An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined

2019-01-01
Daneshgadeh, Salva
Kemmerich, Thomas
Ahmed, Tarem
Baykal, Nazife
In the world of internet and communication technologies where our personal and business lives are inextricably tied to internet enabled services and applications, Distributed Denial of Service (DDoS) attacks continue to adversely affect the availability of these services and applications. Many frameworks have been presented in academia and industry to predict, detect and defend against DDoS attacks. The available solutions try to protect online services from DDoS attacks, but as yet there is no best-practice method that is widely-accepted in the community. Differentiating DDoS attacks from similar looking legitimate Flash Events (FE) wherein huge numbers of legitimate users try to access a specific internet based service or application, is another challenging issue in the field. This paper proposes a novel hybrid DDoS and FE detection scheme taking three isolated approaches including Kernel Online Anomaly Detection (KOAD), Support Vector Machine (SVM) and Information Theory. We applied our proposed approach on simulated DDoS attacks, real FEs and normal network traffic. The results indicate that information theory works well in combination with machine learning algorithms to detect and discriminate DDoS and FE traffic in terms of both false positive and detection rates.
International Conference on Computing, Networking and Communications (ICNC)

Suggestions

Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance
Daneshgadeh, Salva; Ahmed, Tarem; Kemmerich, Thomas; Baykal, Nazife (2019-01-01)
The growing number of internet based services and applications along with increasing adoption rate of connected wired and wireless devices presents opportunities as well as technical challenges and threads. Distributed Denial of Service (DDoS) attacks have huge devastating effects on internet enabled services. It can be implemented diversely with a variety of tools and codes. Therefore, it is almost impossible to define a single solution to prevent DDoS attacks. The available solutions try to protect intern...
A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning
Daneshgadeh Çakmakçı, Salva; Baykal, Nazife; Department of Information Systems (2019)
Distributed denial-of-service (DDoS) attacks are continually evolving as the computer and networking technologies and attackers’ motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to the frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS att...
A Hybrid Approach to Detect DDoS Attacks Using KOAD and the Mahalanobis Distance
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2018-11)
Distributed Denial of Service (DDoS) attacks continue to adversely affect internet-based services and applications. Various approaches have been proposed to detect different types of DDoS attacks. The computational and memory complexities of most algorithms, however prevent them from being employed in online manner. In this paper, we propose a novel victim end online DDoS attack detection framework based on the celebrated Kernel-based Online Anomaly Detection (KOAD) algorithm and the Mahalanobis distance. W...
A classification approach for adaptive mitigation of SYN flood attacks Preventing performance loss due to SYN flood attacks
Degirmencioglu, Alptugay; Erdogan, Hasan Tugrul; Mizani, Mehrdad A.; Yilmaz, Oguz (2016-04-29)
SYN flood is a commonly used Distributed Denial of Service (DDoS) attack. SYN flood DDoS attacks consume considerable amount of resources in the target machine. Even with straightforward mitigation solutions, any attack causes resource waste and performance loss in the server, rendering it unable to provide service to legitimate clients. We propose an approach for SYN flood attack mitigation based on supervised learning classification methods which identify and block SYN flood traffic before they reach thei...
A Computational Dynamic Trust Model for User Authorization
ZHONG, Yuhui; Bhargava, Bharat; LU, Yİ; Angın, Pelin (Institute of Electrical and Electronics Engineers (IEEE), 2015-01-01)
Development of authorization mechanisms for secure information access by a large community of users in an open environment is an important problem in the ever-growing Internet world. In this paper we propose a computational dynamic trust model for user authorization, rooted in findings from social science. Unlike most existing computational trust models, this model distinguishes trusting belief in integrity from that in competence in different contexts and accounts for subjectivity in the evaluation of a pa...
Citation Formats
S. Daneshgadeh, T. Kemmerich, T. Ahmed, and N. Baykal, “An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined,” presented at the International Conference on Computing, Networking and Communications (ICNC), Honolulu, HI, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/30512.