Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm

2020-10-01
Cakmakci, Salva Daneshgadeh
Kemmerich, Thomas
Ahmed, Tarem
Baykal, Nazife
Distributed denial-of-service (DDoS) attacks are constantly evolving as the computer and networking technologies and attackers' motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS attacks. In this paper, we propose an online, sequential, DDoS detection scheme that is suitable for use with multivariate data. The proposed algorithm utilizes a kernel-based learning algorithm, the Mahalanobis distance, and a chi-square test. Initially, we extract four entropy-based and four statistical features from network flows per minute as detection metrics. Then, we employ the kernel-based learning algorithm using the entropy features to detect input vectors that were suspected to be DDoS. This algorithm assumes no model for network traffic or DDoS. It constructs and adapts a dictionary of features that approximately span the subspace of normal behavior. Every T minutes, the Mahalanobis distance between suspicious vectors and the distribution of dictionary members is measured. Subsequently, the chi-square test is used to evaluate the Mahalanobis distance. The proposed DDoS detection scheme was applied to the CICIDS2017 dataset, and we compared the results with those given by existing algorithms. It was demonstrated that the proposed online detection scheme outperforms almost all available DDoS classification algorithms with an offline learning process.
JOURNAL OF NETWORK AND COMPUTER APPLICATIONS

Suggestions

EPICS: A Framework for Enforcing Security Policies in Composite Web Services
Ranchal, Rohit; Bhargava, Bharat; Angın, Pelin; ben Othmane, Lotfi (Institute of Electrical and Electronics Engineers (IEEE), 2019-05-01)
With advances in cloud computing and the emergence of service marketplaces, the popularity of composite services marks a paradigm shift from single-domain monolithic systems to cross-domain distributed services, which raises important privacy and security concerns. Access control becomes a challenge in such systems because authentication, authorization and data disclosure may take place across endpoints that are not known to clients. The clients lack options for specifying policies to control the sharing of...
SWARM-based data delivery in Social Internet of Things
Hasan, Mohammed Zaki; Al-Turjman, Fadi (Elsevier BV, 2019-03-01)
Social Internet of Things (SIoTs) refers to the rapidly growing network of connected objects and people that are able to collect and exchange data using embedded sensors. To guarantee the connectivity among these objects and people, fault tolerance routing has to be significantly considered. In this paper, we propose a bio-inspired particle multi-swarm optimization (PMSO) routing algorithm to construct, recover and select k-disjoint paths that tolerates the failure while satisfying quality of service (QoS) ...
Energy efficient wireless unicast routing alternatives for machine-to-machine networks
Tekbiyik, Neyre; Uysal, Elif (Elsevier BV, 2011-09-01)
Machine-to-machine (M2M) communications is a new and rapidly developing technology for large-scale networking of devices without dependence on human interaction. Energy efficiency is one of the important design objectives for machine-to-machine network architectures that often contain multihop wireless subnetworks. Constructing energy-efficient routes for sending data through such networks is important not only for the longevity of the nodes which typically depend on battery energy, but also for achieving a...
Mobile multi-access IP: a proposal for mobile multi-access management in future wireless IP networks
Altuntas, S; Baykal, Buyurman (Elsevier BV, 2005-03-15)
As the wireless networking technologies advance rapidly, providing mobile users with roaming freely in heterogeneous wireless access domains, the need for multi-access arises. This paper introduces the Mobile Multi-Access Management Architecture (MMA-IP) for IP-based future wireless networks. MMA-IP enables mobile users to utilize multiple access domains synchronously and to switch between different access domains. In order to handle multi-access operations, MMA-IP defines a new special mobility agent, call...
A novel online approach to detect DDOS attacks using mahalanobis distance and Kernel-based learning
Daneshgadeh Çakmakçı, Salva; Baykal, Nazife; Department of Information Systems (2019)
Distributed denial-of-service (DDoS) attacks are continually evolving as the computer and networking technologies and attackers’ motivations are changing. In recent years, several supervised DDoS detection algorithms have been proposed. However, these algorithms require a priori knowledge of the classes and cannot automatically adapt to the frequently changing network traffic trends. This emphasizes the need for the development of new DDoS detection mechanisms that target zero-day and sophisticated DDoS att...
Citation Formats
S. D. Cakmakci, T. Kemmerich, T. Ahmed, and N. Baykal, “Online DDoS attack detection using Mahalanobis distance and Kernel-based learning algorithm,” JOURNAL OF NETWORK AND COMPUTER APPLICATIONS, pp. 0–0, 2020, Accessed: 00, 2020. [Online]. Available: https://hdl.handle.net/11511/57005.