

SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks

SSK-DDoS: distributed stream processing framework based classification system for DDoS attacks

An Effective Ensemble Automatic Feature Selection Method for Network Intrusion Detection

Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms

Contact Info

Product

Resources

About