Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Cheng, Jieren; Zhang, Chen; Tang, Xiangyan; Sheng, Victor S.; Dong, Zhe; Li, Junqi

doi:10.1155/2018/5198685

Cited by 24 publications

(12 citation statements)

References 45 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Second, the next is setting the port number on the network that is allowed to communicate using the TCP protocol and receiving TCP packets that originate from that port number. The port numbers that allowed in this research are 20,21,22,25,53,80,110,143,443,465,587,993 and 995. For this reason, the port numbers are entered in the TCP_IN line (TCP_IN = "20, 21,22,25,53, 80, 110,143,443,465,587,993,995 ").…”

Section: Testing and Results Using Csf With Spi Methodsmentioning

confidence: 99%

“…As for receiving TCP packets from allowed port numbers, this is done via the TCP_OUT line. In this research, the number of ports allowed for sending TCP packets is 20,21,22,25,53,80,110,113,443,587,993,995, so the setting is TCP_OUT="20, 21,22,25,53,80,110,113,443,587,993,995". The same is done for sending and receiving UDP packets for allowed port numbers.…”

Section: Testing and Results Using Csf With Spi Methodsmentioning

confidence: 99%

“…Shaar and Efe published their result of survey that discuss in detail the classification of DDoS attacks threatening the cloud computing components and make analysis and assessments on the emerging usage of cloud infrastructures that poses both advantages and risks [21]. Cheng, et al, propose an Adaptive DDoS Attack Detection Method (ADADM) based on Multiple Kernel Learning (MKL) [22]. Nathiya in his paper describe about The DDOS attack, DDOS attack architecture and DDOS attack various technologies, mitigation of DDOS, countermeasures of DDOS attack, how to process hardware checking methods and to detect and preventing DDOS attacks in tools [23].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

Pratama

2020

Bulletin of Comp. Sci. & Electr. Eng.

View full text Add to dashboard Cite

TCP SYN Flood as one kind of Denial of Service (DoS) attack, still popular to flood the server connection, by sending SYN packets to the target. Because of the risk caused by this attack, there is a need for a network security mechanism. In this paper, one of the security mechanisms proposed is using Stateful Packet Inspection (SPI) method on Configserver Security and Firewall (CSF). By using SPI method, CSF has capabilities to responsible for separating packets of data, that may be entered with data packets that should not be entered into the server. For example: port to be opened, port closed, and IP Address that may access the server for anywhere. This paper combines both of CSF and SPI method to prevent TCP SYN Flood (DoS) with Proof of Concept (PoC) at the Linux operating system. The security process is done in 3 ways: configuring a maximum connection from an IP Address to a server, securing an incoming SYN packet per second, and counting how many times an IP Address violates the minimum SYN packet rule per second before being blocked by a firewall.

show abstract

Section: Testing and Results Using Csf With Spi Methodsmentioning

confidence: 99%

Section: Testing and Results Using Csf With Spi Methodsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

Pratama

2020

Bulletin of Comp. Sci. & Electr. Eng.

View full text Add to dashboard Cite

show abstract

“…An adaptive DDoS attack detection method based on multiple kernel learning is proposed in [15]. A powerful feature extraction algorithm is used to extract five features from the traffic to detect attack traffic.…”

Section: A Thresholding Approachmentioning

confidence: 99%

Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks

Alamri

Thayananthan

2020

IEEE Access

View full text Add to dashboard Cite

Software-Defined Networking (SDN) is an emerging network architecture that addresses the limitation of the traditional network by providing centralized management through a central controller that decouples the control and data planes. However, this development has made the controller a severe target for malicious users to execute attacks such as Distributed Denial of Service (DDoS) attacks. Several schemes have been proposed to mitigate DDoS attacks in SDN, but the challenges still exist. This paper proposes a DDoS mitigation scheme for SDN to ensure accurate attack detection and efficient network resource utilization. The scheme employs two stages: a bandwidth control mechanism and Extreme Gradient Boosting (XGBoost) Algorithm. The bandwidth control mechanism utilizes an adaptive bandwidth profile-based threshold and bandwidth control algorithm that trigger the XGBoost algorithm in case of threshold violations. The use of multiple bandwidth profiles in stetting the threshold ensures the threshold's adaptivity to consider the network traffic variation and reduce the packets drop ratio, which shows an outstanding result. The XGBoost algorithm classifies network traffic flow that violates a set threshold into normal or abnormal traffic. We evaluated the performance of our scheme using CICDDoS2019, NSL-KDD, and CAIDA datasets. Furthermore, we validated our proposed solution in real-time with the SDN environment. The results obtained show that our scheme protects SDN against DDoS attacks with high accuracy, low error, and efficient utilization of the network resources. The proposed system achieved 99.9% accuracy in detecting DDoS attacks with a low false-positive rate of 0.0002% in SDN.

show abstract

“…Moreover, a hyper parameter selection method was proposed by Siqi W et al, [12] for self-adaptive data shifting. And a change-point DDoS attack detection method based on half interaction anomaly degree was presented [13]. Recently, an abnormal network flow based DDoS detection method was presented [14], which showed a better performance among other existing methods.…”

mentioning

confidence: 99%

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Cheng

Wang

et al. 2019

Symmetry

Self Cite

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) has developed multiple variants, one of which is Distributed Reflective Denial of Service (DRDoS). With the increasing number of Internet of Things (IoT) devices, the threat of DRDoS attack is growing, and the damage of a DRDoS attack is more destructive than other types. The existing DDoS detection methods cannot be generalized in DRDoS early detection, which leads to heavy load or degradation of service when deployed at the final point. In this paper, we propose a DRDoS detection and defense method based on deep forest model (DDDF), and then we integrate differentiated service into defense model to filter out DRDoS attack flow. Firstly, from the statistics perspective on different stages of DRDoS attack flow in the big data environment, we extract a host-based DRDoS threat index (HDTI) from the network flows. Secondly, using the HDTI feature we build a DRDoS detection and defense model based on the deep forest, which consists of 1 extreme gradient boost (XGBoost) forest estimator, 2 random forest estimators, and 2 extra random forest estimators in each layer. Lastly, the differentiated service procedure applies the detection result from DDDF to drop the traffic identified in different stages and different detection points. Theoretical analysis and experiments show that the method we proposed can effectively identify DRDoS attack with higher detection rate and a lower false alarm rate, the defense model also shows distinguishing ability to effectively eliminate the DRDoS attack flows, and dramatically mitigate the damage of a DRDoS attack.Symmetry 2019, 11, 78 2 of 22 access requests, and the internal server or devices reflecting more packets, the DRDoS attack brings the danger of congestion effectively, and the high accessibility of conducting such attacks is achieved due to the easy-use tools and relatively low cost.In 26 September 2016, and 21 October 2016, the network in the United States was also attacked by DRDoS, the attackers unitized tens of millions of webcams and digital video recorders (DVR), sending packets to the Internet service provider (ISP), causing over 1200 websites, including Twitter, Amazon, Reddit, and Netflix to be inaccessible for millions of Internet users. Moreover, the DRDoS attacks witnessed this year have the trend to be more dedicated and sophisticated with higher diversities, as a consequence, a swift, smart and solid cyber-attack detection mechanism is needed for security control for the increasingly vulnerable network.The rest of the paper is organized as follows. Related work is discussed in Section 2. In Section 3, we analyze the feature of general type DRDoS attack as the base theorem for the method we proposed in Section 4, where we will introduce the algorithm of the DRDoS detection method and characterized each part of it. We will then introduce the deep forest model for classification and apply differentiated service in the defense method. And we define differentiated service as a procedure that implements a simple and scalable mechani...

show abstract

Adaptive DDoS Attack Detection Method Based on Multiple-Kernel Learning

Cited by 24 publications

References 45 publications

TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

TCP SYN Flood (DoS) Attack Prevention Using SPI Method on CSF: A PoC

Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks

A DRDoS Detection and Defense Method Based on Deep Forest in the Big Data Environment

Contact Info

Product

Resources

About