A Machine Learning-Based Sensor for Real-Time DDoS Attack Detection
Abstract
Distributed denial of service (DDoS) aims to coordinate a synchronized attack on online systems using infected equipment (bots), causing slowness or unavailability of the service. Recently, this type of attack has evolved in intensity, diversity and economic impact. Within this context, this work aims to present a real-time DDoS detection tool based on a sensor that uses Machine Learning algorithms. A testing environment was developed to validate the tool’s effectiveness. The performance and results of the different classifiers used in the sensor implementation will be discussed. The results indicate that the sensor is efficient in detecting DDoS attacks in approximately 3 seconds.
References
Barki, L., Shidling, A., Meti, N., Narayan, D., and Mulla, M. M. (2016). Detection of distributed denial of service attacks in software defined networks. In Int. Conf. on Advances in Computing, Communications and Informatics, pages 2576–2581.
Cil, A. E., Yildiz, K., and Buldu, A. (2021). Detection of ddos attacks with feed forward based deep neural network model. Expert Systems with Applications, 169:114520.
Dayal, N. and Srivastava, S. (2018). An rbf-pso based approach for early detection of ddos attacks in sdn. In Int. Conf. on Communication Systems & Networks, pages 17–24.
Dey, S. K., Rahman, M. M., and Uddin, M. R. (2018). Detection of flow based anomaly in openflow controller: Machine learning approach in software defined networking. In Int. Conf. Electrical Engineering and Information Com. Technology, pages 416–421.
Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., and Ghorbani, A. A. (2016). Characterization of encrypted and VPN traffic using time-related features. In International Conference on Information Systems Security and Privacy, pages 407–414. SciTePress.
Ganaie, M., Hu, M., Malik, A., Tanveer, M., and Suganthan, P. (2022). Ensemble deep learning: A review. Engineering Applications of Artificial Intelligence, 115:105151.
Hong, K., Kim, Y., Choi, H., and Park, J. (2017). Sdn-assisted slow http ddos attack defense method. IEEE Communications Letters, 22(4):688–691.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., and Wang, X. S. (2011). Moving target defense: creating asymmetric uncertainty for cyber threats, volume 54. Springer Science & Business Media.
Lashkari, A. H., Draper-Gil, G., Mamun, M. S. I., and Ghorbani, A. A. (2017). Characterization of Tor traffic using time based features. In International Conference on Information Systems Security and Privacy, pages 253–262. SciTePress.
Maheshwari, A., Mehraj, B., Khan, M. S., and Idrisi, M. S. (2022). An optimized weighted voting based ensemble model for ddos attack detection and mitigation in sdn environment. Microprocessors and Microsystems, 89:104412.
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., and Yang, B. (2016). Predicting network attack patterns in sdn using machine learning approach. In IEEE Conf. on Network Function Virtualization and Software Defined Networks, pages 167–172. IEEE.
Occhipinti, A., Rogers, L., and Angione, C. (2022). A pipeline and comparative study of 12 machine learning models for text classification. Expert Systems with Applications, 201:117193.
Sahoo, K. S., Iqbal, A., Maiti, P., and Sahoo, B. (2018). A machine learning approach for predicting ddos traffic in software defined networks. In 2018 International Conference on Information Technology (ICIT), pages 199–203.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhou, L., Zhu, Y., Zong, T., and Xiang, Y. (2022). A feature selection-based method for ddos attack flow classification. Future Generation Computer Systems, 132:67–79.
Cil, A. E., Yildiz, K., and Buldu, A. (2021). Detection of ddos attacks with feed forward based deep neural network model. Expert Systems with Applications, 169:114520.
Dayal, N. and Srivastava, S. (2018). An rbf-pso based approach for early detection of ddos attacks in sdn. In Int. Conf. on Communication Systems & Networks, pages 17–24.
Dey, S. K., Rahman, M. M., and Uddin, M. R. (2018). Detection of flow based anomaly in openflow controller: Machine learning approach in software defined networking. In Int. Conf. Electrical Engineering and Information Com. Technology, pages 416–421.
Draper-Gil, G., Lashkari, A. H., Mamun, M. S. I., and Ghorbani, A. A. (2016). Characterization of encrypted and VPN traffic using time-related features. In International Conference on Information Systems Security and Privacy, pages 407–414. SciTePress.
Ganaie, M., Hu, M., Malik, A., Tanveer, M., and Suganthan, P. (2022). Ensemble deep learning: A review. Engineering Applications of Artificial Intelligence, 115:105151.
Hong, K., Kim, Y., Choi, H., and Park, J. (2017). Sdn-assisted slow http ddos attack defense method. IEEE Communications Letters, 22(4):688–691.
Jajodia, S., Ghosh, A. K., Swarup, V., Wang, C., and Wang, X. S. (2011). Moving target defense: creating asymmetric uncertainty for cyber threats, volume 54. Springer Science & Business Media.
Lashkari, A. H., Draper-Gil, G., Mamun, M. S. I., and Ghorbani, A. A. (2017). Characterization of Tor traffic using time based features. In International Conference on Information Systems Security and Privacy, pages 253–262. SciTePress.
Maheshwari, A., Mehraj, B., Khan, M. S., and Idrisi, M. S. (2022). An optimized weighted voting based ensemble model for ddos attack detection and mitigation in sdn environment. Microprocessors and Microsystems, 89:104412.
Nanda, S., Zafari, F., DeCusatis, C., Wedaa, E., and Yang, B. (2016). Predicting network attack patterns in sdn using machine learning approach. In IEEE Conf. on Network Function Virtualization and Software Defined Networks, pages 167–172. IEEE.
Occhipinti, A., Rogers, L., and Angione, C. (2022). A pipeline and comparative study of 12 machine learning models for text classification. Expert Systems with Applications, 201:117193.
Sahoo, K. S., Iqbal, A., Maiti, P., and Sahoo, B. (2018). A machine learning approach for predicting ddos traffic in software defined networks. In 2018 International Conference on Information Technology (ICIT), pages 199–203.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8.
Yungaicela-Naula, N. M., Vargas-Rosales, C., Pérez-Díaz, J. A., and Zareei, M. (2022). Towards security automation in software defined networks. Computer Communications, 183:64–82.
Zhou, L., Zhu, Y., Zong, T., and Xiang, Y. (2022). A feature selection-based method for ddos attack flow classification. Future Generation Computer Systems, 132:67–79.
Published
2024-05-20
How to Cite
RIBEIRO, M. A.; FONSECA, M.; SANTI, J..
A Machine Learning-Based Sensor for Real-Time DDoS Attack Detection. In: DEMO SESSION - BRAZILIAN SYMPOSIUM ON COMPUTER NETWORKS AND DISTRIBUTED SYSTEMS (SBRC), 42. , 2024, Niterói/RJ.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 89-96.
ISSN 2177-9384.
DOI: https://doi.org/10.5753/sbrc_estendido.2024.3403.
