Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Filho, Francisco Sales de Lima; Silveira, Frederico Augusto Fernandes; Júnior, Agostinho de Medeiros Brito; Vargas-Solar, Genoveva; Silveira, Luiz F. Q.

doi:10.1155/2019/1574749

Cited by 186 publications

(98 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…To overcome this problem we need to tune these algorithms more using other datasets with different attack scenarios. Comparing our results to other solutions that are using the CIC-DDoS2019 dataset such as [46,47], we can see that our results are among higher values with a percentage over 90 and in some cases even higher. But comparing our results with some other research results is not valid in our case, because we have shown here if we have any three algorithms, whether they are giving better or worse results, we are going to get better results than each of them individually.…”

Section: Discussionmentioning

confidence: 56%

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Babic¹,

Miljković²,

Čabarkapa

et al. 2021

Symmetry

View full text Add to dashboard Cite

This paper presents a novel approach for an Intrusion Detection System (IDS) based on one kind of asymmetric optimization which use any three already well-known IDS algorithms and Triple Modular Redundancy (TMR) algorithm together. Namely, a variable threshold which indicates an attack on an observed and protected network is determined by using all three values obtained with three known IDS algorithms i.e., on previously recorded data by making a decision by majority. For these algorithms authors used algorithm of k-nearest neighbors, cumulative sum algorithm, and algorithm of exponentially weighted moving average. Using a proposed method we can get a threshold that is more precisely determined than in the case of any method individual. Practically, using TMR we obtain a dynamically threshold adjustment of IDS software, which reduces the existence of false alarms and undetected attacks, so the efficiency of such IDS software is notably higher and can get better results. Today, Denial of Service attacks (DoS) are one of the most present type of attacks and the reason for the special attention paid to them in this paper. In addition, the authors of the proposed method for IDS software used a known CIC-DDoS2019 dataset, which contains various data recordings of such attacks. Obtained results with the proposed solution showed better characteristics than each individual used algorithm in this solution. IDS software with the proposed method worked precisely and timely, which means alarms were triggered properly and efficiently.

show abstract

Section: Discussionmentioning

confidence: 56%

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Babic¹,

Miljković²,

Čabarkapa

et al. 2021

Symmetry

View full text Add to dashboard Cite

show abstract

“…Accuracy (Acc), detection rate (DR) and false alarm rate (FAR) are the assessed metrics. Detailed explanation about these metrics can be found in [6].…”

Section: A Resultsmentioning

confidence: 99%

“…, M mb . If the (R + 1)-th mode unfolding matrices in (6) are represented as a function of its rows and replace the Hadamard product by the dot product, such equation can be rewritten as…”

Section: B Proposed Mlp Architecturementioning

confidence: 99%

Noise-Robust Multilayer Perceptron Architecture for Distributed Denial of Service Attack Detection

et al. 2021

View full text Add to dashboard Cite

Distributed Denial of Service (DDoS) attacks are one of the most challenging security threats, since a single victim is attacked by several compromised malicious nodes. As a consequence, legitimate end users can be prevented to access network resources. This letter proposes a noise-robust multilayer perceptron (MLP) architecture for DDoS attack detection trained with corrupted data. In the proposed approach, the average value of the common features among dataset instances is iteratively filtered out by applying Higher Order Singular Value Decomposition (HOSVD) based techniques. The effectiveness of the proposed architecture is validated through comparison with state-of-the-art methods.

show abstract

“…Hosseini and Azizi [ 13 ] proposed a hybrid framework based on a data stream approach for DDoS attack detection where the computational load is divided between the client and proxy side. Next, Lima Filho et al [ 14 ] proposed a random forest-based DDoS detection system in which several volumetric attacks, such as Transmission Control Protocol (TCP) flood, User Datagram Protocol (UDP) flood, and Hyper Text Transfer Protocol (HTTP) flood, are early identified. Finally, Wang et al [ 6 ] proposed a method for detecting DDoS attacks in which the optimal features are obtained by combining feature selection and multilayer perceptron (MLP) classification algorithm.…”

Section: Related Workmentioning

confidence: 99%

“…Such a matrix is forwarded to the ML classification algorithm for classification tasks, where the predicted class label vector

is computed. Since decision tree, random forest and gradient boosting algorithms present considerable results in network intrusion detection problems, they are adopted in this paper for classifying the network traffic data [ 14 ].…”

Section: Proposed Average Common Feature Extraction Technique For mentioning

confidence: 99%

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Maranhão

Costa

Freitas

et al. 2020

Sensors

View full text Add to dashboard Cite

In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.

show abstract

Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning

Cited by 186 publications

References 39 publications

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Triple Modular Redundancy Optimization for Threshold Determination in Intrusion Detection Systems

Noise-Robust Multilayer Perceptron Architecture for Distributed Denial of Service Attack Detection

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

Contact Info

Product

Resources

About