nach oben

The Journal of Supercomputing

Erschienen in:

07.01.2022

A hybrid machine learning approach for detecting unprecedented DDoS attacks

verfasst von: Mohammad Najafimehr, Sajjad Zarifzadeh, Seyedakbar Mostafavi

Erschienen in: The Journal of Supercomputing | Ausgabe 6/2022

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attacks. However, they are almost incapable of detecting unknown malicious traffic. This paper proposes a novel method combining both supervised and unsupervised algorithms. First, a clustering algorithm separates the anomalous traffic from the normal data using several flow-based features. Then, using certain statistical measures, a classification algorithm is used to label the clusters. Employing a big data processing framework, we evaluate the proposed method by training on the CICIDS2017 dataset and testing on a different set of attacks provided in the more up-to-date CICDDoS2019. The results demonstrate that the Positive Likelihood Ratio (LR+) of our method is approximately 198% higher than the ML classification algorithms.

Vorheriger Artikel Evaluating low-level software-based hardening techniques for configurable GPU architectures

Nächster Artikel Dynamic and scalable multi-level trust management model for Social Internet of Things

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

From 217 Gbps in Sep. 2019 to 937 Gbps in Sep. 2020.

Each point here indicates a network flow in the raw dataset.

We used the features provided in the evaluation dataset, shown in Table 2 and described in Sect. 5.

Due to the positiveness of the distance values; the value of the min, max, mean, and std of them are indeed positive.

The proposed method that uses RF in phase 2 and \( np=20 \).

CAIDA UCSD Network Telescope Traffic Samples (formerly the Backscatter Dataset). https://www.caida.org/data/passive/backscatter_dataset.xml. Accessed: Jan. 23, 2020

Mininet: An Instant Virtual Network on your Laptop (or other PC) - Mininet. http://mininet.org/. Accessed: May 23, 2021

MS SQL PacketResolution DoS: Attack signature - symantec corp. https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=20533. Accessed: Jan. 7, 2021

Old Protocols, New Exploits: LDAP Unwittingly Serves DDoS Amplification Attacks. https://www.f5.com/labs/articles/threat-intelligence/old-protocols-new-exploits-ldap-unwittingly-serves-ddos-amplification-attacks-22609. Accessed: Jan. 20, 2021

Abubakar R, Aldegheishem A, Majeed MF, Mehmood A, Maryam H, Alrajeh NA, Maple C, Jawad M (2020) An effective mechanism to mitigate real-time DDoS attack. IEEE Access 8:126215–126227. https://doi.org/10.1109/ACCESS.2020.2995820CrossRef

Akamai Technologies (2021) Inc.: Threat advisory: Netbios name server, rpc portmap and sentinel reflection DDoS. https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/ddos-reflection-netbios-name-server-rpc-portmap-sentinel-udp-threat-advisory.pdf. Accessed: Jan. 31, 2021

Bakker JN, Ng B, Seah WKG (2018) Can machine learning techniques be effectively used in real networks against DDoS attacks? In: 2018 27th International Conference on Computer Communication and Networks (ICCCN), pp. 1–6. Hangzhou, China (2018). https://doi.org/10.1109/ICCCN.2018.8487445

Balkanli E, Alves J, Zincir-Heywood AN (2014) Supervised learning to detect DDoS attacks. In: 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 1–8. Orlando, FL, USA (2014). https://doi.org/10.1109/CICYBS.2014.7013367

Bogdanoski M, Suminoski T, Risteski A (2013) Analysis of the syn flood dos attack. Int J Comput Netw Inform Secur (IJCNIS) 5(8):1–11. https://doi.org/10.5815/ijcnis.2013.08.01CrossRef

10.

University of California, I. (2021) KDD Cup 1999 Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed: May 23, 2021

11.

Cambiasoa E, Chiola G, Aiello M (2019) Introducing the slowdrop attack. Comput Netw 150:234–249. https://doi.org/10.1016/j.comnet.2019.01.007CrossRef

12.

Chen J, Yang Yt, Hu Kk, Zheng Hb, Wang Z (2019) DAD-MCNN: DDoS attack detection via multi-channel CNN. In: Proceedings of the 2019 11th International Conference on Machine Learning and Computing, ICMLC ’19, p. 484-488. Association for Computing Machinery, Zhuhai, China (2019). https://doi.org/10.1145/3318299.3318329

13.

Deepa V, Sudar KM, Deepalakshmi P (2018) Detection of DDoS attack on SDN control plane using hybrid machine learning techniques. In: 2018 International Conference on Smart Systems and Inventive Technology (ICSSIT), pp. 299–303. IEEE, Tirunelveli, India (2018). https://doi.org/10.1109/ICSSIT.2018.8748836

14.

Doshi R, Apthorpe N, Feamster N (2018) Machine learning DDoS detection for consumer internet of things devices. In: 2018 IEEE Security and Privacy Workshops (SPW), pp. 29–35. San Francisco, CA, USA (2018). https://doi.org/10.1109/SPW.2018.00013

15.

Draper-Gil G, Lashkari AH, Mamun MSI, A Ghorbani A (2016) Characterization of encrypted and vpn traffic using time-related features. In: Proceedings of the 2nd International Conference on Information Systems Security and Privacy - ICISSP,, pp. 407–414. INSTICC, SciTePress (2016). https://doi.org/10.5220/0005740704070414

16.

Elbatta MT, Ashour WM (2013) A dynamic method for discovering density varied clusters. Int J Signal Process Image Process Pattern Recognit 6(1):123–134

17.

Ester M, Kriegel HP, Sander J, Xu X (1996) A density-based algorithm for discovering clusters in large spatial databases with noise. In: Proceedings of the Second International Conference on Knowledge Discovery and Data Mining, KDD’96, p. 226-231. AAAI Press (1996)

18.

Habibi Lashkari A, Draper Gil G, Mamun MSI (2021) Github - ahlashkari/cicflowmeter. https://github.com/ahlashkari/CICFlowMeter. Accessed on: Jun. 2, 2021

19.

Habibi Lashkari A, Draper Gil G, Mamun MSI (2021) Github - ahlashkari/cicflowmeter/readme. https://github.com/ahlashkari/CICFlowMeter/blob/master/ReadMe.txt. Accessed on: Jun. 2, 2021

20.

Habibi Lashkari A, Draper Gil G, Mamun MSI, Ghorbani AA (2017) Characterization of tor traffic using time based features. In: Proceedings of the 3rd International Conference on Information Systems Security and Privacy - ICISSP,, pp. 253–262. INSTICC, SciTePress (2017). https://doi.org/10.5220/0006105602530262

21.

Haider S, Akhunzada A, Mustafa I, Patel TB, Fernandez A, Choo KKR, Iqbal J (2020) A deep cnn ensemble framework for efficient ddos attack detection in software defined networks. IEEE Access 8:53972–53983. https://doi.org/10.1109/ACCESS.2020.2976908CrossRef

22.

Han J, Pei J, Kamber M (2012) Data mining: concepts and techniques, third edn. Elsevier (2012). https://doi.org/10.1016/C2009-0-61819-5

23.

Hosseini S, Azizi M (2019) The hybrid technique for ddos detection with supervised learning algorithms. Comput Netw 158:35–45. https://doi.org/10.1016/j.comnet.2019.04.027CrossRef

24.

Hou J, Fu P, Cao Z, Xu A (2018) Machine learning based DDoS detection through netflow analysis. In: MILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM), pp. 1–6. Los Angeles, CA, USA (2018). https://doi.org/10.1109/MILCOM.2018.8599738

25.

Idhammad M, Afdel K, Belouch M (2018) Semi-supervised machine learning approach for DDoS detection. Appl Intell 48(10):3193–3208. https://doi.org/10.1007/s10489-018-1141-2CrossRef

26.

Imperva Research Labs (2021) DDoS Attacks in the Time of COVID-19. https://www.imperva.com/resources/reports/Imperva_DDoSAttacksCOVID-19_Report_20201217.pdf. Accessed: Mar. 3, 2021

27.

Kalathiripi R (2021) Regression coefficients of traffic flow metrics (rctfm) for ddos defense in iot networks. Int J Commun Syst 34(6):e4330. https://doi.org/10.1002/dac.4330CrossRef

28.

Kupreev O, Badovskaya E, Gutnikov A (2021) DDoS attacks in q4 2019. https://securelist.com/ddos-report-q4-2019/96154/. Accessed: Mar. 3, 2021

29.

Kupreev O, Badovskaya E, Gutnikov A (2021) DDoS attacks in q4 2020. https://securelist.com/ddos-attacks-in-q4-2020/100650/. Accessed: Mar. 3, 2021

30.

Labs BL (2021) A new DDoS reflection attack: Portmapper; an early warning to the industry. https://blog.lumen.com/a-new-ddos-reflection-attack-portmapper-an-early-warning-to-the-industry/. Accessed on: May. 20, 2021

31.

Li J, Liu M, Xue Z, Fan X, He X (2020) RTVD: a real-time volumetric detection scheme for ddos in the internet of things. IEEE Access 8:36191–36201CrossRef

32.

Liang X, Znati T (2019) A long short-term memory enabled framework for ddos detection. In: 2019 IEEE Global Communications Conference (GLOBECOM), pp. 1–6. Waikoloa, HI, USA (2019). https://doi.org/10.1109/GLOBECOM38437.2019.9013450

33.

Manning CD, Schütze H, Raghavan P (2008) Introduction to information retrieval. Cambridge University Press, Cambridge. https://doi.org/10.1017/CBO9780511809071CrossRefMATH

34.

Marshall AD (2005) Remote procedure calls (rpc). In: Programming in C - UNIX System Calls and Subroutines using C. Cardiff School of Computer Science & Informatics (2005). https://users.cs.cf.ac.uk/Dave.Marshall/C/node33.html

35.

Meng X, Bradley J, Yavuz B, Sparks E, Venkataraman S, Liu D, Freeman J, Tsai D, Amde M, Owen S, Xin D, Xin R, Franklin MJ, Zadeh R, Zaharia M, Talwalkar A (2016) Mllib: machine learning in apache spark. J Mach Learn Res 17(1):1235–1241MathSciNetMATH

36.

Mirsky Y, Doitshman T, Elovici Y, Shabtai A (2018) Kitsune: an ensemble of autoencoders for online network intrusion detection. arXiv preprint arXiv:1802.09089 (2018). https://doi.org/10.14722/ndss.2018.23204

37.

Morfino V, Rampone S (2020) Towards near-real-time intrusion detection for iot devices using supervised learning and apache spark. Electronics 9(3):444. https://doi.org/10.3390/electronics9030444CrossRef

38.

Moustafa N, Slay J (2015) Unsw-nb15: a comprehensive data set for network intrusion detection systems (unsw-nb15 network data set). In: 2015 military communications and information systems conference (MilCIS), pp. 1–6. IEEE, Canberra, ACT, Australia (2015). https://doi.org/10.1109/MilCIS.2015.7348942

39.

Pedregosa F, Varoquaux G, Gramfort A, Michel V, Thirion B, Grisel O, Blondel M, Prettenhofer P, Weiss R, Dubourg V, Vanderplas J, Passos A, Cournapeau D, Brucher M, Perrot M, Duchesnay E (2011) Scikit-learn: machine learning in python. J Mach Learn Res 12:2825–2830MathSciNetMATH

40.

Quinlan JR (1986) Induction of decision trees. Mach Learn 1(1):81–106. https://doi.org/10.1007/BF00116251CrossRef

41.

Rahman O, Quraishi MAG, Lung C (2019) DDoS attacks detection and mitigation in SDN using machine learning. In: 2019 IEEE World Congress on Services (SERVICES), 2642-939X, pp. 184–189. Milan, Italy (2019). https://doi.org/10.1109/SERVICES.2019.00051

42.

Rezapour A, Tzeng WG (2021) Rl-shield: mitigating target link-flooding attacks using sdn and deep reinforcement learning routing algorithm. IEEE Transactions on Dependable and Secure Computing pp. 1–1 (2021). https://doi.org/10.1109/TDSC.2021.3118081

43.

Rios VdM, Inácio PR, Magoni D, Freire MM (2021) Detection of reduction-of-quality DDoS attacks using fuzzy logic and machine learning algorithms. Computer Networks 186, 107792 (2021). https://doi.org/10.1016/j.comnet.2020.107792

44.

Roempluk T, Surinta O (2019) A machine learning approach for detecting distributed denial of service attacks. In: 2019 Joint International Conference on Digital Arts, Media and Technology with ECTI Northern Section Conference on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT-NCON), pp. 146–149. Nan, Thailand (2019). https://doi.org/10.1109/ECTI-NCON.2019.8692243

45.

Roopak M, Tian GY, Chambers J (2019) Deep learning models for cyber security in iot networks. In: 2019 IEEE 9th Annual Computing and Communication Workshop and Conference (CCWC), pp. 0452–0457. IEEE, Las Vegas, NV, USA (2019). https://doi.org/10.1109/CCWC.2019.8666588

46.

Rosenberg A, Hirschberg J (2007) V-measure: A conditional entropy-based external cluster evaluation measure. In: Proceedings of the 2007 Joint Conference on Empirical Methods in Natural Language Processing and Computational Natural Language Learning (EMNLP-CoNLL), pp. 410–420. Association for Computational Linguistics, Prague, Czech Republic (2007). https://www.aclweb.org/anthology/D07-1043

47.

Rossow C (2014) Amplification hell: Revisiting network protocols for DDoS abuse. In: The Netw. and Distrib. Syst. Secur. Symp. (2014). https://doi.org/10.14722/ndss.2014.23233

48.

Saini PS, Behal S, Bhatia S (2020) Detection of DDoS attacks using machine learning algorithms. In: 2020 7th International Conference on Computing for Sustainable Global Development (INDIACom), pp. 16–21. IEEE, New Delhi, India (2020). https://doi.org/10.23919/INDIACom49435.2020.9083716

49.

Sharafaldin I, Habibi Lashkari A, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. In: Proceedings of the 4th International Conference on Information Systems Security and Privacy, pp. 108–116. Funchal, Madeira, Portugal (2018). https://doi.org/10.5220/0006639801080116

50.

Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), pp. 1–8. Chennai, India (2019). https://doi.org/10.1109/CCST.2019.8888419

51.

Shieh CS, Lin WW, Nguyen TT, Chen CH, Horng MF, Miu D (2021) Detection of unknown ddos attacks with deep learning and gaussian mixture model. Appl Sci. https://doi.org/10.3390/app11115213CrossRef

52.

Shiravi A, Shiravi H, Tavallaee M, Ghorbani AA (2012) Toward developing a systematic approach to generate benchmark datasets for intrusion detection. Comput Secur 31(3):357–374. https://doi.org/10.1016/j.cose.2011.12.012CrossRef

53.

Tavallaee M, Bagheri E, Lu W, Ghorbani AA (2009) A detailed analysis of the KDD CUP 99 data set. In: 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, pp. 1–6. Ottawa, ON, Canada (2009). https://doi.org/10.1109/CISDA.2009.5356528

54.

Ujjan RMA, Pervez Z, Dahal K, Bashir AK, Mumtaz R, González J (2020) Towards sFlow and adaptive polling sampling for deep learning based DDoS detection in SDN. Futur Gener Comput Syst 111:763–779. https://doi.org/10.1016/j.future.2019.10.015CrossRef

55.

Wang M, Lu Y, Qin J (2020) A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur. https://doi.org/10.1016/j.cose.2019.101645CrossRef

56.

Wani AR, Rana QP, Saxena U, Pandey N (2019) Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques. In: 2019 Amity International Conference on Artificial Intelligence (AICAI), pp. 870–875. Dubai, United Arab Emirates (2019). https://doi.org/10.1109/AICAI.2019.8701238

57.

Yang K, Zhang J, Xu Y, Chao J (2020) Ddos attacks detection with autoencoder. In: NOMS 2020 - 2020 IEEE/IFIP Network Operations and Management Symposium, pp. 1–9. Budapest, Hungary (2020). https://doi.org/10.1109/NOMS47738.2020.9110372

58.

Yungaicela-Naula NM, Vargas-Rosales C, Perez-Diaz JA (2021) SDN-based architecture for transport and application layer DDoS attack detection by using machine and deep learning. IEEE Access 9:108495–108512. https://doi.org/10.1109/ACCESS.2021.3101650CrossRef

59.

Zaharia M, Xin RS, Wendell P, Das T, Armbrust M, Dave A, Meng X, Rosen J, Venkataraman S, Franklin MJ, Ghodsi A, Gonzalez J, Shenker S, Stoica I (2016) Apache spark: a unified engine for big data processing. Commun ACM 59(11):56–65. https://doi.org/10.1145/2934664CrossRef

60.

Zhou B, Li J, Wu J, Guo S, Gu Y, Li Z (2018) Machine-learning-based online distributed denial-of-service attack detection using spark streaming. In: 2018 IEEE International Conference on Communications (ICC), pp. 1–6. Kansas City, MO, USA (2018). https://doi.org/10.1109/ICC.2018.8422327

Titel: A hybrid machine learning approach for detecting unprecedented DDoS attacks
verfasst von: Mohammad Najafimehr
Sajjad Zarifzadeh
Seyedakbar Mostafavi
Publikationsdatum: 07.01.2022
Verlag: Springer US
Erschienen in: The Journal of Supercomputing / Ausgabe 6/2022
Print ISSN: 0920-8542
Elektronische ISSN: 1573-0484
DOI: https://doi.org/10.1007/s11227-021-04253-x

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft"

Springer Professional "Technik"

Springer Professional "Wirtschaft+Technik"

Weitere Artikel der Ausgabe 6/2022

AI-based stroke prediction system using body motion biosignals during walking

LBTM: A lightweight blockchain-based trust management system for social internet of things

Clustering with a high-performance secure routing protocol for mobile ad hoc networks

An reinforcement learning-based speech censorship chatbot system

Deep brain emotional learning-based intelligent controller applied to an inverted pendulum system

OHUQI: Mining on-shelf high-utility quantitative itemsets

Premium Partner