Two-Stage Intelligent Model for Detecting Malicious DDoS Behavior

Li, Man; Zhou, Huachun; Qin, Yajuan

doi:10.3390/s22072532

Cited by 18 publications

(13 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We use tools and scripts to simulate attacks and normal flow [ 5 ], shown as Table 2 . For example, SlowHTTPTest is used to simulate slow headers, slow body, and slow headers belong to LDDoS attacks by setting the content length of the application layer to be large or the sending rate parameter to be lower than the expected rate, so as to continuously occupy HTTP connection sessions.…”

Section: Multi-domain Ddos Detection Methods Based On Trusted Flmentioning

confidence: 99%

“…From the perspective of detection methods, these methods can be divided into supervised ML or unsupervised ML [ 19 ], offline detection or real-time online detection [ 20 ]. In addition, the existing DDoS detection methods [ 5 , 6 , 7 , 8 , 21 , 22 ] only aim at a specific category of attack, such as application layer DDoS attack, and lack a comprehensive method to detect different categories of DDoS as a whole. In a word, the above methods usually require a large number of training sets, especially for the purpose of achieving a variety of attack categories, so the ML model trained in a single domain is difficult to achieve high detection ability.…”

Section: Related Workmentioning

confidence: 99%

“…With the rapid development of 5G, network security problems are becoming increasingly serious, and a DDoS (distributed denial of service) attack is destructive, particularly [ 1 , 2 , 3 ]. DDoS attacks can be divided into different sub-attacks according to different perspectives [ 4 ], such as network layer DDoS attacks [ 5 ], application layer DDoS attacks [ 6 ], DRDoS (reflective DDoS) attacks [ 7 ], LDDoS (low-rate DDoS) attacks [ 8 ] and botnet DDoS attacks [ 9 ]. Due to the wide variety of DDoS attacks, the types of attack dataset collected by a single user is often not comprehensive, and the detection model trained based on this dataset has certain limitations.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Trusted Multi-Domain DDoS Detection Based on Federated Learning

Yin

Hong-jun

2022

Sensors

View full text Add to dashboard Cite

Aiming at the problems of single detection target of existing distributed denial of service (DDoS) attacks, incomplete detection datasets and privacy caused by shared datasets, we propose a trusted multi-domain DDoS detection method based on federated learning. Firstly, we divide the types of DDoS attacks into different sub-attacks, design the federated learning dataset for DDoS detection in each domain, and use them to realize a more comprehensive detection method of DDoS attacks on the premise of protecting the data privacy of each domain. Secondly, in order to improve the robustness of federated learning and alleviate poisoning attack, we propose a reputation evaluation method based on blockchain, which estimates interaction reputation, data reputation and resource reputation of each participant comprehensively, so as to obtain the trusted federated learning participants and identify the malicious participants. In addition, we also propose a combination scheme of multi-domain detection and distributed knowledge base and design a feature graph of malicious behavior based on a knowledge graph to realize the memory of multi-domain feature knowledge. The experimental results show that the accuracy of most categories of the multi-domain DDoS detection method can reach more than 95% with the protection of datasets, and the reputation evaluation method proposed in this paper has a higher ability to identify malicious participants against the data poisoning attack when the threshold is set to 0.6.

show abstract

Section: Multi-domain Ddos Detection Methods Based On Trusted Flmentioning

confidence: 99%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Trusted Multi-Domain DDoS Detection Based on Federated Learning

Yin

Hong-jun

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…User traffic detection is another important way to improve network security. According to the way of traffic detection, it can be divided into methods-based statistical methods and methods based on machine learning methods [24]. In recent years, the development of blockchain has enabled more and more scholars to build detection models in blockchain networks based on existing traffic detection technologies.…”

Section: Blockchain-based Traffic Detection Methodmentioning

confidence: 99%

A Blockchain-Enabled Trusted Protocol Based on Whole-Process User Behavior in 6G Network

Zhou

et al. 2022

Security and Communication Networks

Self Cite

View full text Add to dashboard Cite

The access of massive users and devices in the 6G networks increases the risk of network attacks. Designing a trusted protocol to control user behavior can effectively improve the security capability of the network. However, most of the existing trusted protocols focus on unilateral user behavior and lack effective control over the whole process of user behavior. In this paper, we design a blockchain-enabled trusted protocol based on the whole-process user behavior. At first, we describe the Whole-Process User Behavior (WPUB) after the user accesses the network, and model the whole-process trusted control process. The proposed model establishes a trusted chain between user identity, access action, and communication traffic, and realizes the control of WPUB. Then, based on the proposed model, we design a whole-process trusted protocol with smart agents and smart contracts in combination with blockchain. Finally, we evaluate the designed protocol in the HyperLedger Fabric-based prototype system. Evaluations show that the proposed protocol can control the WPUB and reduce the risk of the network being attacked.

show abstract

“…For example, in [ 26 ], the author built self-generated dataset by simulating traffic attacks on an experimental platform, used it to train neural networks, combined the trained model and statistics detection model to detect network traffic, and reported detection results in real time. This method is well suited for deployment in our system.…”

Section: Module Designmentioning

confidence: 99%

Blockchain-Based Access Control and Behavior Regulation System for IoT

Song

Qin

2022

Sensors

View full text Add to dashboard Cite

With the development of 5G and the Internet of things (IoT), the multi-domain access of massive devices brings serious data security and privacy issues. At the same time, most access systems lack the ability to identify network attacks and cannot adopt dynamic and timely defenses against various security threats. To this end, we propose a blockchain-based access control and behavior regulation system for IoT. Relying on the attribute-based access control model, this system deploys smart contracts on the blockchain to achieve distributed and fine-grained access control and ensures that the identity and authority of access users can be trusted. At the same time, an inter-domain communication mechanism is designed based on the locator/identifier separation protocol and ensures the traffic of access users are authorized. A feedback module that combines traffic detection and credit evaluation is proposed, ensuring real-time detection and fast, proactive responses against malicious behavior. Ultimately, all modules are linked together through workflows to form an integrated security model. Experiments and analysis show that the system can effectively provide comprehensive security protection in IoT scenarios.

show abstract

Two-Stage Intelligent Model for Detecting Malicious DDoS Behavior

Cited by 18 publications

References 37 publications

Trusted Multi-Domain DDoS Detection Based on Federated Learning

Trusted Multi-Domain DDoS Detection Based on Federated Learning

A Blockchain-Enabled Trusted Protocol Based on Whole-Process User Behavior in 6G Network

Blockchain-Based Access Control and Behavior Regulation System for IoT

Contact Info

Product

Resources

About