Your search keyword '"Horng, Mong-Fong"' showing total 4 results

1. Detection of Unknown DDoS Attack Using Modified Dynamic High-Resolution Network

Author

Shieh, Chin-Shiuh, Nguyen, Thanh-Tuan, Chen, Chun-Yueh, Nguyen, Thanh-Vinh, Horng, Mong-Fong, Chao, Ying-Chieh, Howlett, Robert J., Series Editor, Jain, Lakhmi C., Series Editor, Kondo, Kazuhiro, editor, Horng, Mong-Fong, editor, Pan, Jeng-Shyang, editor, and Hu, Pei, editor

Published

2023

2. Detection of Unknown DDoS Attack Using Convolutional Neural Networks Featuring Geometrical Metric.

Author

Shieh, Chin-Shiuh, Nguyen, Thanh-Tuan, and Horng, Mong-Fong

Subjects

DENIAL of service attacks, SUPERVISED learning, CONVOLUTIONAL neural networks, MACHINE learning, DEEP learning, GEOMETRICAL constructions

Abstract

DDoS attacks remain a persistent cybersecurity threat, blocking services to legitimate users and causing significant damage to reputation, finances, and potential customers. For the detection of DDoS attacks, machine learning techniques such as supervised learning have been extensively employed, but their effectiveness declines when the framework confronts patterns exterior to the dataset. In addition, DDoS attack schemes continue to improve, rendering conventional data model-based training ineffectual. We have developed a novelty open-set recognition framework for DDoS attack detection to overcome the challenges of traditional methods. Our framework is built on a Convolutional Neural Network (CNN) construction featuring geometrical metric (CNN-Geo), which utilizes deep learning techniques to enhance accuracy. In addition, we have integrated an incremental learning module that can efficiently incorporate novel unknown traffic identified by telecommunication experts through the monitoring process. This unique approach provides an effective solution for identifying and alleviating DDoS. The module continuously improves the model's performance by incorporating new knowledge and adapting to new attack patterns. The proposed model can detect unknown DDoS attacks with a detection rate of over 99% on conventional attacks from CICIDS2017. The model's accuracy is further enhanced by 99.8% toward unknown attacks with the open datasets CICDDoS2019. [ABSTRACT FROM AUTHOR]

Published

2023

3. Detection of Unknown DDoS Attack Using Reconstruct Error and One-Class SVM Featuring Stochastic Gradient Descent.

Author

Shieh, Chin-Shiuh, Nguyen, Thanh-Tuan, Chen, Chun-Yueh, and Horng, Mong-Fong

Subjects

DENIAL of service attacks, SUPERVISED learning, DEEP learning, ARTIFICIAL intelligence, SUPPORT vector machines, MACHINE learning

Abstract

The network system has become an indispensable component of modern infrastructure. DDoS attacks and their variants remain a potential and persistent cybersecurity threat. DDoS attacks block services to legitimate users by incorporating large amounts of malicious traffic in a short period or depleting system resources through methods specific to each client, causing the victim to lose reputation, finances, and potential customers. With the advancement and maturation of artificial intelligence technology, machine learning and deep learning are widely used to detect DDoS attacks with significant success. However, traditional supervised machine learning must depend on the categorized training sets, so the recognition rate plummets when the model encounters patterns outside the dataset. In addition, DDoS attack techniques continue to evolve, rendering training based on conventional data models unable to meet contemporary requirements. Since closed-set classifiers have excellent performance in cybersecurity and are quite mature, this study will investigate the identification of open-set recognition issues where the attack pattern does not accommodate the distribution learned by the model. This research proposes a framework that uses reconstruction error and distributes hidden layer characteristics to detect unknown DDoS attacks. This study will employ deep hierarchical reconstruction nets (DHRNet) architecture and reimplement it with a 1D integrated neural network employing loss function combined with spatial location constraint prototype loss (SLCPL) as a solution for open-set risks. At the output, a one-class SVM (one-class support vector machine) based on a random gradient descent approximation is used to recognize the unknown patterns in the subsequent stage. The model achieves an impressive detection rate of more than 99% in testing. Furthermore, the incremental learning module utilizing unknown traffic labeled by telecom technicians during tracking has enhanced the model's performance by 99.8% against unknown threats based on the CICIDS2017 Friday open dataset. [ABSTRACT FROM AUTHOR]

Published

2023

4. Detection of Unknown DDoS Attacks with Deep Learning and Gaussian Mixture Model.

Author

Shieh, Chin-Shiuh, Lin, Wan-Wei, Nguyen, Thanh-Tuan, Chen, Chi-Hong, Horng, Mong-Fong, and Miu, Denis

Subjects

GAUSSIAN mixture models, DENIAL of service attacks, DEEP learning, COMPUTER network security, MACHINE learning, TRAFFIC engineering

Abstract

DDoS (Distributed Denial of Service) attacks have become a pressing threat to the security and integrity of computer networks and information systems, which are indispensable infrastructures of modern times. The detection of DDoS attacks is a challenging issue before any mitigation measures can be taken. ML/DL (Machine Learning/Deep Learning) has been applied to the detection of DDoS attacks with satisfactory achievement. However, full-scale success is still beyond reach due to an inherent problem with ML/DL-based systems—the so-called Open Set Recognition (OSR) problem. This is a problem where an ML/DL-based system fails to deal with new instances not drawn from the distribution model of the training data. This problem is particularly profound in detecting DDoS attacks since DDoS attacks' technology keeps evolving and has changing traffic characteristics. This study investigates the impact of the OSR problem on the detection of DDoS attacks. In response to this problem, we propose a new DDoS detection framework featuring Bi-Directional Long Short-Term Memory (BI-LSTM), a Gaussian Mixture Model (GMM), and incremental learning. Unknown traffic captured by the GMM are subject to discrimination and labeling by traffic engineers, and then fed back to the framework as additional training samples. Using the data sets CIC-IDS2017 and CIC-DDoS2019 for training, testing, and evaluation, experiment results show that the proposed BI-LSTM-GMM can achieve recall, precision, and accuracy up to 94%. Experiments reveal that the proposed framework can be a promising solution to the detection of unknown DDoS attacks. [ABSTRACT FROM AUTHOR]

Published

2021