Modeling of low-rate DDoS-attacks

Tarasov, Yaroslav; Pakulova, Ekaterina; Basov, Oleg

doi:10.1145/3357613.3357638

Cited by 2 publications

(2 citation statements)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A LR-DDoS can be broadly characterized by four parameters [19], [20], namely: T a is the attack period (frequency for sending malicious packets), T b is the burst width (time duration of the attacking pulse), R b is the attack burst rate (amount of traffic), and s is the starting time of the attack. This also implies that such an attack can be identified using the source IP and port, destination IP and port, and the protocol used in the attack.…”

Section: A Low-rate Dos Attacksmentioning

confidence: 99%

A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning

et al. 2020

View full text Add to dashboard Cite

While there have been extensive studies of denial of service (DoS) attacks and DDoS attack mitigation, such attacks remain challenging to mitigate. For example, Low-Rate DDoS (LR-DDoS) attacks are known to be difficult to detect, particularly in a software-defined network (SDN). Hence, in this paper we present a flexible modular architecture that allows the identification and mitigation of LR-DDoS attacks in SDN settings. Specifically, we train the intrusion detection system (IDS) in our architecture using six machine learning (ML) models (i.e., J48, Random Tree, REP Tree, Random Forest, Multi-Layer Perceptron (MLP), and Support Vector Machines (SVM)) and evaluate their performance using the Canadian Institute of Cybersecurity (CIC) DoS dataset. The findings from the evaluation demonstrate that our approach achieves a detection rate of 95%, despite the difficulty in detecting LR-DoS attacks. We also remark that in our deployment, we use the open network operating system (ONOS) controller running on Mininet virtual machine in order for our simulated environment to be as close to real-world production networks as possible. In our testing topology, the intrusion prevention detection system mitigates all attacks previously detected by the IDS system. This demonstrates the utility of our architecture in identifying and mitigating LR-DDoS attacks. INDEX TERMS DDoS attack mitigation, Low-rate DDoS (LR-DDoS) attacks, Machine learning, Software-defined network (SDN).

show abstract

Section: A Low-rate Dos Attacksmentioning

confidence: 99%

A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning

et al. 2020

View full text Add to dashboard Cite

show abstract

“…There are multiple methods of attacks that can lead to denial of service. The following two types were chosen: Denial-of-Service using SlowLoris [ 34 ]: this type of DoS attack opens many HTTP connections to the target and sends incomplete, but legitimate HTTP requests or responses to the target in a very slow manner, keeping the connection alive for a long period of time. Since the HTTP messages are correct and not delivered very fast, they result in flooding the target (as most Denial-of-Service attacks work).…”

Section: Proposition Of the Roedunet2021 Datasetmentioning

confidence: 99%

The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

Mihailescu

Mihai

Carabaș

et al. 2021

Sensors

View full text Add to dashboard Cite

Cybersecurity is an arms race, with both the security and the adversaries attempting to outsmart one another, coming up with new attacks, new ways to defend against those attacks, and again with new ways to circumvent those defences. This situation creates a constant need for novel, realistic cybersecurity datasets. This paper introduces the effects of using machine-learning-based intrusion detection methods in network traffic coming from a real-life architecture. The main contribution of this work is a dataset coming from a real-world, academic network. Real-life traffic was collected and, after performing a series of attacks, a dataset was assembled. The dataset contains 44 network features and an unbalanced distribution of classes. In this work, the capability of the dataset for formulating machine-learning-based models was experimentally evaluated. To investigate the stability of the obtained models, cross-validation was performed, and an array of detection metrics were reported. The gathered dataset is part of an effort to bring security against novel cyberthreats and was completed in the SIMARGL project.

show abstract

Modeling of low-rate DDoS-attacks

Cited by 2 publications

References 5 publications

A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning

A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning

The Proposition and Evaluation of the RoEduNet-SIMARGL2021 Network Intrusion Detection Dataset

Contact Info

Product

Resources

About