Your search keyword '"DDoS attacks"' showing total 610 results

1. Kafka‐Shield: Kafka Streams‐based distributed detection scheme for IoT traffic‐based DDoS attacks.

Author

Shukla, Praveen, Krishna, C. Rama, and Patil, Nilesh Vishwasrao

Subjects

*DENIAL of service attacks, *SMART devices, *INTERNET of things, *MACHINE learning, *RESEARCH personnel

Abstract

With the rapid proliferation of insecure Internet of Things (IoT) devices, the security of Internet‐based applications and networks has become a prominent concern. One of the most significant security threats encountered in IoT environments is a Distributed Denial of Service (DDoS) attack. This attack can severely disrupt critical services and prevent smart devices from functioning normally, leading to severe consequences for businesses and individuals. It aims to overwhelm victims' resources, websites, and other services by flooding them with massive attack packets, making them inaccessible to legitimate users. Researchers have developed multiple detection schemes to detect DDoS attacks. As technology advances and other facilitating factors have increased, it is a challenge to identify such powerful attacks in real‐time. In this paper, we propose a novel distributed detection scheme for IoT network traffic‐based DDoS attacks by deploying it in a Kafka Streams processing framework named Kafka‐Shield. The Kafka‐Shield comprises two stages: design and deployment. Firstly, the detection scheme is designed on the Hadoop cluster employing a highly scalable H2O.ai machine learning platform. Secondly, a portable, scalable, and distributed detection scheme is deployed on the Kafka Streams processing framework. To analyze the incoming traffic data and categorize it into nine target classes in real time. Additionally, Kafka‐Shield stores each network flow with significant input features and the predicted outcome in the Hadoop Distributed File System (HDFS). It enables the development of new models or updating current ones. To validate the effectiveness of the Kafka‐Shield, we performed critical analysis using various configured attack scenarios. The experimental results affirm Kafka‐Shield's remarkable efficiency in detecting DDoS attacks. It has a detection rate of over 99% and can process 0.928 million traces in nearly 3.027 s. [ABSTRACT FROM AUTHOR]

Published

2024

2. An AI Based IDS Framework For Detecting DDoS Attacks In Cloud Environment.

Author

Asha Varma, S. and Ganesh Reddy, K.

Subjects

*ARTIFICIAL neural networks, *ARTIFICIAL intelligence, *MACHINE learning, *DENIAL of service attacks, *FEATURE selection, *DEEP learning

Abstract

Cloud computing makes it easier for users to access resources from anywhere at any time. This is for as long as they have access to the internet connectivity by employing a "pay-as-you-use" model. Despite its merits, cloud computing faces shortcomings, notably the escalating security concerns linked with it. Distributed Denial of Service (DDoS) attack is a primary and biggest concert to the availability of the services offered by cloud. DDoS attacks use numerous machines to flood consumers with packets with high data overhead, flooding the network with unwanted traffic. Due to the obsolete datasets, many deep learning (DL) models are processing-intensive or may not successfully address new DDoS threats. This paper seeks to address this issue by proposing FEwDN, an AI-based DDoS detection framework that employs a hybrid approach, integrating machine learning and deep learning algorithms. The framework optimizes feature selection via ensemble techniques, enhancing accuracy by leveraging deep neural networks for traffic classification. The proposed framework is experimented on the CICDDoS2019 dataset and demonstrates superior performance over benchmark techniques across multiple metrics. The FEwDN outperforms well with other models against various performance metrics. This research strengthens cloud security and DDoS detection in modern clouds. [ABSTRACT FROM AUTHOR]

Published

2024

3. Enhanced DDoS Detection Using Advanced Machine Learning and Ensemble Techniques in Software Defined Networking.

Author

Butt, Hira Akhtar, Harthy, Khoula Said Al, Shah, Mumtaz Ali, Hussain, Mudassar, Amin, Rashid, and Rehman, Mujeeb Ur

Abstract

Detecting sophisticated cyberattacks, mainly Distributed Denial of Service (DDoS) attacks, with unexpected patterns remains challenging in modern networks. Traditional detection systems often struggle to mitigate such attacks in conventional and software-defined networking (SDN) environments. While Machine Learning (ML) models can distinguish between benign and malicious traffic, their limited feature scope hinders the detection of new zero-day or low-rate DDoS attacks requiring frequent retraining. In this paper, we propose a novel DDoS detection framework that combines Machine Learning (ML) and Ensemble Learning (EL) techniques to improve DDoS attack detection and mitigation in SDN environments. Our model leverages the "DDoS SDN" dataset for training and evaluation and employs a dynamic feature selection mechanism that enhances detection accuracy by focusing on the most relevant features. This adaptive approach addresses the limitations of conventional ML models and provides more accurate detection of various DDoS attack scenarios. Our proposed ensemble model introduces an additional layer of detection, increasing reliability through the innovative application of ensemble techniques. The proposed solution significantly enhances the model's ability to identify and respond to dynamic threats in SDNs. It provides a strong foundation for proactive DDoS detection and mitigation, enhancing network defenses against evolving threats. Our comprehensive runtime analysis of Simultaneous Multi-Threading (SMT) on identical configurations shows superior accuracy and efficiency, with significantly reduced computational time, making it ideal for real-time DDoS detection in dynamic, rapidly changing SDNs. Experimental results demonstrate that our model achieves outstanding performance, outperforming traditional algorithms with 99% accuracy using Random Forest (RF) and K-Nearest Neighbors (KNN) and 98% accuracy using XGBoost. [ABSTRACT FROM AUTHOR]

Published

2024

4. A Novel DDoS Mitigation Strategy in 5G-Based Vehicular Networks Using Chebyshev Polynomials.

Author

Almazroi, Abdulwahab Ali, Alkinani, Monagi H., Al-Shareeda, Mahmood A., and Manickam, Selvakumar

Subjects

*CHEBYSHEV polynomials, *DENIAL of service attacks, *ELLIPTIC curve cryptography, *TRAFFIC congestion, *TRAFFIC safety, *CRYPTOGRAPHY, *PUBLIC key cryptography

Abstract

In fifth-generation (5G)-based vehicular networks, vehicles share information about the road's condition to make driving safer and alleviate traffic congestion. Given the public nature of the medium, addressing issues of confidentiality and security is of paramount importance. Existing systems are vulnerable to a distributed denial-of-service (DDoS) attack from an attacker or high traffic in a dense area because of the time-consuming and complex operations based on bilinear pair and elliptic curve cryptographies used. In order to protect vehicle-to-vehicle communication in 5G-based vehicular networks from DDoS attacks, a strategy based on the Chebyshev polynomial is proposed in this study. The semi-group and chaotic features of the Chebyshev polynomial are utilised in our proposal. Our solutions also meet all applicable standards for security and privacy, such as node authentication, message integrity, preserving identity privacy, traceability, unlinkability, and resistance to attacks. Finally, our innovation decreases the computational burden to produce a message signature by 66.67% and the burden to verify a signature by 33.33%. However, the size of the message-signature tuple is affected by the communication expenses of our work by 5.00%. [ABSTRACT FROM AUTHOR]

Published

2024

5. A proactive approach to DDoS attack recognition and preclusion in securing m-health systems.

Author

Ray, Soumya, Mishra, Kamta Nath, and Dutta, Sandip

Abstract

Mobile Health (m-Health) has become an integral part of modern healthcare, utilizing digital devices like laptops, smart phones, and tablets to facilitate the rapid exchange of real-time patient data through interconnected channels. However, the reliance on centralized cloud computing in m-health systems introduces potential security vulnerabilities. Among these threats, Distributed Denial of Service (DDoS) attacks pose a significant risk, capable of disrupting networks and compromising system reliability. The research paper addresses the vulnerability of m-healthcare systems to DDoS attacks and proposes a four-layered architecture to enhance security measures. The focus on recognizing and identifying DDoS attacks within the system is crucial for early detection and prevention of potential harm. Moreover, the exploration of different deterrence approaches in a virtualized cloud-based environment allows for a comprehensive assessment of their effectiveness. The analysis of performance metrics, particularly the maximum and mean values of DDoS attack success rates, provides valuable insights into the efficacy of the proposed architecture and defense mechanisms. This information will undoubtedly assist in refining and strengthening the system's security measures to mitigate the impact of potential DDoS attacks. Overall, the research paper delves into a critical aspect of m-healthcare system security, shedding light on the vulnerabilities and proposing feasible solutions. By adopting a proactive approach to counter DDoS attacks, the proposed architecture holds the potential to significantly enhance the reliability and privacy of m-health systems, ultimately benefiting patients and healthcare providers alike. The proposed approach taken is innovative and promising. [ABSTRACT FROM AUTHOR]

Published

2024

6. Prevention of DDoS attacks: a comprehensive review and future directions.

Author

Saharan, Shail and Gupta, Vishal

Subjects

*DENIAL of service attacks, *INTERNET access, *SCALABILITY, *MILITARY research

Abstract

Distributed Denial of Service (DDoS) attacks constitute a formidable threat, obstructing access to legitimate internet services and disrupting the seamless provision of services by organizations. Despite extensive research dedicated to developing defense mechanisms against DDoS attacks, their persistence remains a challenge. The majority of research in DDoS defense can be categorized into attack detection, mitigation, and prevention. Notably, defense strategies falling within the purview of attack detection and mitigation are reactive in nature, often activated after some level of damage has already occurred. In addition, the terms "detection" and "mitigation," maintain consistent meanings in the literature. However, the term "prevention" in the context of DDoS attacks has been associated with varying interpretations in the literature. This paper undertakes a comprehensive review of techniques labeled as "prevention" in the realm of DDoS attacks. In addition, because prevention techniques do not have a standard meaning in the literature, we further classify these techniques into Ideal Prevention, True Prevention, and Partial Prevention. By scrutinizing these techniques and their implications, we shed light on the complexity of mitigating DDoS threats effectively. In particular, we advocate for increased focus on True Prevention techniques, emphasizing the need for dynamism, computational efficiency, scalability, and practical deployability. [ABSTRACT FROM AUTHOR]

Published

2024

7. DDoS Attacks Detection with Half Autoencoder-Stacked Deep Neural Network.

Author

Benmohamed, Emna, Thaljaoui, Adel, Khediri, Salim El, Aladhadh, Suliman, and Alohali, Mansor

Subjects

ARTIFICIAL neural networks, DENIAL of service attacks, FEATURE selection, TRAFFIC monitoring, INFRASTRUCTURE (Economics)

Abstract

With the growth in services supplied over the internet, network infrastructure has become more exposed to cyber-attacks, particularly Distributed Denial of Service (DDoS) attacks, which can easily cause the disruption of services. The key factor for fighting against these attacks is the earlier separation and detection of the traffic in networks. In this paper, a novel approach, named Half Autoencoder-Stacked DNNs (HAE-SDNN) model, is proposed. We suggest using a Stacked Deep Neural Networks (SDNN) model. as a deep learning model, in order to detect DDoS attacks. Our approach allows feature selection from a preprocessed dataset using a Half AutoEncoder (HAE), resulting in a final set of important features. These features are subsequently used to train the DNNs that are stacked together by applying Softmax layer to combine their outputs. Experiments were performed on a benchmark cybersecurity dataset, named CICDDoS2017, containing various DDoS attack types. The experimental results demonstrate that the introduced model attained an overall accuracy rate of 99.95%. Moreover, the HAE-SDNN model outperformed existing models, highlighting its superiority in accurately classifying attacks. [ABSTRACT FROM AUTHOR]

Published

2024

8. DDOS ATTACKS DETECTION USING DIFFERENT DECISION TREE ALGORITHMS.

Author

DAYANANDAM, G., REDDY, E. SRINIVASA, and BABU, D. BUJJI

Subjects

MACHINE learning, CART algorithms, DENIAL of service attacks, BANKING industry, INSURANCE companies, DECISION trees

Abstract

In today's world, the banking sector, government organizations, and various users in the finance and insurance sectors have grown exponentially. In such situations, they become primary targets for attackers. The main focus of these attackers is to disrupt services for legitimate users. Recently, attackers have targeted banks in Ukraine during the Russia-Ukraine war, causing a shortage of money in banks and making it difficult for people to withdraw funds. These types of attacks fall under the category of Distributed Denial of Service (DDoS) attacks. The primary objectives of these DDoS attacks are to gain financial control and damage the reputation of the affected organization or country. The purpose of this paper is to detect DDoS attacks using various Decision Tree Classifiers in Machine Learning algorithms. We utilized the 'caret' package in R, which is well-known for its Classification and Regression Techniques. We split the KDD'99 dataset based on the outcome variable. We employed the 'rpart' method to classify the dataset using CART and C4.5 algorithms. Experimental results indicate that our classification methods achieve a better accuracy rate compared to other decision tree methods. [ABSTRACT FROM AUTHOR]

Published

2024

9. A Novel Approach to DDoS Detection in Multi-Controller SDNs: Adaptive Learning Models and Real-Time Feedback for Enhanced IoT Security.

Author

J., Kumar and P. J., Arul Leena Rose

Subjects

MACHINE learning, COMPUTER network traffic, FEATURE selection, DENIAL of service attacks, SOFTWARE-defined networking

Abstract

This study introduces an innovative approach for detecting Distributed Denial-of-Service (DDoS) attacks in Software-Defined Networks (SDNs) with a multi-controller setup, specifically tailored to secure Internet of Things (IoT) devices. Traditional DDoS detection techniques struggle with the dynamic and sophisticated nature of modern network threats, particularly in complex and scalable environments like SDNs. To address these challenges, our objective is to develop a methodology that integrates adaptive learning and feedback mechanisms to continuously evolve and improve detection accuracy. Our approach utilizes adaptive learning models that dynamically adjust to new data and emerging attack patterns, learning continuously from network behaviour to detect subtle and novel attack strategies effectively. By implementing a system of feedback loops, our detection algorithms receive real-time insights from the operational environment, allowing immediate adaptation to changing network conditions and attack techniques. Advanced feature selection methods are employed to identify the most relevant data points from network traffic. Through ROC curve analysis of various machine learning models--RNN, LSTM, GAN, and Auto Encoder--using Chi-Square, Decision Tree, and PCA feature selection methods, PCA consistently demonstrated superior performance. It achieved higher true positive rates across various false positive rates, indicating better classification accuracy. The Auto Encoder model, combined with PCA, exhibited the best results, highlighting its efficacy in balancing sensitivity and specificity for anomaly detection. Experimental evaluations conducted using the CICDDoS2019 dataset highlight the effectiveness of our approach. The proposed Auto Encoder model with PCA feature selection achieved the highest accuracy at 99.56%, surpassing other models such as LSTM with feature selection, which achieved 99.42%, and RNN LSTM, which had the lowest accuracy at 89.63%. These results demonstrate the effectiveness of our approach in enhancing the accuracy and reliability of network traffic anomaly detection, particularly for DDoS attacks involving IoT devices. Overall, our research combines adaptive learning and feedback loops to create a dynamic, intelligent DDoS detection system for SDNs, advancing network security in handling evolving threats. [ABSTRACT FROM AUTHOR]

Published

2024

10. IoT Security in a Connected World: Analyzing Threats, Vulnerabilities, and Mitigation Strategies

Author

Volodymyr Shulha, Maher Rafi Tawffaq, Mohammed Ahmed Jasim, Basim Ghalib Mejbel, Samer Saeed Issa, Loai Alamro, and Erahid Aram

Subjects

iot security, threats, vulnerabilities, mitigation strategies, connected devices, cybersecurity, statistics, intrusion detection, blockchain, ddos attacks, machine learning, Telecommunication, TK5101-6720

Abstract

Background: Given the pervasive connectivity and integration of the Internet of Things (IoT) devices into daily life, system security is of utmost significance in the modern era. The article examines escalating concerns regarding the security of the Internet of Things, its inherent vulnerabilities, and the necessary precautions required to safeguard our interconnected global environment. Objective: With forecasts indicating that the IoT ecosystem will comprise over 50 billion interconnected devices by 2030, the alarming 300% increase in IoT intrusions over the past year underscores the urgency of addressing this issue. Methodology: In this article, IoT security challenges are divided into three primary categories which include device vulnerabilities, network vulnerabilities, and data security vulnerabilities. Results: Our findings emphasize the necessity for end users, developers, and manufacturers to follow security best practices and take part in security training. The study discovered that successful DDoS attacks use infected IoT devices 65% of the time and there is still legacy firmware on 70% of those devices making them susceptible. Possible solutions that are currently under investigation include secure elements, machine learning anomaly detection intrusion detection systems, and blockchain-based device authentication. Most prominently, proactive IoT security solutions have reduced 85% of the security vulnerabilities for organizations; it is truly a remarkable achievement. Conclusion: Understanding the security dynamic of the IoT ecosystem is a very demandable job as it keeps on changing, and so does the knowledge about it. To ensure that the IoT remains powerful and transformative in a connected society, this article will take a look further into the increasing risks, vulnerabilities, scary stats as well as effective solutions. It underscores the need for strong measures to protect security and greater awareness.

Published

2024

11. Modeling DDOS attacks in sdn and detection using random forest classifier.

Author

Abdullahi Wabi, Aishatu, Idris, Ismail, Mikail Olaniyi, Olayemi, Joseph, A., and Surajudeen Adebayo, Olawale

Subjects

DENIAL of service attacks, RANDOM forest algorithms

Abstract

A Software-defined network paradigm provides flexibility and programmability to deal with the growing users of future networks. As a result of the centralized control attribute, it could be regarded as a single point of failure that is vulnerable to various forms of attacks, such as Distributed denial of service (DDOS) attacks. This study attempts to show a mathematical representation of DDOS attacks in SDN, together with how some five-tuple features contribute to the attacks. The studied features were used to detect DDOS using a random forest classifier. The result shows 96.3% detection accuracy and 96.45% precision. [ABSTRACT FROM AUTHOR]

Published

2024

12. SDDA-IoT: storm-based distributed detection approach for IoT network traffic-based DDoS attacks.

Author

Shukla, Praveen, Krishna, C. Rama, and Patil, Nilesh Vishwasrao

Subjects

*DENIAL of service attacks, *CYBERTERRORISM, *INTERNET of things, *MACHINE learning, *TRAFFIC flow

Abstract

In the world of connected devices, there is huge growth of less secure Internet of Things (IoT) devices, and the ease of performing sophisticated cyberattacks using these devices has posed a serious threat to the security of Internet-based services or networks. Distributed Denial of Service (DDoS) attack is one of the most significant cyberattacks. It aims to damage or exhaust victims' resources, services, or networks and make them unavailable to legitimate users. Several solutions are available in the literature to detect DDoS attacks. However, it is difficult to detect them in real-time due to today's high speed or high volume of attack traffic. Therefore, this paper proposes an Apache Storm-based distributed detection approach for IoT network traffic-based DDoS attacks, namely SDDA-IoT. SDDA-IoT is composed of two primary modules: model development and model deployment. In the case of model development, we created five distributed detection models by utilizing a Hadoop cluster and the extremely scalable H2O.ai machine learning platform. In the case of model deployment, we deploy an efficient distributed detection model on the Apache Storm stream processing framework for analyzing ingress streaming data and classifying it into seven classes in near-real-time. To create new models or update existing ones, this module also saves the highly discriminating input features of each network flow along with the predicted outcome in the Hadoop Distributed File System (HDFS). The effectiveness of the SDDA-IoT approach has been examined using a variety of configured scenarios. The experimental results show that the SDDA-IoT approach detects DDoS attacks faster than recent state-of-the-art methods and more accurately with 99%+ accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

13. Eye-Net: A Low-Complexity Distributed Denial of Service Attack-Detection System Based on Multilayer Perceptron.

Author

Khantouchi, Ramzi, Gasmi, Ibtissem, and Ferrag, Mohamed Amine

Subjects

DENIAL of service attacks, FEATURE selection, ERROR rates, INTERNET of things, ENERGY consumption

Abstract

Distributed Denial of Service (DDoS) attacks disrupt service availability, leading to significant financial setbacks for individuals and businesses. This paper introduces Eye-Net, a deep learning-based system optimized for DDoS attack detection that combines feature selection, balancing methods, Multilayer Perceptron (MLP), and quantization-aware training (QAT) techniques. An Analysis of Variance (ANOVA) algorithm is initially applied to the dataset to identify the most distinctive features. Subsequently, the Synthetic Minority Oversampling Technique (SMOTE) balances the dataset by augmenting samples for under-represented classes. Two distinct MLP models are developed: one for the binary classification of flow packets as regular or DDoS traffic and another for identifying six specific DDoS attack types. We store MLP model weights at 8-bit precision by incorporating the quantization-aware training technique. This adjustment slashes memory use by a factor of four and reduces computational cost similarly, making Eye-Net suitable for Internet of Things (IoT) devices. Both models are rigorously trained and assessed using the CICDDoS2019 dataset. Test results reveal that Eye-Net excels, surpassing contemporary DDoS detection techniques in accuracy, recall, precision, and F1 Score. The multiclass model achieves an impressive accuracy of 96.47% with an error rate of 8.78%, while the binary model showcases an outstanding 99.99% accuracy, maintaining a negligible error rate of 0.02%. [ABSTRACT FROM AUTHOR]

Published

2024

14. A Novel Approach for Detecting Unauthorized Requests in Software-Defined Networks Using Hybrid Particle Swarm and Automated Grey Wolf Optimizer Algorithm.

Author

Dembele, Aminata, Mwangi, Elijah, Ronoh, Kennedy K., and Ataro, Edwin O.

Subjects

GREY Wolf Optimizer algorithm, PARTICLE swarm optimization, DENIAL of service attacks, WOLVES, SOFTWARE-defined networking, MATHEMATICAL optimization

Abstract

Software Defined Networking (SDN) is a technology that consolidates network management through a unified controller. However, it is vulnerable to attacks like distributed denial of service (DDoS) due to reliance on a single control plane. In order to address this, a new approach called Hybrid Particle Swarm Optimization (PSO) and Automated Modified Grey Wolf Optimizer Algorithm (AMGWOA) is proposed in this paper. We enhance the efficiency of detecting and preventing malicious requests in SDN frameworks by combining PSO and AMGWOA. Our PSOAMGWO method outperforms conventional grey wolf optimizer and particle swarm optimization techniques, achieving a remarkable 100% accuracy in detecting harmful requests within 0.5 seconds under the same sample size of traffic requests. This approach not only reduces detection time but also minimizes storage and computing resource utilization. [ABSTRACT FROM AUTHOR]

Published

2024

15. E-SDNN: encoder-stacked deep neural networks for DDOS attack detection.

Author

Benmohamed, Emna, Thaljaoui, Adel, Elkhediri, Salim, Aladhadh, Suliman, and Alohali, Mansor

Subjects

*ARTIFICIAL neural networks, *DENIAL of service attacks, *MULTILAYER perceptrons, *INFRASTRUCTURE (Economics), *COMMUNICATION infrastructure, *INTRUSION detection systems (Computer security)

Abstract

The increasing reliance on internet-based services has heightened the vulnerability of network infrastructure to cyberattacks, particularly distributed denial of service (DDoS) attacks. These attacks can cause severe disruptions and significant financial losses. Early detection of malicious traffic is crucial in effectively combating such threats. This paper presents an innovative approach called the Encoder-Stacked deep neural networks (E-SDNN) model, which leverages Stacked/bagged multi-layer perceptrons (MLP) for accurate DDoS attack detection. The proposed method employs an encoder to select pertinent features from a preprocessed dataset, enabling precise attack detection. Extensive experiments were conducted on benchmark cybersecurity datasets, namely CICDS2017 and CICDDoS2019, encompassing various DDoS attack scenarios. The experimental results demonstrate the superiority of the E-SDNN model compared to state-of-the-art methods. The proposed E-SDNN model achieved an impressive overall accuracy rate of 99.94% and 98.86% for CICDDS2017 and CICDDoS2019, respectively. [ABSTRACT FROM AUTHOR]

Published

2024

16. 基于多模态神经网络流量特征的网络应用层 DDoS攻击检测方法.

Author

王小宇, 贺鸿鹏, 马成龙, and 陈欢颐

Abstract

Copyright of Journal of Shenyang Agricultural University is the property of Journal of Shenyang Agricultural University Editorial Department and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

17. Distributed denial of service attacks classification system using features selection and ensemble techniques.

Author

Bagdadi, Leila and Messabih, Belhadri

Subjects

DENIAL of service attacks, FEATURE selection, INTRUSION detection systems (Computer security), MACHINE learning

Abstract

Distributed denial-of-service (DDoS) attacks are expanding threat to online services and websites. These attacks overwhelm targets with traffic from multiple sources to exhaust resources and make services unavailable. The frequency of DDoS attacks exhibits an ongoing upward trajectory over time. This persistent escalation highlights the need for effective countermeasures. While machine learning approaches have been extensively investigated for binary classification of DDoS attacks, multi-class classification has received comparatively less examination in the literature despite its greater practical utility. In this paper, we propose an intrusion detection system for detecting and classifying DDoS attacks, based on two main axes: feature selection for selecting the best relevant features and ensemble learning technique for improving performance by combining weak learners. The proposed model has been trained and evaluated on the CICDDoS2019 dataset. Experimental evaluation demonstrates improved performance using a subset of 16 relevant features identified, with a test accuracy of 82.35% attained for discriminating between the 12 classes represented in the dataset. By aggregating attacks sharing common characteristics resulting in 7 classes, the approach achieves surpassing 97% accuracy. Additionally, a binary classification delineating benign and DDoS attacks attain 99.90% accuracy. [ABSTRACT FROM AUTHOR]

Published

2024

18. DDOS ATTACK-DETECTION APPROACH BASED ON ENSEMBLE MODELS USING SPARK.

Author

Alslman, Yasmeen, Khalil, Ashwaq, Younisse, Remah, Alnagi, Eman, Al-Saraireh, Jaafer, and Ghnemat, Rawan

Abstract

Copyright of Jordanian Journal of Computers & Information Technology is the property of Jordanian Journal of Computers & Information Technology and its content may not be copied or emailed to multiple sites or posted to a listserv without the copyright holder's express written permission. However, users may print, download, or email articles for individual use. This abstract may be abridged. No warranty is given about the accuracy of the copy. Users should refer to the original published version of the material for the full abstract. (Copyright applies to all Abstracts.)

Published

2024

19. CLASSIFYING CYBERCRIME NETWORKS: ORGANIZED AND TRANSNATIONAL SCHEMES IN THE DIGITAL ERA

Author

Inna Tiutiunyk, Dmytro Toptunenko, and Anna Flaumer

Subjects

organized and transnational cybercrime, financial fraud, ransomware attacks, phishing, DDoS attacks, Education (General), L7-991, Theory and practice of education, LB5-3640, Political institutions and public administration (General), JF20-2112

Abstract

The purpose of this study is to analyze and classify the main schemes of organized and transnational cybercriminal activity, as well as to identify the methods and technologies used by cybercriminals to carry out criminal activities in the digital space. The article explores current trends in cybercrime, such as the rise in financial fraud, ransomware attacks, phishing, and DDoS attacks. The study shows that the use of the latest technologies, particularly cryptocurrencies and the Internet of Things (IoT), significantly complicates the detection and prosecution of cyber criminals, necessitating the constant improvement of legal and technical tools to combat cybercrime. Key findings indicate that the transnational nature of cybercrime often makes it difficult to prosecute criminals across jurisdictions, requiring greater international coordination. It was also found that cybercriminals are using increasingly sophisticated methods to conceal their activities, incorporating modern technological solutions into criminal schemes. This underscores the need for continuous monitoring of new threats and the updating of protection methods for both organizations and individual users. The main conclusions of the study emphasize the importance of global cooperation in the fight against cybercrime, the need to enhance technological protection, and the development of legal mechanisms to counter modern cyber threats.

Published

2024

20. Advancements in detecting, preventing, and mitigating DDoS attacks in cloud environments: A comprehensive systematic review of state-of-the-art approaches

Author

Mohamed Ouhssini, Karim Afdel, Mohamed Akouhar, Elhafed Agherrabi, and Abdallah Abarda

Subjects

DDoS attacks, Cloud environments, Effective strategies, Systematic review, Cloud security, Defense mechanisms, Electronic computers. Computer science, QA75.5-76.95

Abstract

This comprehensive study examines cutting-edge strategies for combating Distributed Denial of Service (DDoS) attacks in cloud environments, addressing a critical gap in recent literature. Through a systematic review of the latest advancements, we propose a framework for identifying, preventing, and mitigating DDoS threats specifically tailored to cloud infrastructures. Our research highlights the urgent need for robust defense mechanisms to enhance cloud security, minimize service disruptions, and safeguard against data breaches. By analyzing the strengths and limitations of current models, we underscore the importance of continued innovation in this rapidly evolving field. This study provides essential insights for academics and industry professionals aiming to enhance the resilience of cloud infrastructure against the ongoing and adaptive menace of DDoS attacks.

Published

2024

21. SCDAE-MLP Design for Detecting and Classifying DDoS Attack

Author

Ye, Hongkai, Zuo, Jie, Chen, Yang-Yang, Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Tan, Kay Chen, Series Editor, Jia, Yingmin, editor, Zhang, Weicun, editor, Fu, Yongling, editor, and Yang, Huihua, editor

Published

2024

22. Application of the Negative Selection Algorithm to Detect Distributed Denial of Service Attacks

Author

Matrone, Daniel, Pasquale, Rodrigo P., Bianchini, Calebe P., Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Yang, Xin-She, editor, Sherratt, Simon, editor, Dey, Nilanjan, editor, and Joshi, Amit, editor

Published

2024

23. Unraveling the Complexity: Exploring Machine Learning Algorithms for DDoS Attack Analysis

Author

Anandamurugan, S., Anand, D. Vijay, Raja, R. Abishek, Aparna, V., Shankar, K. P. Gokul, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Abraham, Ajith, editor, Pllana, Sabri, editor, Hanne, Thomas, editor, and Siarry, Patrick, editor

Published

2024

24. DAG: A Lightweight and Real-Time Edge Defense Model for IoT DDoS Attacks

Author

Liu, Yanhua, Chen, Cong, Zhang, Qiu, Zeng, Fanhao, Liu, Ximeng, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Wang, Xingwei, editor, Xu, Mingwei, editor, Shi, Xiaoqiu, editor, and Wu, Fan, editor

Published

2024

25. A Machine Learning Approach for DDoS Attack Detection in CIC-DDoS2019 Dataset Using Multiple Linear Regression Algorithm

Author

Gondi, Lakshmeeswari, Sambangi, Swathi, Priya, P. Kundana, Anjum, S. Sharika, Lin, Frank M., editor, Patel, Ashokkumar, editor, Kesswani, Nishtha, editor, and Sambana, Bosubabu, editor

Published

2024

26. Cybersecurity Challenges and Implications for the Adoption of Cloud Computing and IoT: DDoS Attacks as an Example

Author

Al-Tamimi, Bassam Naji, Almoamari, Hani, Nehme, Antonio, Basurra, Shadi, Jajodia, Sushil, Series Editor, Samarati, Pierangela, Series Editor, Lopez, Javier, Series Editor, Vaidya, Jaideep, Series Editor, Boulila, Wadii, editor, Ahmad, Jawad, editor, Koubaa, Anis, editor, Driss, Maha, editor, and Farah, Imed Riadh, editor

Published

2024

27. Enhancing DDoS Attack Detection in SDN: A Novel Approach with IG-RFFI Feature Selection

Author

Goud, Konda Srikar, Giduturi, Srinivasa Rao, Kacprzyk, Janusz, Series Editor, Gomide, Fernando, Advisory Editor, Kaynak, Okyay, Advisory Editor, Liu, Derong, Advisory Editor, Pedrycz, Witold, Advisory Editor, Polycarpou, Marios M., Advisory Editor, Rudas, Imre J., Advisory Editor, Wang, Jun, Advisory Editor, Devi, B. Rama, editor, Kumar, Kishore, editor, Raju, M., editor, Raju, K. Srujan, editor, and Sellathurai, Mathini, editor

Published

2024

28. Peering into the Darkness: The Use of UTRS in Combating DDoS Attacks

Author

Anghel, Radu, Vetrivel, Swaathi, Rodriguez, Elsa Turcios, Sameshima, Kaichi, Makita, Daisuke, Yoshioka, Katsunari, Gañán, Carlos, Zhauniarovich, Yury, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Tsudik, Gene, editor, Conti, Mauro, editor, Liang, Kaitai, editor, and Smaragdakis, Georgios, editor

Published

2024

29. Detect and Alleviate DDoS Attacks in Cloud Environment

Author

Kulwanth, Bandi, Srinivasarengan, V., Anish, Peddinte, Abirami, K., Angrisani, Leopoldo, Series Editor, Arteaga, Marco, Series Editor, Chakraborty, Samarjit, Series Editor, Chen, Jiming, Series Editor, Chen, Shanben, Series Editor, Chen, Tan Kay, Series Editor, Dillmann, Rüdiger, Series Editor, Duan, Haibin, Series Editor, Ferrari, Gianluigi, Series Editor, Ferre, Manuel, Series Editor, Jabbari, Faryar, Series Editor, Jia, Limin, Series Editor, Kacprzyk, Janusz, Series Editor, Khamis, Alaa, Series Editor, Kroeger, Torsten, Series Editor, Li, Yong, Series Editor, Liang, Qilian, Series Editor, Martín, Ferran, Series Editor, Ming, Tan Cher, Series Editor, Minker, Wolfgang, Series Editor, Misra, Pradeep, Series Editor, Mukhopadhyay, Subhas, Series Editor, Ning, Cun-Zheng, Series Editor, Nishida, Toyoaki, Series Editor, Oneto, Luca, Series Editor, Panigrahi, Bijaya Ketan, Series Editor, Pascucci, Federica, Series Editor, Qin, Yong, Series Editor, Seng, Gan Woon, Series Editor, Speidel, Joachim, Series Editor, Veiga, Germano, Series Editor, Wu, Haitao, Series Editor, Zamboni, Walter, Series Editor, Zhang, Junjie James, Series Editor, Tan, Kay Chen, Series Editor, Shetty, N. R., editor, Prasad, N. H., editor, and Nagaraj, H. C., editor

Published

2024

30. A Detection Approach for IoT Traffic-Based DDoS Attacks

Author

Shukla, Praveen, Krishna, C. Rama, Patil, Nilesh Vishwasrao, Filipe, Joaquim, Editorial Board Member, Ghosh, Ashish, Editorial Board Member, Prates, Raquel Oliveira, Editorial Board Member, Zhou, Lizhu, Editorial Board Member, Challa, Rama Krishna, editor, Aujla, Gagangeet Singh, editor, Mathew, Lini, editor, Kumar, Amod, editor, Kalra, Mala, editor, Shimi, S. L., editor, Saini, Garima, editor, and Sharma, Kanika, editor

Published

2024

31. Malware Mitigation in Cloud Computing Architecture

Author

Medaram, Sai Kumar, Maglaras, Leandros, Akhgar, Babak, Series Editor, Almomani, Iman, editor, Maglaras, Leandros A., editor, Ferrag, Mohamed Amine, editor, and Ayres, Nick, editor

Published

2024

32. Leveraging datasets for effective mitigation of DDoS attacks in software-defined networking: significance and challenges

Author

Hema Dhadhal and Paresh Kotak

Subjects

ddos attacks, software-defined networking, machine learning, dataset, mitigation, significance, challenges, Computer engineering. Computer hardware, TK7885-7895, Electronic computers. Computer science, QA75.5-76.95

Abstract

Software-Defined Networking (SDN) has emerged as a transformative paradigm for network management, offering centralized control and programmability. However, with the proliferation of Distributed Denial of Service (DDoS) attacks that pose significant threats to network infrastructures, effective mitigation strategies are needed. The subject matter of this study is to explore the importance of datasets in the mitigation of DDoS attacks in SDN environments. The paper discusses the significance of datasets for training machine learning models, evaluating detection mechanisms, and enhancing the resilience of SDN-based defense systems. Goal of the paper is to assist researchers in effectively selecting and usage of datasets for DDoS mitigation in SDN, thereby maximizing benefits and overcoming challenges involved in dataset selection. This paper outlines the challenges associated with dataset collection, labeling, and management, along with potential solutions to address these challenges. Effective detection and mitigation of DDoS attacks in SDN require robust datasets that capture the diverse and evolving nature of attack scenarios. Characterization of tasks for each section is as follows: Importance of datasets in DDoS attack mitigation in SDN, challenges in dataset utilization in DDoS mitigation in SDN, Guidelines for dataset selection, comparison of datasets used and their results and different dataset usage according to the need. Methodology involves collecting results in tabular form based on prior research to analyze the characteristics of existing datasets, techniques for dataset augmentation and enhancement, and evaluating the effectiveness of different datasets in detecting and mitigating DDoS attacks through comprehensive experimentation. Results of our findings indicate that effective detection and mitigation of DDoS attacks in SDN require robust datasets that capture the diverse and evolving nature of attack scenarios. Our findings provide valuable insights into the importance of datasets in enhancing the resilience of SDN infrastructures against DDoS attacks. In conclusion, our findings provide valuable insights into the importance of datasets in enhancing the resilience of SDN infrastructures against DDoS attacks and highlight the need for further research in this critical area. Thorough guidelines for dataset selection and impacts of different datasets used in recent studies, provide research challenges and future directions in this area.

Published

2024

33. DDoS Attacks Detection Approach based on Ensemble Model using Spark

Author

Yasmeen Alslman, Ashwaq Khalil, Remah Younisse, Eman AlNagi, Jaafer Al-Saraireh, and Rawan Ghnemat

Subjects

ensemble model, random forest (rf), xgboost (xgb), apache-spark, pyspark, big data, cic-ddos2019, ddos attacks, Information technology, T58.5-58.64, Electronic computers. Computer science, QA75.5-76.95

Abstract

We live in an era when time is a precious resource. Thus, dealing with the vast amount of data collected from different resources for various purposes requires creating systems that can process the data in a reasonable time to make it worthwhile. Accessing big data in machine learning and artificial intelligence models creates efficient, robust models. In this work, we present a method to create a multi-class classification model using Apache-spark. The model is built and trained with the CIC-DDOS2019 dataset to build a DDoS Attack detection model. Ensemble modeling was used to improve the accuracy and robustness of the model. At the same time, Apache-spark was used to distribute the vast amount of training and testing data over the models used to create the intrusion detection model. The proposed model has achieved high accuracy (99.94\%) while reducing the execution time to almost the half when applied without Apache-spark. [JJCIT 2024; 10(2.000): 123-137]

Published

2024

34. Machine learning-based detection of DDoS attacks on IoT devices in multi-energy systems

Author

Hesham A. Sakr, Mostafa M. Fouda, Ahmed F. Ashour, Ahmed Abdelhafeez, Magda I. El-Afifi, and Mohamed Refaat Abdellah

Subjects

Energy hub security, DDoS attacks, Machine learning, Detection system, Electronic computers. Computer science, QA75.5-76.95

Abstract

With the growing integration of IoT devices in critical infrastructure, cybersecurity threats such as Distributed Denial of Service (DDoS) attacks on Energy Hubs (EH) have become a significant concern. This study aims to address these challenges by evaluating the effectiveness of various supervised machine learning (ML) algorithms in predicting DDoS attacks targeting EH systems through IoT devices. Using the CICDDOS2019 and KDD-CUP datasets, a comprehensive analysis was conducted on several classifiers, including Decision Tree (DT), Gradient Boosting, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Random Forest. The results highlight Gradient Boosting as the most effective model, particularly for the CICDDOS2019 dataset, demonstrating superior accuracy and predictive capability. Additionally, hybrid models combining Gradient Boosting with SVM or DT showed strong performance, though with varying precision and recall. This study provides valuable insights into the selection and tailoring of ML models for specific security challenges, emphasizing the need for ongoing research to enhance the resilience of EH systems and IoT devices against evolving DDoS threats.

Published

2024

35. SSHAA: A Python Package Index for visualizing features of SSH attacks with text mining in classification.

Author

Nakamura, Yuki, Fukuda, Tsukasa, Yang, Xuanzhou, and Takefuji, Yoshiyasu

Abstract

With the proliferation of the Internet, the number of cyber-attacks has increased worldwide. To prevent cyber-attacks, network administrators need to use analytical tools to disclose six new critical statistics such as Internet Protocol (IP) authenticity and classification, IP ownership, frequency of attacks, time of day, day of the week, and country of attack. There are four SSH attack analysis tools available, but existing tools lack visualization and cannot provide the necessary attack statistics. This paper proposes SSHAA, the first open source PyPI analysis tool that meets the requirement. Text mining technology is used for extracting data from SSH log files, classifying IPs with identified country names and calculating a variety of statistics. PyPI allows SSHAA to run on Windows, MacOS, and Linux operating systems. This paper highlights how to debut a PyPI application using SSHAA which will be the world’s first tutorial in the security journals for maximum software dissemination. According to PePy, SSHAA has been downloaded 7668 times worldwide. The substantial number of downloads signifies the efficacy of the proposed tool. The proposed system offers ten functional statistics for SSH attack analysis. The six new functional statistics to information security are significant. [ABSTRACT FROM AUTHOR]

Published

2024

36. Improvement of Distributed Denial of Service Attack Detection through Machine Learning and Data Processing.

Author

Becerra-Suarez, Fray L., Fernández-Roman, Ismael, and Forero, Manuel G.

Subjects

*DENIAL of service attacks, *ELECTRONIC data processing, *MACHINE learning, *DIGITAL technology, *RESEARCH integrity, *PEARSON correlation (Statistics), *CYBER intelligence (Computer security)

Abstract

The early and accurate detection of Distributed Denial of Service (DDoS) attacks is a fundamental area of research to safeguard the integrity and functionality of organizations' digital ecosystems. Despite the growing importance of neural networks in recent years, the use of classical techniques remains relevant due to their interpretability, speed, resource efficiency, and satisfactory performance. This article presents the results of a comparative analysis of six machine learning techniques, namely, Random Forest (RF), Decision Tree (DT), AdaBoost (ADA), Extreme Gradient Boosting (XGB), Multilayer Perceptron (MLP), and Dense Neural Network (DNN), for classifying DDoS attacks. The CICDDoS2019 dataset was used, which underwent data preprocessing to remove outliers, and 22 features were selected using the Pearson correlation coefficient. The RF classifier achieved the best accuracy rate (99.97%), outperforming other classifiers and even previously published neural network-based techniques. These findings underscore the feasibility and effectiveness of machine learning algorithms in the field of DDoS attack detection, reaffirming their relevance as a valuable tool in advanced cyber defense. [ABSTRACT FROM AUTHOR]

Published

2024

37. Distributed Federated Split Learning Based Intrusion Detection System.

Author

Almarshdi, Rasha, Fadel, Etimad, Alowidi, Nahed, and Nassef, Laila

Subjects

CONVOLUTIONAL neural networks, FEDERATED learning, DATA privacy, DENIAL of service attacks, COMPUTER network security, INTRUSION detection systems (Computer security)

Abstract

The Internet of Medical Things (IoMT) is one of the critical emerging applications of the Internet of Things (IoT). The huge increases in data generation and transmission across distributed networks make security one of the most important challenges facing IoMT networks. Distributed Denial of Service (DDoS) attacks impact the availability of services of legitimate users. Intrusion Detection Systems (IDSs) that are based on Centralized Learning (CL) suffer from high training time and communication overhead. IDS that are based on distributed learning, such as Federated Learning (FL) or Split Learning (SL), are recently used for intrusion detection. FL preserves data privacy while enabling collaborative model development. However, FL suffers from high training time and communication overhead. On the other hand, SL offers advantages in terms of computational resources, but it faces challenges such as communication overhead and potential security vulnerabilities at the split point. Federated Split Learning (FSL) has proposed overcoming the problems of both FL and SL and offering more secure, efficient, and scalable distribution systems. This paper proposes a novel distributed FSL (DFSL) system to detect DDoS attacks. The proposed DFSL enhances detection accuracy and reduces training time by designing an adaptive aggregation method based on the early stopping strategy. However, the increased number of clients leads to increasing communication overheads. We further propose a Multi-Node Selection (MNS) based Best Channel-Best l 2 -Norm (BC-BN2) selection scheme to reduce communication overhead. Two DL models are used to test the effectiveness of the proposed system, including a Convolutional Neural Network (CNN) and CNN with Long Short-Term Memory (LSTM) on two modern datasets. The performance of the proposed system is compared with three baseline distributed approaches such as FedAvg, Vanilla SL, and SplitFed algorithms. The proposed system outperforms the baseline algorithms with an accuracy of 99.70% and 99.87% in CICDDoS2019 and LITNET-2020 datasets, respectively. The proposed system's training time and communication overhead are 30% and 20% less than the baseline algorithms. [ABSTRACT FROM AUTHOR]

Published

2024

38. SecEG: A Secure and Efficient Strategy against DDoS Attacks in Mobile Edge Computing.

Author

Huang, Haiyang, Meng, Tianhui, Guo, Jianxiong, Wei, Xuekai, and Jia, Weijia

Subjects

DENIAL of service attacks, MOBILE computing, EDGE computing, ANOMALY detection (Computer security), COMMUNICATION infrastructure, PUBLIC key cryptography

Abstract

Application-layer distributed denial-of-service (DDoS) attacks incapacitate systems by using up their resources, causing service interruptions, financial losses, and more. Consequently, advanced deep-learning techniques are used to detect and mitigate these attacks in cloud infrastructures. However, in mobile edge computing (MEC), it becomes economically impractical to equip each node with defensive resources, as these resources may largely remain unused in edge devices. Furthermore, current methods are mainly concentrated on improving the accuracy of DDoS attack detection and saving CPU resources, neglecting the effective allocation of computational power for benign tasks under DDoS attacks. To address these issues, this paper introduces SecEG, a secure and efficient strategy against DDoS attacks for MEC that integrates container-based task isolation with lightweight online anomaly detection on edge nodes. More specifically, a new model is proposed to analyze resource contention dynamics between DDoS attacks and benign tasks. Subsequently, by employing periodic packet sampling and real-time attack intensity predicting, an autoencoder-based method is proposed to detect DDoS attacks. We leverage an efficient scheduling method to optimize the edge resource allocation and the service quality for benign users during DDoS attacks. When executed in the real-world edge environment, our experimental findings validate the efficacy of the proposed SecEG strategy. Compared to conventional methods, the service rate of benign requests increases by 23% under intense DDoS attacks, and the CPU resource is saved up to 35%. [ABSTRACT FROM AUTHOR]

Published

2024

39. EIoT-DDoS: embedded classification approach for IoT traffic-based DDoS attacks.

Author

Shukla, Praveen, Krishna, C. Rama, and Patil, Nilesh Vishwasrao

Subjects

*DENIAL of service attacks, *COMPUTER network traffic, *INTERNET of things, *MACHINE learning, *CLASSIFICATION, *ROBOT programming

Abstract

The Internet of Things (IoT) has shown incredible adaptability in recent years and has become an integral part of human life. The proliferation of IoT technology has made IoT devices more prone to severe security threats, such as Distributed Denial of Service (DDoS) attacks, which are dangerous threats to public systems and networks. Further, the frequency and complexity of IoT traffic-based DDoS attacks are increasing year-by-year. This article proposes an IoT traffic-based DDoS attack detection approach for classifying incoming IoT network traffic into 11 classes using multiclass machine learning techniques. The proposed approach comprises two phases: (i) designing and (ii) detection. In the designing phase, we employ the embedded feature reduction technique to create cost-effective and efficient classification models with a high feature reduction rate. Further, we evaluate these models using the K-fold cross-validation technique. While in the detection phase, we evaluate the performance of an efficient model by executing four different IoT traffic-based scenarios. A publicly available Bot-IoT dataset is employed to design and validate the proposed multiclass classification approach. The results show that the proposed approach provides an 84.4% feature reduction rate and approximately 5.19% higher classification accuracy than the existing approaches. [ABSTRACT FROM AUTHOR]

Published

2024

40. LEVERAGING DATASETS FOR EFFECTIVE MITIGATION OF DDOS ATTACKS IN SOFTWARE-DEFINED NETWORKING: SIGNIFICANCE AND CHALLENGES.

Author

DHADHAL, Hema and KOTAK, Paresh

Subjects

DENIAL of service attacks, SOFTWARE-defined networking, MACHINE learning, DATA augmentation, COMPUTER network management, DATA management

Abstract

Software-Defined Networking (SDN) has emerged as a transformative paradigm for network management, offering centralized control and programmability. However, with the proliferation of Distributed Denial of Service (DDoS) attacks that pose significant threats to network infrastructures, effective mitigation strategies are needed. The subject matter of this study is to explore the importance of datasets in the mitigation of DDoS attacks in SDN environments. The paper discusses the significance of datasets for training machine learning models, evaluating detection mechanisms, and enhancing the resilience of SDN-based defense systems. Goal of the paper is to assist researchers in effectively selecting and usage of datasets for DDoS mitigation in SDN, thereby maximizing benefits and overcoming challenges involved in dataset selection. This paper outlines the challenges associated with dataset collection, labeling, and management, along with potential solutions to address these challenges. Effective detection and mitigation of DDoS attacks in SDN require robust datasets that capture the diverse and evolving nature of attack scenarios. Characterization of tasks for each section is as follows: Importance of datasets in DDoS attack mitigation in SDN, challenges in dataset utilization in DDoS mitigation in SDN, Guidelines for dataset selection, comparison of datasets used and their results and different dataset usage according to the need. Methodology involves collecting results in tabular form based on prior research to analyze the characteristics of existing datasets, techniques for dataset augmentation and enhancement, and evaluating the effectiveness of different datasets in detecting and mitigating DDoS attacks through comprehensive experimentation. Results of our findings indicate that effective detection and mitigation of DDoS attacks in SDN require robust datasets that capture the diverse and evolving nature of attack scenarios. Our findings provide valuable insights into the importance of datasets in enhancing the resilience of SDN infrastructures against DDoS attacks. In conclusion, ourfindings provide valuable insights into the importance of datasets in enhancing the resilience of SDN infrastructures against DDoS attacks and highlight the need for further research in this critical area. Thorough guidelines for dataset selection and impacts of different datasets used in recent studies, provide research challenges and future directions in this area. [ABSTRACT FROM AUTHOR]

Published

2024

41. IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm.

Author

Yaras, Sami and Dener, Murat

Subjects

MACHINE learning, COMPUTER network traffic, DEEP learning, INTRUSION detection systems (Computer security), DENIAL of service attacks, CYBERTERRORISM, TELECOMMUNICATION systems

Abstract

The most significant threat that networks established in IoT may encounter is cyber attacks. The most commonly encountered attacks among these threats are DDoS attacks. After attacks, the communication traffic of the network can be disrupted, and the energy of sensor nodes can quickly deplete. Therefore, the detection of occurring attacks is of great importance. Considering numerous sensor nodes in the established network, analyzing the network traffic data through traditional methods can become impossible. Analyzing this network traffic in a big data environment is necessary. This study aims to analyze the obtained network traffic dataset in a big data environment and detect attacks in the network using a deep learning algorithm. This study is conducted using PySpark with Apache Spark in the Google Colaboratory (Colab) environment. Keras and Scikit-Learn libraries are utilized in the study. 'CICIoT2023' and 'TON_IoT' datasets are used for training and testing the model. The features in the datasets are reduced using the correlation method, ensuring the inclusion of significant features in the tests. A hybrid deep learning algorithm is designed using one-dimensional CNN and LSTM. The developed method was compared with ten machine learning and deep learning algorithms. The model's performance was evaluated using accuracy, precision, recall, and F1 parameters. Following the study, an accuracy rate of 99.995% for binary classification and 99.96% for multiclassification is achieved in the 'CICIoT2023' dataset. In the 'TON_IoT' dataset, a binary classification success rate of 98.75% is reached. [ABSTRACT FROM AUTHOR]

Published

2024

42. Deep Learning based DDoS Attack Detection in Internet of Things: An Optimized CNN-BiLSTM Architecture with Transfer Learning and Regularization Techniques.

Author

Jebril, Iqbal, Premkumar, M., Abdulsahib, Ghaida Muttashar, Ashokkumar, S. R., Dhanasekaran, S., Khalaf, Oshamah Ibrahim, and Algburi, Sameer

Subjects

*DENIAL of service attacks, *DEEP learning, *INTERNET of things, *SMARTWATCHES, *DATA warehousing

Abstract

In recent days, with the rapid advancement of technology in informatics systems, the Internet of Things (IoT) becomes crucial in many aspects of daily life. IoT applications have gained popularity due to the availability of various IoT enabler gadgets, such as smartwatches, smartphones, and so on. However, the vulnerability of IoT devices has led to security challenges, including Distributed Denial-of-Service (DDoS) attacks. These limitations result from the dynamic communication between IoT devices due to their limited data storage and processing resources. The primary research challenge is to create a model that can recognize legitimate traffic while effectively protecting the network against various classes of DDoS attacks. This article proposes a CNN-BiLSTM DDoS detection model by combining three deep-learning algorithms. The models are evaluated using the CICIDS2017 dataset against commonly used performance criteria which the models perform well, achieving an accuracy of around 99.76%, except for the CNN model, which achieves an accuracy of 98.82%. The proposed model performs best, achieving an accuracy of 99.9%. [ABSTRACT FROM AUTHOR]

Published

2024

43. Cyber Security on the Edge: Efficient Enabling of Machine Learning on IoT Devices.

Author

Kumari, Swati, Tulshyan, Vatsal, and Tewari, Hitesh

Subjects

*REAL-time computing, *MACHINE learning, *INTERNET security, *INTERNET of things, *CYBERTERRORISM

Abstract

Due to rising cyber threats, IoT devices' security vulnerabilities are expanding. However, these devices cannot run complicated security algorithms locally due to hardware restrictions. Data must be transferred to cloud nodes for processing, giving attackers an entry point. This research investigates distributed computing on the edge, using AI-enabled IoT devices and container orchestration tools to process data in real time at the network edge. The purpose is to identify and mitigate DDoS assaults while minimizing CPU usage to improve security. It compares typical IoT devices with and without AI-enabled chips, container orchestration, and assesses their performance in running machine learning models with different cluster settings. The proposed architecture aims to empower IoT devices to process data locally, minimizing the reliance on cloud transmission and bolstering security in IoT environments. The results correlate with the update in the architecture. With the addition of AI-enabled IoT device and container orchestration, there is a difference of 60% between the new architecture and traditional architecture where only Raspberry Pi were being used. [ABSTRACT FROM AUTHOR]

Published

2024

44. The Impact of Denial-of-Service Attacks and Queue Management Algorithms on Cellular Networks.

Author

Çakmak, Muhammet

Subjects

*DENIAL of service attacks, *LONG-Term Evolution (Telecommunications), *RADIO links, *BIT rate, *INFRASTRUCTURE (Economics)

Abstract

In today's digital landscape, Distributed Denial of Service (DDoS) attacks stand out as a formidable threat to organisations all over the world. As known technology gradually advances and the proliferation of mobile devices, cellular network operators face pressure to fortify their infrastructure against these risks. DDoS incursions into Cellular Long-Term Evolution (LTE) networks can wreak havoc, elevate packet loss, and suboptimal network performance. Managing the surges in traffic that afflict LTE networks is of paramount importance. Queue management algorithms emerge as a viable solution to wrest control over congestion at the Radio Link Control (RLC) layer within LTE networks. These algorithms work proactively, anticipating, and mitigating congestion by curtailing data transfer rates and fortifying defences against potential DDoS onslaughts. In the paper, we delve into a range of queue management methods Drop-Tail, Random Early Detection (RED), Controlled Delay (CoDel), Proportional Integral Controller Enhanced (PIE), and Packet Limited First In, First Out queue (pFIFO). Our rigorous evaluation of these queue management algorithms hinges on a multifaceted assessment that encompasses vital performance parameters. We gauge the LTE network's resilience against DDoS incursions, measuring performance based on end-to-end delay, throughput, packet delivery rate (PDF), and fairness index values. The crucible for this evaluation is none other than the NS3 simulator, a trusted platform for testing and analysis. The outcomes of our simulations provide illuminating insights. CoDel, RED, PIE, pFIFO, and Drop-Tail algorithms emerge as top performers in succession. These findings underscore the critical role of advanced queue management algorithms in fortifying LTE networks against DDoS attacks, offering robust defences and resilient network performance. [ABSTRACT FROM AUTHOR]

Published

2024

45. Botnet‐based IoT network traffic analysis using deep learning.

Author

Singh, N. Joychandra, Hoque, Nazrul, Singh, Kh. Robindro, and Bhattacharyya, Dhruba K.

Subjects

*COMPUTER network traffic, *DENIAL of service attacks, *DEEP learning, *INTERNET of things

Abstract

IoT networks are increasingly being connected to a wide range of devices, and the number of devices connected has significantly increased in recent years. As a consequence, the number of vulnerabilities to IoT networks has also been increasing tremendously. In IoT networks, botnet‐based Distributed Denial of Service attack is challenging due to its dynamic behavior. The sensors and actuators connected to IoT networks are low‐powered and have less memory. Because of their inherent vulnerability, IoT devices can always be compromised by an attacker and be used to form a large botnet. A detailed analysis of IoT botnet attacks is presented in this article, along with statistics and the architectures of the botnet. We also survey the existing literature on IoT botnet traffic analysis and present a taxonomy of attack detection methods. We particularly focus on deep learning‐based methods and conduct a comparative study to evaluate their performance on IoT traffic analysis. We identify the current issues and research challenges in this field, and we conclude by highlighting some future research directions. [ABSTRACT FROM AUTHOR]

Published

2024

46. Modeling time-varying wide-scale distributed denial of service attacks on electric vehicle charging Stations

Author

Tawfiq Aljohani and Abdulaziz Almutairi

Subjects

DDoS attacks, Electric Vehicle Charging Stations (EVCS), Cybersecurity of Energy Infrastructures, Cyberattacks Attack Generation Model, Ornstein-Uhlenbeck, Engineering (General). Civil engineering (General), TA1-2040

Abstract

With the continuous development of transportation electrification, Electric Vehicle Charging Stations (EVCS) have become pivotal components, necessitating robust cybersecurity frameworks to mitigate potential threats. This work explores the complex dynamics of Distributed Denial of Service (DDoS) attacks aimed at EVCS, highlighting the multifaceted interplay between the generation of attack traffic and its implications on grid stability. Introducing a novel mathematical model for extensive DDoS attacks on EVCS, this work simulates the attack methodology through a time-variant Poisson process, encapsulating the behaviors of attacks bots and their cumulative impact on the targeted EVCS. The model further incorporates the variability of attack intensity, utilizing the Ornstein-Uhlenbeck process to reflect on the temporal evolution and traceability of the attacks. Moreover, by integrating queueing theory, the model facilitates a detailed examination of traffic dynamics under DDoS conditions, providing insights into potential delays and service interruptions. The study also investigates the impact of DDoS attacks on both the dynamic and steady-state operation of the grid, offering a comprehensive perspective on the cybersecurity threat landscape. Simulation outcomes confirm that successful disruptions in EVCS due to DDoS attacks can lead to significant disturbances, underscoring the need for robust cybersecurity protocols.

Published

2024

47. PPAD-W: A Novel Privacy-Preserving Authentication With Dynamic IPs Window for IoV Networks

Author

Sarhang Jamal Ibrahim and Hakem Beitollahi

Subjects

Internet of Vehicles (IoV) authentication, privacy preserving, security, DDoS attacks, protocol, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The proliferation of Internet of Vehicles (IoV) has revolutionized transportation systems. However, ensuring secure and privacy-preserving communication in IoV networks remains a challenge. Existing authentication protocols often compromise privacy, incur high computation costs, or are vulnerable to DDoS attacks. To address these limitations, we propose a novel secure protocol for IoV networks, inspired by the Pretty Good Privacy (PGP) protocol. Our protocol leverages anonymous credentials with trust management for privacy-preserving authentication and a dynamic IP window for robust DDoS mitigation. This approach achieves a balance between security and efficiency. Through extensive simulations using Crossware ARM and OMNeT++, we demonstrate that PPAD-W achieves an average of 28.5% and 50% reduction in communication and computational costs, respectively, compared to state-of-the-art alternatives. Furthermore, the protocol effectively mitigates DDoS attacks. These results highlight PPAD-W as a promising solution for resource-constrained IoV devices, offering a compelling balance of security, privacy, and efficiency.

Published

2024

48. Detection and Mitigation of Distributed Denial of Service Attacks Using Ensemble Learning and Honeypots in a Novel SDN-UAV Network Architecture

Author

Mohamed Amine Ould Rabah, Hamza Drid, Yasmine Medjadba, and Mohamed Rahouti

Subjects

DDoS attacks, ensemble learning, honeypot UAV, machine learning, SDN, UAVs, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

The combination of Software-Defined Networking (SDN) with Unmanned Aerial Vehicles (UAVs) has transformed wireless communication and data transmission. However, this advancement introduces new security challenges, specifically Distributed Denial of Service (DDoS) attacks, which can significantly disrupt network operations. Existing solutions often rely on single-model detection methods that may not adequately address these evolving threats. These methods may struggle with new and sophisticated attack patterns, leading to higher false positives and negatives. This work presents a new network architecture and novel approach that combines Ensemble learning with honeypot UAV to detect and mitigate DDoS attacks within SDN-UAV networks effectively. The initial phase involves detecting DDoS attacks from network traffic. Instead of relying on a single model, we use two models combined through a bagging-based ensemble method to integrate their results. In this setup, the detected attacks are promptly relayed to subordinate SDN controllers for the implementation of proactive security measures. A honeypot UAV is integrated into the architecture to enhance the system’s effectiveness. This honeypot UAV collects data on potential threats, allowing constant updates and refinement of the ensemble learning model. Furthermore, the system can proactively block traffic from these sources with this data, strengthening the defense mechanisms against DDoS attacks within the SDN-UAV network. To assess the effectiveness of our approach, we conducted training and testing experiments using the InSDN dataset. Experimental results are evaluated using various metrics, demonstrating that the proposed method consistently outperforms the state-of-the-art methods.

Published

2024

49. Rule-Based With Machine Learning IDS for DDoS Attack Detection in Cyber-Physical Production Systems (CPPS)

Author

Ayaz Hussain, Eva Marin Tordera, Xavi Masip-Bruin, and Helen C. Leligou

Subjects

CPPS, DDoS attacks, Industry 4.0, IDS solution, machine learning, rule-based detection, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

Recent advancements in communication technology have transformed the way the industrial system works. This digitalization has improved the way of communication between different actors involved in cyber physical production systems (CPPS), such as users, suppliers, and manufacturers, thus making the whole process transparent. The utilization of emerging new technologies in CPPS can cause vulnerable spots that can be exploited by attackers to launch sophisticated distributed denial of service (DDoS) attacks, hence threatening the availability of the production systems. Existing machine learning based intrusion detection systems (IDS) often rely on unrealistic datasets for training and validation, thus missing the crucial testing phase with real-time scenarios. The results generated by the ML models are based on predictions at each flow level and cannot provide summarized information about malicious entities. To address this limitation, this study proposed an efficient IDS system that uses both rule-based detection and ML-based approaches to detect DDoS attacks damaging the infrastructure of CPPS. For training and validation of the system, we use real-time network traffic extracted from a real industrial scenario, referred to as Farm-to-Fork (F2F) supply chain system. Both, attacks and normal traffic were captured, and bidirectional features were extracted through CIC-FLOWMETER. We make use of 8 ML supervised and unsupervised approaches to detect the malicious flows; and then a rule-based detection mechanism is used to calculate the frequency of the malicious flows and to assign different severity levels based on the computed frequency. The overall results show that supervised models outperform unsupervised approaches and achieve an accuracy 99.97% and TPR 99.96%. Overall, the weighted accuracy when tested and deployed in a real-time scenario is around 98.71%. The results prove that the system works better when considering real-time scenarios and provides comprehensive information about the detected results that can be used to take different mitigation actions.

Published

2024

50. Enhancing Explanation of LSTM-Based DDoS Attack Classification Using SHAP With Pattern Dependency

Author

Basil Assadhan, Abdulmuneem Bashaiwth, and Hamad Binsalleeh

Subjects

DDoS attacks, machine learning, DL classification, DL explanation, SHAP, Electrical engineering. Electronics. Nuclear engineering, TK1-9971

Abstract

DDoS attacks pose serious threats to the availability and reliability of computer networks. With the increasing complexity of DDoS attacks, the accurate detection and classification of these attacks is essential to ensure the protection of network systems. In this paper, we leverage the power of the LSTM model for DDoS attack classification and its ability to automatically learn complex patterns and select features from raw traffic at the packet level. LSTM models have remarkable performance in network traffic classification, however explaining the internal workings of them remains challenging, which hinders their wider adoption in real-world applications. To address this limitation, we propose the SHAP with Pattern Dependency (SHAPPD) approach to explain the predictions of the LSTM model. The results demonstrate significant performance in classifying the DDoS attacks from raw traffic using the LSTM model. SHAPPD effectively explains the predictions of the LSTM model, highlighting the underlying packet traffic fields that drive the LSTM to make its true and false positive predictions and finding the common fields between the DDoS attacks. The results of the comparison between the SHAPPD and the original SHAP emphasize that the SHAPPD is superior to the original SHAP in providing more elaborative justifications for DDoS attacks classification results. The SHAPPD, by quantifying the contribution of each input feature and considering the interdependencies between the features as well as the continued traffic packets, enables security analysts to gain insights into the decision-making process of the LSTM model and identify critical indicators about the DDoS attacks.

Published

2024