Show/Hide Menu
Hide/Show Apps
Logout
Türkçe
Türkçe
Search
Search
Login
Login
OpenMETU
OpenMETU
About
About
Open Science Policy
Open Science Policy
Communities & Collections
Communities & Collections
Help
Help
Frequently Asked Questions
Frequently Asked Questions
Guides
Guides
Thesis submission
Thesis submission
MS without thesis term project submission
MS without thesis term project submission
Publication submission with DOI
Publication submission with DOI
Publication submission
Publication submission
Supporting Information
Supporting Information
General Information
General Information
Copyright, Embargo and License
Copyright, Embargo and License
Contact us
Contact us
Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance
Date
2019-01-01
Author
Daneshgadeh, Salva
Ahmed, Tarem
Kemmerich, Thomas
Baykal, Nazife
Metadata
Show full item record
This work is licensed under a
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License
.
Item Usage Stats
309
views
0
downloads
Cite This
The growing number of internet based services and applications along with increasing adoption rate of connected wired and wireless devices presents opportunities as well as technical challenges and threads. Distributed Denial of Service (DDoS) attacks have huge devastating effects on internet enabled services. It can be implemented diversely with a variety of tools and codes. Therefore, it is almost impossible to define a single solution to prevent DDoS attacks. The available solutions try to protect internet services from DDoS attacks, but there is no accepted best-practice yet to this security breach. On the other hand, distinguishing DDoS attacks from analogous Flash Events (FEs) wherein huge number of legitimate users try to access a specific internet based services and applications is a tough challenge. Both DDoS attacks and FEs result in unavailability of service, but they should be treated with different countermeasures. Therefore, it is worthwhile to investigate novel methods which can detect well disguising DDoS attacks from similar FE traffic. This paper will contribute to this topic by proposing a hybrid DDoS and FE detection scheme; taking 3 isolated approaches including Kernel Online Anomaly Detection (KOAD), Shannon Entropy and Mahalanobis Distance. In this study, Shannon entropy is utilized with an online machine learning technique to detect abnormal traffic including DDoS attacks and FE traffic. Subsequently, the Mahalanobis distance metric is employed to differentiate DDoS and FE traffic. the purposed method is validated using simulated DDoS attacks, real normal and FE traffic. The results revealed that the Mahalanobis distance metric works well in combination with machine learning approach to detect and discriminate DDoS and FE traffic in terms of false alarms and detection rate.
Subject Keywords
DDoS
,
Flash event
,
KOAD
,
Shannon entropy
,
Mahalanobis distance
,
Hybrid method
,
DDoS attack simulation
URI
https://hdl.handle.net/11511/31038
DOI
https://doi.org/10.1109/icin.2019.8685891
Conference Name
22nd International Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN)
Collections
Graduate School of Informatics, Conference / Seminar
Suggestions
OpenMETU
Core
An Empirical Investigation of DDoS and Flash Event Detection Using Shannon Entropy, KOAD and SVM Combined
Daneshgadeh, Salva; Kemmerich, Thomas; Ahmed, Tarem; Baykal, Nazife (2019-01-01)
In the world of internet and communication technologies where our personal and business lives are inextricably tied to internet enabled services and applications, Distributed Denial of Service (DDoS) attacks continue to adversely affect the availability of these services and applications. Many frameworks have been presented in academia and industry to predict, detect and defend against DDoS attacks. The available solutions try to protect online services from DDoS attacks, but as yet there is no best-practic...
A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning
Daneshgadeh Çakmakçı, Salva; Baykal, Nazife; Department of Information Systems (2019)
Distributed denial-of-service (DDoS) attacks are continually evolving as the computer and networking technologies and attackers’ motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to the frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS att...
A Novel SDN Dataset for Intrusion Detection in IoT Networks
Sarica, Alper Kaan; Angın, Pelin (2020-11-04)
The number of Internet of Things (IoT) devices and the use cases they aim to support have increased sharply in the past decade with the rapid developments in wireless networking infrastructures. Despite many advantages, the widespread use of IoT has also created a large attack surface frequently exploited by cyber criminals, requiring real-time, automated detection and mitigation of various attacks in the high-volume network traffic generated. Software-defined networking (SDN) and machine learning (ML) base...
Analyzing enhanced real-time uplink scheduling algorithm in 3GPP LTE-advanced networks using multimedia systems
Deebak, B. D.; Ever, Enver; Al-Turjman, Fadi (2018-10-01)
Third Generation Partnership Project (3GPP) standardizes the Long-Term Evolution (LTE) to improve the quality of service in modern communication systems using 3GPP LTE-advanced (LTE-A) networks. As this technology is converging with modern devices, efficient resource allocation schemes are essential for minimization of the communication delay for the sensitive real-time devices. To achieve the demands of latest technologies, this paper proposes two novel mechanisms, enhanced real-time polling system with co...
An Efficient Constrained mm-Wave Hybrid Massive MIMO Beamforming for JSDM based NOMA
Bayraktar, Murat; Güvensen, Gökhan Muzaffer (2021-06-01)
Massive MIMO and non-orthogonal multiple access (NOMA) are key technologies for next generation wireless systems due to their distinct advantages. We previously proposed a general framework on unification of code-domain NOMA and joint spatial division and multiplexing (JSDM) which is a spatial user-grouping based hybrid beamforming method for massive MIMO. In this paper, we propose a constrained analog beam-former design for JSDM based systems. Moreover, we propose joint group processing for the digital bea...
Citation Formats
IEEE
ACM
APA
CHICAGO
MLA
BibTeX
S. Daneshgadeh, T. Ahmed, T. Kemmerich, and N. Baykal, “Detection of DDoS Attacks and Flash Events Using Shannon Entropy, KOAD and Mahalanobis Distance,” presented at the 22nd International Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, FRANCE, 2019, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/31038.
