Detection of DDoS Attacks in Software Defined Network using Decision Tree

Kousar, Heena; Mulla, Mohammed Moin; Shettar, Pooja; Narayan, D. G.

doi:10.1109/csnt51715.2021.9509634

Cited by 23 publications

(14 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…For example, CLOSED means all active links are closed; LISTEN signifies waiting for new requests; and ESTABLISHED means the connection is established. These states can be obtained through traffic analysis tools like TShark or CICFlowMeter [ 43 ]. However, the acquired elements are of type string and hard to use for training directly.…”

Section: Methodsmentioning

confidence: 99%

See 1 more Smart Citation

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

Guo¹,

Qiu²,

Liu³

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

Distributed denial of service (DDoS) attacks are the most common means of cyberattacks against infrastructure, and detection is the first step in combating them. The current DDoS detection mainly uses the improvement or fusion of machine learning and deep learning methods to improve classification performance. However, most classifiers are trained with statistical flow features as input, ignoring topological connection changes. This one-sidedness affects the detection accuracy and cannot provide a basis for the distribution of attack sources for defense deployment. In this study, we propose a topological and flow feature-based deep learning method (GLD-Net), which simultaneously extracts flow and topological features from time-series flow data and exploits graph attention network (GAT) to mine correlations between non-Euclidean features to fuse flow and topological features. The long short-term memory (LSTM) network connected behind GAT obtains the node neighborhood relationship, and the fully connected layer is utilized to achieve feature dimension reduction and traffic type mapping. Experiments on the NSL-KDD2009 and CIC-IDS2017 datasets show that the detection accuracy of the GLD-Net method for two classifications (normal and DDoS flow) and three classifications (normal, fast DDoS flow, and slow DDoS flow) reaches 0.993 and 0.942, respectively. Compared with the existing DDoS attack detection methods, its average improvement is 0.11 and 0.081, respectively. In addition, the correlation coefficient between the detection accuracy of attack flow and the four source distribution indicators ranges from 0.7 to 0.83, which lays a foundation for the inference of attack source distribution. Notably, we are the first to fuse topology and flow features and achieve high-performance DDoS attack intrusion detection through graph-style neural networks. This study has important implications for related research and development of network security systems in other fields.

show abstract

Section: Methodsmentioning

confidence: 99%

“…ese states can be obtained through traffic analysis tools like TShark or CICFlowMeter [43]. However, the acquired elements are of type string and hard to use for training directly.…”

Section: Feature Extractionmentioning

confidence: 99%

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

Guo¹,

Qiu²,

Liu³

et al. 2022

Computational Intelligence and Neuroscience

View full text Add to dashboard Cite

show abstract

“…Kousar et al [11] proposed a decision tree-based model to detect DDoS attacks in SDN environment. The proposed model focus on attacks that is used to flood the SDN controller.…”

Section: Related Workmentioning

confidence: 99%

“…The authors reported a classification accuracy of 99.99% using the decision tree approach compared to the other ML approach used in their experiment. One of the advantages of the model reported in [11] its ability to detects attacks in a software defined environment which is much complex compares to the IoT environment. Although the work in [11] only apply the binary classification in its detection engine.…”

Section: Related Workmentioning

confidence: 99%

“…One of the advantages of the model reported in [11] its ability to detects attacks in a software defined environment which is much complex compares to the IoT environment. Although the work in [11] only apply the binary classification in its detection engine. In addition, the resource computational requirements in software defined environments are higher compared to IoT environments.…”

Section: Related Workmentioning

confidence: 99%

See 1 more Smart Citation

Distributed Denial of Service Attack Detection and Prevention Model for IoT based Computing Environment using Ensemble Machine Learning Approach

Ogini¹,

Adigwe²,

Ogwara³

2022

IJNSA

View full text Add to dashboard Cite

Defending against Distributed Denial of Service (DDoS) in the Internet of Things (IoT) computing environment is a challenging task. DDoS attacks are type of collective attack in which attackers work together to compromise internet security and services. The resource-constrained devices used in IoT deployments have made it even easier for an attacker to break, because of the vast number of vulnerable IoT devices with significant compute power. This paper proposed an ensemble machine learning (ML) model using the bagging technique to detect and prevent DDoS attacks in the IoT computing environment. We carried out an Machine Learning experiment and evaluated our proposed model with the most recent DDoS attacks (CICDoS2019) dataset. We use seven validation metrics (classification accuracy, precision rate, recall rate, f1-score, Matthews Correlation Coefficient, false negative rate and false positive rate) to evaluate the performance of the proposed model. The results obtained in our experiment shows an improved performance with an overall maximum classification accuracy of 99.75%, precision rate of 99.99%, recall rate of 99.76%, f1-score of 99.87%, Matthews Correlation Coefficient of 0.000000214, false negative rate of 0.24% and 4.42% false positive rate.

show abstract

Secure SDN–IoT Framework for DDoS Attack Detection Using Deep Learning and Counter Based Approach

Cherian

Varma

2023

J Netw Syst Manage

View full text Add to dashboard Cite

Detection of DDoS Attacks in Software Defined Network using Decision Tree

Cited by 23 publications

References 4 publications

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

GLD-Net: Deep Learning to Detect DDoS Attack via Topological and Traffic Feature Fusion

Distributed Denial of Service Attack Detection and Prevention Model for IoT based Computing Environment using Ensemble Machine Learning Approach

Secure SDN–IoT Framework for DDoS Attack Detection Using Deep Learning and Counter Based Approach

Contact Info

Product

Resources

About