We have designed a hybrid approach combining rule-based and anomaly-based detection against DDoS
attacks. In the approach, the rule-based detection has established a set of rules and the anomaly-based
detection use one-way ANOVA test to detect possible attacks. We adopt TFN2K (Tribe Flood, the Net 2K)
as an attack traffic generator and monitor the system resource of the victim like throughput, memory
utilization, CPU utilization consumed by attack traffic. Target users of the proposed scheme are data
center administrators. The types of attack traffic have been analysed and by that we develop a defense
scheme. The experiment has demonstrated that the proposed scheme can effectively detect the attack traffic.
A TRANSDUCTIVE SCHEME BASED INFERENCE TECHNIQUES FOR NETWORK FORENSIC ANALYSISAkshaya Arunan
Network forensics is a security infrastructure, and becomes the research focus of forensic investigation. However many challenges still exist in conducting network forensics: network has produced large amounts of data; the comprehensibility of evidence extracting from collected data; the efficiency of evidence analysis methods, etc. To solve these problems, in this paper we develop a network intrusion forensics system based on transductive scheme that can detect and analyze efficiently computer crime in networked environments, and extract digital evidence automatically. At the end of the paper, we evaluate our method on a series of experiments on KDD Cup 1999 dataset. The results demonstrate that our methods are actually effective for real-time network forensics, and can provide comprehensible aid for a forensic expert.
EFFICIENT ADAPTATION OF FUZZY CONTROLLER FOR SMOOTH SENDING RATE TO AVOID CON...ijcsit
ABSTRACT
This paper prefers a fuzzy-logic-based sending rate adaption scheme named FSR(Fuzzy Sending Rate) intending to improve the evenness of TCPFriendly Multicast Congestion Control (TFMCC). To mitigate fluctuation of sending rate for TFMCC sender, FSR intends, five actions and link utilization for tuning sending rate and uses a fuzzy controller to determine which operation should be reaped according to the feedback information from CLR (current limiting receiver). Asymmetrical membership functions and biased fuzzy inference rules make FSR as friendly to TCP flows as TFMCC. Simulation results show that FSR has exceptional smoothness and fine TCP Friendliness.
SELECTING VOTES FOR ENERGY EFFICIENCY IN PROBABILISTIC VOTING-BASED FILTERING...ijasa
Wireless sensor networks are easily compromised by an adversary, such as fabricated with false votes attacks and false votes on real reports attacks. These attacks generate false data to drain the energy resource of sensors and interrupt the inflow of a real report. PVFS was proposed to detect them by verifying votes in the real report. When a real event occurs, a cluster head collects all of the votes from its neighboring nodes and selects the votes up to a defined number of votes. In this paper, our proposed method decides the number of votes based on a fuzzy rule-based system to improve energy savings as compared to PVFS. We evaluated the effectiveness of the proposal as two attacks occur simultaneously in the sensor network. The experimental results show that our method saves energy resources and maintains the security level against these multiple attacks
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
Decentralized Predictive MAC Protocol for Ad Hoc Cognitive Radio NetworksIffat Anjum
Introduction
Related Work
System Model
Protocol Description
Control Operation
Incumbents’ Reclaiming Resolution and Spectrum Handoff
Channel Access Delay in CN Window
Conclusion
A TRANSDUCTIVE SCHEME BASED INFERENCE TECHNIQUES FOR NETWORK FORENSIC ANALYSISAkshaya Arunan
Network forensics is a security infrastructure, and becomes the research focus of forensic investigation. However many challenges still exist in conducting network forensics: network has produced large amounts of data; the comprehensibility of evidence extracting from collected data; the efficiency of evidence analysis methods, etc. To solve these problems, in this paper we develop a network intrusion forensics system based on transductive scheme that can detect and analyze efficiently computer crime in networked environments, and extract digital evidence automatically. At the end of the paper, we evaluate our method on a series of experiments on KDD Cup 1999 dataset. The results demonstrate that our methods are actually effective for real-time network forensics, and can provide comprehensible aid for a forensic expert.
EFFICIENT ADAPTATION OF FUZZY CONTROLLER FOR SMOOTH SENDING RATE TO AVOID CON...ijcsit
ABSTRACT
This paper prefers a fuzzy-logic-based sending rate adaption scheme named FSR(Fuzzy Sending Rate) intending to improve the evenness of TCPFriendly Multicast Congestion Control (TFMCC). To mitigate fluctuation of sending rate for TFMCC sender, FSR intends, five actions and link utilization for tuning sending rate and uses a fuzzy controller to determine which operation should be reaped according to the feedback information from CLR (current limiting receiver). Asymmetrical membership functions and biased fuzzy inference rules make FSR as friendly to TCP flows as TFMCC. Simulation results show that FSR has exceptional smoothness and fine TCP Friendliness.
SELECTING VOTES FOR ENERGY EFFICIENCY IN PROBABILISTIC VOTING-BASED FILTERING...ijasa
Wireless sensor networks are easily compromised by an adversary, such as fabricated with false votes attacks and false votes on real reports attacks. These attacks generate false data to drain the energy resource of sensors and interrupt the inflow of a real report. PVFS was proposed to detect them by verifying votes in the real report. When a real event occurs, a cluster head collects all of the votes from its neighboring nodes and selects the votes up to a defined number of votes. In this paper, our proposed method decides the number of votes based on a fuzzy rule-based system to improve energy savings as compared to PVFS. We evaluated the effectiveness of the proposal as two attacks occur simultaneously in the sensor network. The experimental results show that our method saves energy resources and maintains the security level against these multiple attacks
International Journal of Engineering Research and Applications (IJERA) is a team of researchers not publication services or private publications running the journals for monetary benefits, we are association of scientists and academia who focus only on supporting authors who want to publish their work. The articles published in our journal can be accessed online, all the articles will be archived for real time access.
Our journal system primarily aims to bring out the research talent and the works done by sciaentists, academia, engineers, practitioners, scholars, post graduate students of engineering and science. This journal aims to cover the scientific research in a broader sense and not publishing a niche area of research facilitating researchers from various verticals to publish their papers. It is also aimed to provide a platform for the researchers to publish in a shorter of time, enabling them to continue further All articles published are freely available to scientific researchers in the Government agencies,educators and the general public. We are taking serious efforts to promote our journal across the globe in various ways, we are sure that our journal will act as a scientific platform for all researchers to publish their works online.
Decentralized Predictive MAC Protocol for Ad Hoc Cognitive Radio NetworksIffat Anjum
Introduction
Related Work
System Model
Protocol Description
Control Operation
Incumbents’ Reclaiming Resolution and Spectrum Handoff
Channel Access Delay in CN Window
Conclusion
EVALUATION OF A NEW INCREMENTAL CLASSIFICATION TREE ALGORITHM FOR MINING HIGH...mlaij
Abstract—A new model for online machine learning process of high speed data stream is proposed, to
minimize the severe restrictions associated with the existing computer learning algorithms. Most of the
existing models have three principle steps. In the first step, the system would create a model incrementally.
In the second step the time taken by the examples to complete a prescribed procedure with their arrival
speed is computed. In the third and final step of the model the size of memory required for computation is
predicted in advance. To overcome these restrictions we proposed this new data stream classification
algorithm, where the data can be partitioned into stream of trees. In this algorithm, the new data set can be
updated with the existing tree. This algorithm, called incremental classification tree algorithm, is proved to
be an excellent solution for processing larger data streams. In this paper, we present the experimental
results of our new algorithm and prove that our method would eradicate the problems of the existing
method.
AN APPORACH FOR SCRIPT IDENTIFICATION IN PRINTED TRILINGUAL DOCUMENTS USING T...ijaia
In this work, we review the outcome of texture features for script classification. Rectangular White Space
analysis algorithm is used to analyze and identify heterogeneous layouts of document images. The texture
features, namely the color texture moments, Local binary pattern (LBP) and responses of Gabor, LM-filter,
S-filter, R-filter are extracted, and combinations of these are considered in the classification. In this work,
a probabilistic neural network and Nearest Neighbor are used for classification. To corrabate the
adequacy of the proposed strategy, an experiment was operated on our own data set. To study the effect of
classification accuracy, we vary the database sizes and the results show that the combination of multiple
features vastly improves the performance.
COLOR IMAGE ENCRYPTION BASED ON MULTIPLE CHAOTIC SYSTEMSIJNSA Journal
This paper proposed a novel color image encryption scheme based on multiple chaotic systems. The
ergodicity property of chaotic system is utilized to perform the permutation process; a substitution
operation is applied to achieve the diffusion effect. In permutation stage, the 3D color plain-image matrix
is converted to a 2D image matrix, then two generalized Arnold maps are employed to generate hybrid
chaotic sequences which are dependent on the plain-image’s content. The generated chaotic sequences are
then applied to perform the permutation process. The encryption’s key streams not only depend on the
cipher keys but also depend on plain-image and therefore can resist chosen-plaintext attack as well as
known-plaintext attack. In the diffusion stage, four pseudo-random gray value sequences are generated by
another generalized Arnold map. The gray value sequences are applied to perform the diffusion process by
bitxoring operation with the permuted image row-by-row or column-by-column to improve the encryption
rate. The security and performance analysis have been performed, including key space analysis, histogram
analysis, correlation analysis, information entropy analysis, key sensitivity analysis, differential analysis
etc. The experimental results show that the proposed image encryption scheme is highly secure thanks to its
large key space and efficient permutation-substitution operation, and therefore it is suitable for practical
image and video encryption
OPTIMIZATION OF NEURAL NETWORK ARCHITECTURE FOR BIOMECHANIC CLASSIFICATION TA...ijaia
Electromyogram signals (EMGs) contain valuable information that can be used in man-machine interfacing between human users and myoelectric prosthetic devices. However, EMG signals are
complicated and prove difficult to analyze due to physiological noise and other issues. Computational
intelligence and machine learning techniques, such as artificial neural networks (ANNs), serve as powerful
tools for analyzing EMG signals and creating optimal myoelectric control schemes for prostheses. This
research examines the performance of four different neural network architectures (feedforward, recurrent,
counter propagation, and self organizing map) that were tasked with classifying walking speed when given
EMG inputs from 14 different leg muscles. Experiments conducted on the data set suggest that self
organizing map neural networks are capable of classifying walking speed with greater than 99% accuracy.
IMAGE BASED RECOGNITION - RECENT CHALLENGES AND SOLUTIONS ILLUSTRATED ON APPL...mlaij
In this paper, problems and solutions for the automatic recognition of miscellaneous materials, especially
bulk materials are discussed. The fact that many materials, especially natural materials, have a strong
phenotypic variability resulting in high intra-class and low inter-class variability of the calculated features
poses a complex recognition problem. The recognition of components of a wheat sample or the
classification of mineral aggregates serves as an example to demonstrate different aspects in segmentation,
feature extraction, classifier design and complexity assessment. We present a technique for the
segmentation of highly overlapping and touching objects into single object images, a proposal for feature
selection and classifier parameter optimization, as well as a method to visualise the complexity of a highdimensional
recognition problem in a three-dimensional space. Every step of the pattern recognition
process needs to be optimized carefully with special attention to the risk of overfitting. Modern processors
and the application of field-programmable gate arrays as well as the outsourcing of processing steps to the
graphic processing unit speed up the calculation and make real-time computation possible also for highly
complex recognition problems such as the quality assurance of bulk materials.
PREDICTING STUDENT ACADEMIC PERFORMANCE IN BLENDED LEARNING USING ARTIFICIAL ...ijaia
Along with the spreading of online education, the importance of active support of students involved in
online learning processes has grown. The application of artificial intelligence in education allows
instructors to analyze data extracted from university servers, identify patterns of student behavior and
develop interventions for struggling students. This study used student data stored in a Moodle server and
predicted student success in course, based on four learning activities - communication via emails,
collaborative content creation with wiki, content interaction measured by files viewed and self-evaluation
through online quizzes. Next, a model based on the Multi-Layer Perceptron Neural Network was trained to
predict student performance on a blended learning course environment. The model predicted the
performance of students with correct classification rate, CCR, of 98.3%.
MODELING, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF MOBILITY LOAD BALANCING ...IJCNCJournal
We propose in this paper a simulation implementation of Self-Organizing Networks (SON) optimization
related to mobility load balancing (MLB) for LTE systems using ns-3 [1]. The implementation is achieved
toward two MLB algorithms dynamically adjusting handover (HO) parameters based on the Reference
Signal Received Power (RSRP) measurements. Such adjustments are done with respect to loads of both an
overloaded cell and its cells’ neighbours having enough available resources enabling to achieve load
balancing. Numerical investigations through selected key performance indicators (KPIs) of the proposed
MLB algorithms when compared with another HO algorithm (already implemented in ns-3) based on A3
event [2] highlight the significant MLB gains provided in terms global network throughput, packet loss rate
and the number of successful HO without incurring significant overhead.
MODEL DRIVEN WEB APPLICATION DEVELOPMENT WITH AGILE PRACTICESijseajournal
Model driven development is an effective method due to its benefits such as code transformation, increasing
productivity and reducing human based error possibilities. Meanwhile, agile software development
increases the software flexibility and customer satisfaction by using iterative method. Can these two
development approaches be combined to develop web applications efficiently? What are the challenges and
what are the benefits of this approach? In this paper, we answer these two crucial problems; combining
model driven development and agile software development results in not only fast development and
easiness of the user interface design but also efficient job tracking. We also defined an agile model based
approach for web applications whose implementation study has been carried out to support the answers we
gave these two crucial problems.
GAME THEORY BASED INTERFERENCE CONTROL AND POWER CONTROL FOR D2D COMMUNICATIO...IJCNCJournal
With the current development of mobile communication services, people need personal communication of
high speed, excellent service, high quality and low latency,however, limited spectrum resources become
the most important factor to hamper improvement of cellular systems. As big amount of data traffic will
cause greater local consumption of spectrum resources, future networks are required to have appropriate
techniques to better support such forms of communication. D2D (Device-to-device) communication
technology in a cellular network makes full use of spectrum resources underlaying, reduces the load of the
base station, minimizes transmit power of the terminals and the base stations, thereby enhances the overall
throughput of the networks. Due to the use of multiplexing D2D UE (User equipment) resources and
spectrum, and the interference caused by the sharing of resources between adjacent cells, it has become a
major factor affecting coexisting of cellular subscribers and D2D users. When D2D communication
multiplexes the uplink resources, the base-stations are easily to be disturbed; when the downlink resources
are multiplexed, the users of downlink are susceptible to interference. In order to build a high-efficient
mobile network, we can meet the QoS requirements by controlling the power to suppress the interference
between the base station and a terminal user.
A FRAMEWORK FOR INTEGRATING USABILITY PRACTICES INTO SMALL-SIZED SOFTWARE DEV...ijseajournal
Usability now appears to be a highly important attribute for software quality; it is a critical factor that
needs to be considered by every software-development organization when developing software to improve
customer satisfaction and increase competition in the market. There exists a lack of a reference model or
framework for small-sized software-development organizations to indicate which usability practices should
be implemented, and where in the system-development life cycle they need to be considered. We offer
developers who have the objective of integrating usability practices into their development life cycle a
framework that characterizes 10 selected user-centered design (UCD) methods in relation to five relevant
criteria based on some ISO factors that have an effect on the selection of methods (ISO/TR16982). The
selection of the methods for inclusion in the framework responds to these organizations’ needs; and we
selected basic methods that are recommended, cost-effective, simple to plan and apply, and easy to learn by
developers; and which can be applied when time, resources, skills, and expertise are limited. We favor
methods that are generally applicable across a wide range of development environments. The selected
methods are organized in the framework according to the stages in the development process where they
might be applied. The only requirement for the existing development life cycle is that it to be based on an
iterative approach.
This paper presents a review & performs a comparative evaluation of few known machine learning
algorithms in terms of their suitability & code performance on any given data set of any size. In this paper,
we describe our Machine Learning ToolBox that we have built using python programming language. The
algorithms used in the toolbox consists of supervised classification algorithms such as Naïve Bayes,
Decision Trees, SVM, K-nearest Neighbors and Neural Network (Backpropagation). The algorithms are
tested on iris and diabetes dataset and are compared on the basis of their accuracy under different
conditions. However using our tool one can apply any of the implemented ML algorithms on any dataset of
any size. The main goal of building a toolbox is to provide users with a platform to test their datasets on
different Machine Learning algorithms and use the accuracy results to determine which algorithms fits the
data best. The toolbox allows the user to choose a dataset of his/her choice either in structured or
unstructured form and then can choose the features he/she wants to use for training the machine We have
given our concluding remarks on the performance of implemented algorithms based on experimental
analysis
FLEXIBLE VIRTUAL ROUTING FUNCTION DEPLOYMENT IN NFV-BASED NETWORK WITH MINIMU...IJCNCJournal
In a conventional network, most network devices, such as routers, are dedicated devices that do not
have much variation in capacity. In recent years, a new concept of Network Functions
Virtualisation (NFV) has come into use. The intention is to implement a variety of network functions
with software on general-purpose servers and this allows the network operator to select any
capabilities and locations of network functions without any physical constraints.
This paper focuses on the deployment of NFV-based routing functions which are one of critical
virtual network functions, and present the algorithm of virtual routing function allocation that
minimize the total network cost. In addition, this paper presents the useful allocation policy of
virtual routing functions, based on an evaluation with a ladder-shaped network model. This policy
takes the ratio of the cost of a routing function to that of a circuit and traffic distribution in the
network into consideration. Furthermore, this paper shows that there are cases where the use of
NFV-based routing functions makes it possible to reduce the total network cost dramatically, in
comparison to a conventional network, in which it is not economically viable to distribute smallcapacity
routing functions
ENERGY CONSUMPTION IMPROVEMENT OF TRADITIONAL CLUSTERING METHOD IN WIRELESS S...IJCNCJournal
In the traditional clustering routing protocol of wireless sensor network, LEACH protocol (Low Energy
Adaptive Clustering Hierarchy) is considered to have many outstanding advantages in the implementation
of the hierarchy according to low energy adaptive cluster to collect and distribute the data to the base
station. The main objective of LEACH is: To prolong life time of the network, reduce the energy
consumption by each node, using the data concentration to reduce bulletins in the network. However, in the
case of large network, the distance from the nodes to the base station is very different. Therefore, the
energy consumption when becoming the host node is very different but LEACH is not based on the
remaining energy to choose the host node, which is based on the number of times to become the host node
in the previous rounds. This makes the nodes far away from the base station lose power sooner.
In this paper, we give a new routing protocol based on the LEACH protocol in order to improve operating
time of sensor network by considering energy issues and distance in selecting the cluster-head (CH), at that
time the nodes with high energy and near the base station (BS) will have a greater probability of becoming
the cluster-head than the those in far and with lower energy.
PERFORMANCE EVALUATION OF MOBILE WIMAX IEEE 802.16E FOR HARD HANDOVERIJCNCJournal
Seamless handover in wireless networks is to guarantee both service continuity and service quality. In
WiMAX, providing scalability and quality of service for multimedia services during handover is a main
challenge because of high latency and packet loss. In this paper, we created four scenarios using Qualnet
5.2 Network Simulator to analyze the hard handover functionality of WiMAX under different conditions.
The scenarios such as Flag with 5 and 10 sec UCD and DCD interval values, Random mobility scenario
and DEM scenario using 6 WiMAX Cells have been considered. This study is performed over the real
urban area of JNU where we have used JNU map for scenarios 1, 2 and 3 but for scenario 4, the JNU
terrain data has been used. Further, each BS of 6 WiMAX cell is connected to four nodes. All nodes of each
scenario are fixed except Node 1. Node 1 is moving and performing the handover between the different BSs
while sending and receiving real time traffics. Flag mobility model is used in Scenario 1, 2 and 4 to model
the movement of the Node 1 while we use random mobility model in sceanrio3. 5 seconds time interval is
used for Scenarios 1, 3, and 4 while 10 seconds time interval is used for scenario 2 to study the effect of
management messages load on handover. Further, the statistical measures of handover performance of
WiMAX in terms of number of handover performed, throughput, end-to-end delay, jitter, and packets
dropped are observed and evaluated.
Big data is a prominent term which characterizes the improvement and availability of data in all three
formats like structure, unstructured and semi formats. Structure data is located in a fixed field of a record
or file and it is present in the relational data bases and spreadsheets whereas an unstructured data file
includes text and multimedia contents. The primary objective of this big data concept is to describe the
extreme volume of data sets i.e. both structured and unstructured. It is further defined with three “V”
dimensions namely Volume, Velocity and Variety, and two more “V” also added i.e. Value and Veracity.
Volume denotes the size of data, Velocity depends upon the speed of the data processing, Variety is
described with the types of the data, Value which derives the business value and Veracity describes about
the quality of the data and data understandability. Nowadays, big data has become unique and preferred
research areas in the field of computer science. Many open research problems are available in big data
and good solutions also been proposed by the researchers even though there is a need for development of
many new techniques and algorithms for big data analysis in order to get optimal solutions. In this paper,
a detailed study about big data, its basic concepts, history, applications, technique, research issues and
tools are discussed.
A NOVEL METHOD FOR REDUCING TESTING TIME IN SCRUM AGILE PROCESSijseajournal
Recently, the software development in the industry is moving towards agile due to the advantages provided
by the agile development process. Main advantages of agile software development process are: delivering
high quality software in shorter intervals and embracing change. Testing is a vital activity for delivering a
high quality software product. Often testing accounts for more project effort and time than any other
software development activities. Testing strategies for conventional process models are well established,
but these strategies are not directly applicable to agile testing without modifications and changes. In this
paper, a novel method for agile testing in the scrum software development environment is proposed and
presented. The sprint and testing activities which form the context for the proposed testing method are
presented. The proposed method is applied on two cases studies. The results indicated that the testing time
can be reduced considerably by applying the proposed method
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...IJNSA Journal
RFID systems are one of the important techniques that have been used in modern technologies; these
systems rely heavily on default and random passwords. Due to the increasing use of RFID in various
industries, security and privacy issues should be addressed carefully as there is no efficient way to achieve
security in this technology. Some active tags are low cost and basic tags cannot use standard cryptographic
operations where the uses of such techniques increase the cost of these cards. This paper sheds light on the
weaknesses of RFID system and identifies the threats and countermeasures of possible attacks. For the
sake of this paper, an algorithm was designed to ensure and measure the strength of passwords used in the
authentication process between tag and reader to enhance security in their communication and defend
against brute-force attacks. Our algorithm is design by modern techniques based on entropy, password
length, cardinality, Markov-model and Fuzzy Logic
MULTI MODEL DATA MINING APPROACH FOR HEART FAILURE PREDICTIONIJDKP
Developing predictive modelling solutions for risk estimation is extremely challenging in health-care
informatics. Risk estimation involves integration of heterogeneous clinical sources having different
representation from different health-care provider making the task increasingly complex. Such sources are
typically voluminous, diverse, and significantly change over the time. Therefore, distributed and parallel
computing tools collectively termed big data tools are in need which can synthesize and assist the physician
to make right clinical decisions. In this work we propose multi-model predictive architecture, a novel
approach for combining the predictive ability of multiple models for better prediction accuracy. We
demonstrate the effectiveness and efficiency of the proposed work on data from Framingham Heart study.
Results show that the proposed multi-model predictive architecture is able to provide better accuracy than
best model approach. By modelling the error of predictive models we are able to choose sub set of models
which yields accurate results. More information was modelled into system by multi-level mining which has
resulted in enhanced predictive accuracy.
ASSESSING THE PERFORMANCE AND ENERGY USAGE OF MULTI-CPUS, MULTI-CORE AND MANY...ijdpsjournal
This paper studies the performance and energy consumption of several multi-core, multi-CPUs and manycore
hardware platforms and software stacks for parallel programming. It uses the Multimedia Multiscale
Parser (MMP), a computationally demanding image encoder application, which was ported to several
hardware and software parallel environments as a benchmark. Hardware-wise, the study assesses
NVIDIA's Jetson TK1 development board, the Raspberry Pi 2, and a dual Intel Xeon E5-2620/v2 server, as
well as NVIDIA's discrete GPUs GTX 680, Titan Black Edition and GTX 750 Ti. The assessed parallel
programming paradigms are OpenMP, Pthreads and CUDA, and a single-thread sequential version, all
running in a Linux environment. While the CUDA-based implementation delivered the fastest execution, the
Jetson TK1 proved to be the most energy efficient platform, regardless of the used parallel software stack.
Although it has the lowest power demand, the Raspberry Pi 2 energy efficiency is hindered by its lengthy
execution times, effectively consuming more energy than the Jetson TK1. Surprisingly, OpenMP delivered
twice the performance of the Pthreads-based implementation, proving the maturity of the tools and
libraries supporting OpenMP.
MR – RANDOM FOREST ALGORITHM FOR DISTRIBUTED ACTION RULES DISCOVERYIJDKP
Action rules, which are the modified versions of classification rules, are one of the modern approaches for
discovering knowledge in databases. Action rules allow us to discover actionable knowledge from large
datasets. Classification rules are tailored to predict the object’s class. Whereas action rules extracted from
an information system produce knowledge in the form of suggestions of how an object can change from one
class to another more desirable class. Over the years, computer storage has become larger and also the
internet has become faster. Hence the digital data is widely spread around the world and even it is growing
in size such a way that it requires more time and space to collect and analyze them than a single computer
can handle. To produce action rules from a distributed massive data requires a distributed action rules
processing algorithm which can process the datasets in all systems in one or more clusters simultaneously
and combine them efficiently to induce single set of action rules. There has been little research on action
rules discovery in the distributed environment, which presents a challenge. In this paper, we propose a new
algorithm called MR – Random Forest Algorithm to extract the action rules in a distributed processing
environment.
Threats have become a big problem since the past few years since computer viruses are widely recognized as a significant computer threat. However, the role of Information Technology security must be revisit again since it is too often, IT security managers find themselves in the hopeless situation of trying to uphold a maximum of security as requested from management. While at the same time they are considered an obstacle in the way of developing and introducing new applications into business and government network environments. This paper will focus on Transmission Control Protocol Synchronize Flooding attack detections using the Internet Protocol header as a platform to detect threats, especially in the IP protocol and TCP protocol, and check packets using anomaly detection system which has many advantages, and applied it under the open source Linux. The problem is to detect TCP SYN Flood attack through internet security. This paper also focusing on detecting threats in the local network by monitoring all the packets that goes through the networks. The results show that the proposed detection method can detect TCP SYN Flooding in both normal and attacked network and alert the user about the attack after sending the report to the administrator. As conclusion, TCP SYN Flood and other attacks can be detected through this traffic monitoring tools if the abnormal behaviors of the packets are recognized such as incomplete TCP three-way handshake application and IP header length.
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...IJCNCJournal
Flooding attack is a network attack that sends a large amount of traffic to the victim networks or services to cause denial-of-service. In Software-Defined Networking (SDN) environment, this attack might not only breach the hosts and services but also the SDN controller. Besides, it will also cause a disconnection of links between the controller and the switches. Thus, an effective detection and mitigation technique of flooding attacks is required. Statistical analysis techniques are widely used for the detection and mitigation of flooding attacks. However, the effectiveness of these techniques strongly depends on the defined threshold. Defining the static threshold is a tedious job and most of the time produces a high false positive alarm .In this paper, we proposed the dynamic threshold which is calculated using modified adaptive threshold algorithm (MATA). The original ATA is based on the Exponential Weighted Moving Average (EWMA) formula which produces the high number of false alarms. To reduce the false alarms, the alarm signal will only be generated after a minimum number of consecutive violations of the threshold. This, however, has increased the false negative rate when the network is under attack. In order to reduce this false negative rate, MATA adapted the baseline traffic info of the network infrastructure. The comparative analysis of MATA and ATA are performed through the measurement of false negative rate, and accuracy of detection rate. Our experimental results show that MATA is able to reduce false negative rates up to 17.74% and increase the detection accuracy of 16.11%over the various types of flooding attacks at the transport layer.
EVALUATION OF A NEW INCREMENTAL CLASSIFICATION TREE ALGORITHM FOR MINING HIGH...mlaij
Abstract—A new model for online machine learning process of high speed data stream is proposed, to
minimize the severe restrictions associated with the existing computer learning algorithms. Most of the
existing models have three principle steps. In the first step, the system would create a model incrementally.
In the second step the time taken by the examples to complete a prescribed procedure with their arrival
speed is computed. In the third and final step of the model the size of memory required for computation is
predicted in advance. To overcome these restrictions we proposed this new data stream classification
algorithm, where the data can be partitioned into stream of trees. In this algorithm, the new data set can be
updated with the existing tree. This algorithm, called incremental classification tree algorithm, is proved to
be an excellent solution for processing larger data streams. In this paper, we present the experimental
results of our new algorithm and prove that our method would eradicate the problems of the existing
method.
AN APPORACH FOR SCRIPT IDENTIFICATION IN PRINTED TRILINGUAL DOCUMENTS USING T...ijaia
In this work, we review the outcome of texture features for script classification. Rectangular White Space
analysis algorithm is used to analyze and identify heterogeneous layouts of document images. The texture
features, namely the color texture moments, Local binary pattern (LBP) and responses of Gabor, LM-filter,
S-filter, R-filter are extracted, and combinations of these are considered in the classification. In this work,
a probabilistic neural network and Nearest Neighbor are used for classification. To corrabate the
adequacy of the proposed strategy, an experiment was operated on our own data set. To study the effect of
classification accuracy, we vary the database sizes and the results show that the combination of multiple
features vastly improves the performance.
COLOR IMAGE ENCRYPTION BASED ON MULTIPLE CHAOTIC SYSTEMSIJNSA Journal
This paper proposed a novel color image encryption scheme based on multiple chaotic systems. The
ergodicity property of chaotic system is utilized to perform the permutation process; a substitution
operation is applied to achieve the diffusion effect. In permutation stage, the 3D color plain-image matrix
is converted to a 2D image matrix, then two generalized Arnold maps are employed to generate hybrid
chaotic sequences which are dependent on the plain-image’s content. The generated chaotic sequences are
then applied to perform the permutation process. The encryption’s key streams not only depend on the
cipher keys but also depend on plain-image and therefore can resist chosen-plaintext attack as well as
known-plaintext attack. In the diffusion stage, four pseudo-random gray value sequences are generated by
another generalized Arnold map. The gray value sequences are applied to perform the diffusion process by
bitxoring operation with the permuted image row-by-row or column-by-column to improve the encryption
rate. The security and performance analysis have been performed, including key space analysis, histogram
analysis, correlation analysis, information entropy analysis, key sensitivity analysis, differential analysis
etc. The experimental results show that the proposed image encryption scheme is highly secure thanks to its
large key space and efficient permutation-substitution operation, and therefore it is suitable for practical
image and video encryption
OPTIMIZATION OF NEURAL NETWORK ARCHITECTURE FOR BIOMECHANIC CLASSIFICATION TA...ijaia
Electromyogram signals (EMGs) contain valuable information that can be used in man-machine interfacing between human users and myoelectric prosthetic devices. However, EMG signals are
complicated and prove difficult to analyze due to physiological noise and other issues. Computational
intelligence and machine learning techniques, such as artificial neural networks (ANNs), serve as powerful
tools for analyzing EMG signals and creating optimal myoelectric control schemes for prostheses. This
research examines the performance of four different neural network architectures (feedforward, recurrent,
counter propagation, and self organizing map) that were tasked with classifying walking speed when given
EMG inputs from 14 different leg muscles. Experiments conducted on the data set suggest that self
organizing map neural networks are capable of classifying walking speed with greater than 99% accuracy.
IMAGE BASED RECOGNITION - RECENT CHALLENGES AND SOLUTIONS ILLUSTRATED ON APPL...mlaij
In this paper, problems and solutions for the automatic recognition of miscellaneous materials, especially
bulk materials are discussed. The fact that many materials, especially natural materials, have a strong
phenotypic variability resulting in high intra-class and low inter-class variability of the calculated features
poses a complex recognition problem. The recognition of components of a wheat sample or the
classification of mineral aggregates serves as an example to demonstrate different aspects in segmentation,
feature extraction, classifier design and complexity assessment. We present a technique for the
segmentation of highly overlapping and touching objects into single object images, a proposal for feature
selection and classifier parameter optimization, as well as a method to visualise the complexity of a highdimensional
recognition problem in a three-dimensional space. Every step of the pattern recognition
process needs to be optimized carefully with special attention to the risk of overfitting. Modern processors
and the application of field-programmable gate arrays as well as the outsourcing of processing steps to the
graphic processing unit speed up the calculation and make real-time computation possible also for highly
complex recognition problems such as the quality assurance of bulk materials.
PREDICTING STUDENT ACADEMIC PERFORMANCE IN BLENDED LEARNING USING ARTIFICIAL ...ijaia
Along with the spreading of online education, the importance of active support of students involved in
online learning processes has grown. The application of artificial intelligence in education allows
instructors to analyze data extracted from university servers, identify patterns of student behavior and
develop interventions for struggling students. This study used student data stored in a Moodle server and
predicted student success in course, based on four learning activities - communication via emails,
collaborative content creation with wiki, content interaction measured by files viewed and self-evaluation
through online quizzes. Next, a model based on the Multi-Layer Perceptron Neural Network was trained to
predict student performance on a blended learning course environment. The model predicted the
performance of students with correct classification rate, CCR, of 98.3%.
MODELING, IMPLEMENTATION AND PERFORMANCE ANALYSIS OF MOBILITY LOAD BALANCING ...IJCNCJournal
We propose in this paper a simulation implementation of Self-Organizing Networks (SON) optimization
related to mobility load balancing (MLB) for LTE systems using ns-3 [1]. The implementation is achieved
toward two MLB algorithms dynamically adjusting handover (HO) parameters based on the Reference
Signal Received Power (RSRP) measurements. Such adjustments are done with respect to loads of both an
overloaded cell and its cells’ neighbours having enough available resources enabling to achieve load
balancing. Numerical investigations through selected key performance indicators (KPIs) of the proposed
MLB algorithms when compared with another HO algorithm (already implemented in ns-3) based on A3
event [2] highlight the significant MLB gains provided in terms global network throughput, packet loss rate
and the number of successful HO without incurring significant overhead.
MODEL DRIVEN WEB APPLICATION DEVELOPMENT WITH AGILE PRACTICESijseajournal
Model driven development is an effective method due to its benefits such as code transformation, increasing
productivity and reducing human based error possibilities. Meanwhile, agile software development
increases the software flexibility and customer satisfaction by using iterative method. Can these two
development approaches be combined to develop web applications efficiently? What are the challenges and
what are the benefits of this approach? In this paper, we answer these two crucial problems; combining
model driven development and agile software development results in not only fast development and
easiness of the user interface design but also efficient job tracking. We also defined an agile model based
approach for web applications whose implementation study has been carried out to support the answers we
gave these two crucial problems.
GAME THEORY BASED INTERFERENCE CONTROL AND POWER CONTROL FOR D2D COMMUNICATIO...IJCNCJournal
With the current development of mobile communication services, people need personal communication of
high speed, excellent service, high quality and low latency,however, limited spectrum resources become
the most important factor to hamper improvement of cellular systems. As big amount of data traffic will
cause greater local consumption of spectrum resources, future networks are required to have appropriate
techniques to better support such forms of communication. D2D (Device-to-device) communication
technology in a cellular network makes full use of spectrum resources underlaying, reduces the load of the
base station, minimizes transmit power of the terminals and the base stations, thereby enhances the overall
throughput of the networks. Due to the use of multiplexing D2D UE (User equipment) resources and
spectrum, and the interference caused by the sharing of resources between adjacent cells, it has become a
major factor affecting coexisting of cellular subscribers and D2D users. When D2D communication
multiplexes the uplink resources, the base-stations are easily to be disturbed; when the downlink resources
are multiplexed, the users of downlink are susceptible to interference. In order to build a high-efficient
mobile network, we can meet the QoS requirements by controlling the power to suppress the interference
between the base station and a terminal user.
A FRAMEWORK FOR INTEGRATING USABILITY PRACTICES INTO SMALL-SIZED SOFTWARE DEV...ijseajournal
Usability now appears to be a highly important attribute for software quality; it is a critical factor that
needs to be considered by every software-development organization when developing software to improve
customer satisfaction and increase competition in the market. There exists a lack of a reference model or
framework for small-sized software-development organizations to indicate which usability practices should
be implemented, and where in the system-development life cycle they need to be considered. We offer
developers who have the objective of integrating usability practices into their development life cycle a
framework that characterizes 10 selected user-centered design (UCD) methods in relation to five relevant
criteria based on some ISO factors that have an effect on the selection of methods (ISO/TR16982). The
selection of the methods for inclusion in the framework responds to these organizations’ needs; and we
selected basic methods that are recommended, cost-effective, simple to plan and apply, and easy to learn by
developers; and which can be applied when time, resources, skills, and expertise are limited. We favor
methods that are generally applicable across a wide range of development environments. The selected
methods are organized in the framework according to the stages in the development process where they
might be applied. The only requirement for the existing development life cycle is that it to be based on an
iterative approach.
This paper presents a review & performs a comparative evaluation of few known machine learning
algorithms in terms of their suitability & code performance on any given data set of any size. In this paper,
we describe our Machine Learning ToolBox that we have built using python programming language. The
algorithms used in the toolbox consists of supervised classification algorithms such as Naïve Bayes,
Decision Trees, SVM, K-nearest Neighbors and Neural Network (Backpropagation). The algorithms are
tested on iris and diabetes dataset and are compared on the basis of their accuracy under different
conditions. However using our tool one can apply any of the implemented ML algorithms on any dataset of
any size. The main goal of building a toolbox is to provide users with a platform to test their datasets on
different Machine Learning algorithms and use the accuracy results to determine which algorithms fits the
data best. The toolbox allows the user to choose a dataset of his/her choice either in structured or
unstructured form and then can choose the features he/she wants to use for training the machine We have
given our concluding remarks on the performance of implemented algorithms based on experimental
analysis
FLEXIBLE VIRTUAL ROUTING FUNCTION DEPLOYMENT IN NFV-BASED NETWORK WITH MINIMU...IJCNCJournal
In a conventional network, most network devices, such as routers, are dedicated devices that do not
have much variation in capacity. In recent years, a new concept of Network Functions
Virtualisation (NFV) has come into use. The intention is to implement a variety of network functions
with software on general-purpose servers and this allows the network operator to select any
capabilities and locations of network functions without any physical constraints.
This paper focuses on the deployment of NFV-based routing functions which are one of critical
virtual network functions, and present the algorithm of virtual routing function allocation that
minimize the total network cost. In addition, this paper presents the useful allocation policy of
virtual routing functions, based on an evaluation with a ladder-shaped network model. This policy
takes the ratio of the cost of a routing function to that of a circuit and traffic distribution in the
network into consideration. Furthermore, this paper shows that there are cases where the use of
NFV-based routing functions makes it possible to reduce the total network cost dramatically, in
comparison to a conventional network, in which it is not economically viable to distribute smallcapacity
routing functions
ENERGY CONSUMPTION IMPROVEMENT OF TRADITIONAL CLUSTERING METHOD IN WIRELESS S...IJCNCJournal
In the traditional clustering routing protocol of wireless sensor network, LEACH protocol (Low Energy
Adaptive Clustering Hierarchy) is considered to have many outstanding advantages in the implementation
of the hierarchy according to low energy adaptive cluster to collect and distribute the data to the base
station. The main objective of LEACH is: To prolong life time of the network, reduce the energy
consumption by each node, using the data concentration to reduce bulletins in the network. However, in the
case of large network, the distance from the nodes to the base station is very different. Therefore, the
energy consumption when becoming the host node is very different but LEACH is not based on the
remaining energy to choose the host node, which is based on the number of times to become the host node
in the previous rounds. This makes the nodes far away from the base station lose power sooner.
In this paper, we give a new routing protocol based on the LEACH protocol in order to improve operating
time of sensor network by considering energy issues and distance in selecting the cluster-head (CH), at that
time the nodes with high energy and near the base station (BS) will have a greater probability of becoming
the cluster-head than the those in far and with lower energy.
PERFORMANCE EVALUATION OF MOBILE WIMAX IEEE 802.16E FOR HARD HANDOVERIJCNCJournal
Seamless handover in wireless networks is to guarantee both service continuity and service quality. In
WiMAX, providing scalability and quality of service for multimedia services during handover is a main
challenge because of high latency and packet loss. In this paper, we created four scenarios using Qualnet
5.2 Network Simulator to analyze the hard handover functionality of WiMAX under different conditions.
The scenarios such as Flag with 5 and 10 sec UCD and DCD interval values, Random mobility scenario
and DEM scenario using 6 WiMAX Cells have been considered. This study is performed over the real
urban area of JNU where we have used JNU map for scenarios 1, 2 and 3 but for scenario 4, the JNU
terrain data has been used. Further, each BS of 6 WiMAX cell is connected to four nodes. All nodes of each
scenario are fixed except Node 1. Node 1 is moving and performing the handover between the different BSs
while sending and receiving real time traffics. Flag mobility model is used in Scenario 1, 2 and 4 to model
the movement of the Node 1 while we use random mobility model in sceanrio3. 5 seconds time interval is
used for Scenarios 1, 3, and 4 while 10 seconds time interval is used for scenario 2 to study the effect of
management messages load on handover. Further, the statistical measures of handover performance of
WiMAX in terms of number of handover performed, throughput, end-to-end delay, jitter, and packets
dropped are observed and evaluated.
Big data is a prominent term which characterizes the improvement and availability of data in all three
formats like structure, unstructured and semi formats. Structure data is located in a fixed field of a record
or file and it is present in the relational data bases and spreadsheets whereas an unstructured data file
includes text and multimedia contents. The primary objective of this big data concept is to describe the
extreme volume of data sets i.e. both structured and unstructured. It is further defined with three “V”
dimensions namely Volume, Velocity and Variety, and two more “V” also added i.e. Value and Veracity.
Volume denotes the size of data, Velocity depends upon the speed of the data processing, Variety is
described with the types of the data, Value which derives the business value and Veracity describes about
the quality of the data and data understandability. Nowadays, big data has become unique and preferred
research areas in the field of computer science. Many open research problems are available in big data
and good solutions also been proposed by the researchers even though there is a need for development of
many new techniques and algorithms for big data analysis in order to get optimal solutions. In this paper,
a detailed study about big data, its basic concepts, history, applications, technique, research issues and
tools are discussed.
A NOVEL METHOD FOR REDUCING TESTING TIME IN SCRUM AGILE PROCESSijseajournal
Recently, the software development in the industry is moving towards agile due to the advantages provided
by the agile development process. Main advantages of agile software development process are: delivering
high quality software in shorter intervals and embracing change. Testing is a vital activity for delivering a
high quality software product. Often testing accounts for more project effort and time than any other
software development activities. Testing strategies for conventional process models are well established,
but these strategies are not directly applicable to agile testing without modifications and changes. In this
paper, a novel method for agile testing in the scrum software development environment is proposed and
presented. The sprint and testing activities which form the context for the proposed testing method are
presented. The proposed method is applied on two cases studies. The results indicated that the testing time
can be reduced considerably by applying the proposed method
ENHANCE RFID SECURITY AGAINST BRUTE FORCE ATTACK BASED ON PASSWORD STRENGTH A...IJNSA Journal
RFID systems are one of the important techniques that have been used in modern technologies; these
systems rely heavily on default and random passwords. Due to the increasing use of RFID in various
industries, security and privacy issues should be addressed carefully as there is no efficient way to achieve
security in this technology. Some active tags are low cost and basic tags cannot use standard cryptographic
operations where the uses of such techniques increase the cost of these cards. This paper sheds light on the
weaknesses of RFID system and identifies the threats and countermeasures of possible attacks. For the
sake of this paper, an algorithm was designed to ensure and measure the strength of passwords used in the
authentication process between tag and reader to enhance security in their communication and defend
against brute-force attacks. Our algorithm is design by modern techniques based on entropy, password
length, cardinality, Markov-model and Fuzzy Logic
MULTI MODEL DATA MINING APPROACH FOR HEART FAILURE PREDICTIONIJDKP
Developing predictive modelling solutions for risk estimation is extremely challenging in health-care
informatics. Risk estimation involves integration of heterogeneous clinical sources having different
representation from different health-care provider making the task increasingly complex. Such sources are
typically voluminous, diverse, and significantly change over the time. Therefore, distributed and parallel
computing tools collectively termed big data tools are in need which can synthesize and assist the physician
to make right clinical decisions. In this work we propose multi-model predictive architecture, a novel
approach for combining the predictive ability of multiple models for better prediction accuracy. We
demonstrate the effectiveness and efficiency of the proposed work on data from Framingham Heart study.
Results show that the proposed multi-model predictive architecture is able to provide better accuracy than
best model approach. By modelling the error of predictive models we are able to choose sub set of models
which yields accurate results. More information was modelled into system by multi-level mining which has
resulted in enhanced predictive accuracy.
ASSESSING THE PERFORMANCE AND ENERGY USAGE OF MULTI-CPUS, MULTI-CORE AND MANY...ijdpsjournal
This paper studies the performance and energy consumption of several multi-core, multi-CPUs and manycore
hardware platforms and software stacks for parallel programming. It uses the Multimedia Multiscale
Parser (MMP), a computationally demanding image encoder application, which was ported to several
hardware and software parallel environments as a benchmark. Hardware-wise, the study assesses
NVIDIA's Jetson TK1 development board, the Raspberry Pi 2, and a dual Intel Xeon E5-2620/v2 server, as
well as NVIDIA's discrete GPUs GTX 680, Titan Black Edition and GTX 750 Ti. The assessed parallel
programming paradigms are OpenMP, Pthreads and CUDA, and a single-thread sequential version, all
running in a Linux environment. While the CUDA-based implementation delivered the fastest execution, the
Jetson TK1 proved to be the most energy efficient platform, regardless of the used parallel software stack.
Although it has the lowest power demand, the Raspberry Pi 2 energy efficiency is hindered by its lengthy
execution times, effectively consuming more energy than the Jetson TK1. Surprisingly, OpenMP delivered
twice the performance of the Pthreads-based implementation, proving the maturity of the tools and
libraries supporting OpenMP.
MR – RANDOM FOREST ALGORITHM FOR DISTRIBUTED ACTION RULES DISCOVERYIJDKP
Action rules, which are the modified versions of classification rules, are one of the modern approaches for
discovering knowledge in databases. Action rules allow us to discover actionable knowledge from large
datasets. Classification rules are tailored to predict the object’s class. Whereas action rules extracted from
an information system produce knowledge in the form of suggestions of how an object can change from one
class to another more desirable class. Over the years, computer storage has become larger and also the
internet has become faster. Hence the digital data is widely spread around the world and even it is growing
in size such a way that it requires more time and space to collect and analyze them than a single computer
can handle. To produce action rules from a distributed massive data requires a distributed action rules
processing algorithm which can process the datasets in all systems in one or more clusters simultaneously
and combine them efficiently to induce single set of action rules. There has been little research on action
rules discovery in the distributed environment, which presents a challenge. In this paper, we propose a new
algorithm called MR – Random Forest Algorithm to extract the action rules in a distributed processing
environment.
Threats have become a big problem since the past few years since computer viruses are widely recognized as a significant computer threat. However, the role of Information Technology security must be revisit again since it is too often, IT security managers find themselves in the hopeless situation of trying to uphold a maximum of security as requested from management. While at the same time they are considered an obstacle in the way of developing and introducing new applications into business and government network environments. This paper will focus on Transmission Control Protocol Synchronize Flooding attack detections using the Internet Protocol header as a platform to detect threats, especially in the IP protocol and TCP protocol, and check packets using anomaly detection system which has many advantages, and applied it under the open source Linux. The problem is to detect TCP SYN Flood attack through internet security. This paper also focusing on detecting threats in the local network by monitoring all the packets that goes through the networks. The results show that the proposed detection method can detect TCP SYN Flooding in both normal and attacked network and alert the user about the attack after sending the report to the administrator. As conclusion, TCP SYN Flood and other attacks can be detected through this traffic monitoring tools if the abnormal behaviors of the packets are recognized such as incomplete TCP three-way handshake application and IP header length.
FLOODING ATTACK DETECTION AND MITIGATION IN SDN WITH MODIFIED ADAPTIVE THRESH...IJCNCJournal
Flooding attack is a network attack that sends a large amount of traffic to the victim networks or services to cause denial-of-service. In Software-Defined Networking (SDN) environment, this attack might not only breach the hosts and services but also the SDN controller. Besides, it will also cause a disconnection of links between the controller and the switches. Thus, an effective detection and mitigation technique of flooding attacks is required. Statistical analysis techniques are widely used for the detection and mitigation of flooding attacks. However, the effectiveness of these techniques strongly depends on the defined threshold. Defining the static threshold is a tedious job and most of the time produces a high false positive alarm .In this paper, we proposed the dynamic threshold which is calculated using modified adaptive threshold algorithm (MATA). The original ATA is based on the Exponential Weighted Moving Average (EWMA) formula which produces the high number of false alarms. To reduce the false alarms, the alarm signal will only be generated after a minimum number of consecutive violations of the threshold. This, however, has increased the false negative rate when the network is under attack. In order to reduce this false negative rate, MATA adapted the baseline traffic info of the network infrastructure. The comparative analysis of MATA and ATA are performed through the measurement of false negative rate, and accuracy of detection rate. Our experimental results show that MATA is able to reduce false negative rates up to 17.74% and increase the detection accuracy of 16.11%over the various types of flooding attacks at the transport layer.
DDoS Attack and Defense Scheme in Wireless Ad hoc NetworksIJNSA Journal
The wireless ad hoc networks are highly vulnerable to distributed denial of service(DDoS) attacks because of its unique characteristics such as open network architecture, shared wireless medium and stringent resource constraints. These attacks throttle the tcp throughput heavily and reduce the quality of service(QoS) to end systems gradually rather than refusing the clients from the services completely. In this paper, we discussed the DDoS attacks and proposed a defense scheme to improve the performance of the ad hoc networks. Our proposed defense mechanism uses the medium access control (MAC) layer information to detect the attackers. The status values from MAC layer that can be used for detection are Frequency of receiving RTS/CTS packets, Frequency of sensing a busy channel and the number of RTS/DATA retransmissions. Once the attackers are identified, all the packets from those nodes will be blocked. The network resources are made available to the legitimate users. We perform the simulation with Network Simulator NS2 and we proved that our proposed system improves the network performance.
ADRISYA: A FLOW BASED ANOMALY DETECTION SYSTEM FOR SLOW AND FAST SCANIJNSA Journal
Attackers perform port scan to find reachability, liveness and running services in a system or network. Current day scanning tools provide different scanning options and capable of evading various security tools like firewall, IDS and IPS. So in order to detect and prevent attacks in the early stages, an accurate detection of scanning activity in real time is very much essential. In this paper we present a flow based protocol behaviour analysis system to detect TCP based slow and fast scan. This system provides scalable, accurate and generic solution to TCP based scanning by means of automatic behaviour analysis of the network traffic. Detection capability of proposed system is compared with SNORT and result proves the high detection rate of the system over SNORT.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
International Journal of Computational Engineering Research (IJCER) is dedicated to protecting personal information and will make every reasonable effort to handle collected information appropriately. All information collected, as well as related requests, will be handled as carefully and efficiently as possible in accordance with IJCER standards for integrity and objectivity.
International Refereed Journal of Engineering and Science (IRJES) is a leading international journal for publication of new ideas, the state of the art research results and fundamental advances in all aspects of Engineering and Science. IRJES is a open access, peer reviewed international journal with a primary objective to provide the academic community and industry for the submission of half of original research and applications
Performance analysis of transport layer basedhybrid covert channel detection ...IJNSA Journal
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks
on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using
special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.
Network Covert Channel is concealed communication paths within legitimatenetwork
communication that clearly violates security policies laiddown. Non-transparency in covert channel is also
referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is
leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel
except that trapdoor is setin cryptographic algorithm. A composition of covert channel with
subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or
heterogeneous mixture of two or more variantsof covert channel either active at same instance or at
different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to
legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport
layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our
department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine
and also to understand the multi-trapdoor natureof covert channel.
Performance Analysis of Transport Layer Basedhybrid Covert Channel Detection ...IJNSA Journal
Computer network is unpredictable due to information warfareand is prone to various attacks. Such attacks on network compromiseson the most important attribute, the privacy. Most of such attacksare devised using special communication channel called Covert Channel".The word Covert" stands for hidden or nontransparent.Network Covert Channel is concealed communication paths within legitimatenetwork communication that clearly violates security policies laiddown. Non-transparency in covert channel is also referred to as trapdoor.A trapdoor is unintended design within legitimate communication whosemotto is leak information. Subliminal channel, a variant of covert channelworks similarly as network covert channel except that trapdoor is setin cryptographic algorithm. A composition of covert channel with subliminalchannel is the Hybrid Covert Channel". Hybrid covert channelis the homogeneous or heterogeneous mixture of two or more variantsof covert channel either active at same instance or at different instanceof time. Detecting such malicious channel activity plays a vital role inremoving threat to legitimate network.In this paper, we introduce new detection engine for hybrid covert channelin transport layer visualized in TCP and SSL. A setup made onexperimental test bed (DE-HCC9) in RD Lab of our department. Thepurpose of this study is to introduce few performance metrics to evaluatedetection engine and also to understand the multi-trapdoor natureof covert channel.
A secure routing process to simultaneously defend against false report and wo...ieijjournal
Most research related to secure routing in sensor networks has focused on how to detect and defend against a single attack. However, it is not feasible to predict which attack will occur in sensor networks. It is possible for multiple attacks to occur simultaneously, degrading the performance of the existing security schemes. For example, an attacker may try simultaneous false report and wormhole attacks to effectively damage a sensor network. Hence, a multiple simultaneous attack environment is much more complex than a single attack environment. Thus, a new security scheme that can detect multiple simultaneous attacks with a high probability and low energy consumption is needed. In this paper, we propose a secure routing scheme to defend against wormhole and false report attacks in sensor networks. The proposed method achieves a higher attack detection ratio and consumes less energy in a multi-attack scenario compared to existing schemes. It can also be extended to other types of attacks and security schemes to detect and defend against possible combinations of multiple attacks.
Optimal remote access trojans detection based on network behaviorIJECEIAES
RAT is one of the most infected malware in the hyper-connected world. Data is being leaked or disclosed every day because new remote access Trojans are emerging and they are used to steal confidential data from target hosts. Network behavior-based detection has been used to provide an effective detection model for Remote Access Trojans. However, there is still short comings: to detect as early as possible, some False Negative Rate and accuracy that may vary depending on ratio of normal and malicious RAT sessions. As typical network contains large amount of normal traffic and small amount of malicious traffic, the detection model was built based on the different ratio of normal and malicious sessions in previous works. At that time false negative rate is less than 2%, and it varies depending on different ratio of normal and malicious instances. An unbalanced dataset will bias the prediction model towards the more common class. In this paper, each RAT is run many times in order to capture variant behavior of a Remote Access Trojan in the early stage, and balanced instances of normal applications and Remote Access Trojans are used for detection model. Our approach achieves 99 % accuracy and 0.3% False Negative Rate by Random Forest Algorithm.
Fuzzy Logic-based Efficient Message Route Selection Method to Prolong the Net...IJCNCJournal
Recently, sensor networks have been used in a wide range of applications, and interest in sensor node performance has increased. A sensor network is composed of tiny nodes with limited resources. The sensor network communicates between nodes in a configured network through self-organization. An energyefficient security protocol with a hierarchy structure with various advantages has been proposed to prolong the network lifetime of sensor networks. But due to structural problems in traditional protocols, nodes located upstream tend to consume relatively high energy compared to other nodes. A network protocol should be considered to provide minimal security and efficient allocation of energy consumption by nodes to increase the network lifetime. In this paper, we introduce a solution to solve the bottleneck problem through an efficient message route selection method. The proposed method selects an efficient messaging path using GA and fuzzy logic composed of multiple rules. Message route selection plays an important role in controlling the load balancing of nodes. A principal benefit of the proposed scheme is the potential portability of the clustering-based protocol. In addition, the proposed method is updated to find the optimal path through the genetic algorithm to respond to various environments. We demonstrated the effectiveness of the proposed method through an experiment in which the proposed method is applied to a probabilistic voting-based filtering scheme that is one of the cluster-based security schemes.
FUZZY LOGIC-BASED EFFICIENT MESSAGE ROUTE SELECTION METHOD TO PROLONG THE NET...IJCNCJournal
Recently, sensor networks have been used in a wide range of applications, and interest in sensor node
performance has increased. A sensor network is composed of tiny nodes with limited resources. The sensor
network communicates between nodes in a configured network through self-organization. An energyefficient security protocol with a hierarchy structure with various advantages has been proposed to
prolong the network lifetime of sensor networks. But due to structural problems in traditional protocols,
nodes located upstream tend to consume relatively high energy compared to other nodes. A network
protocol should be considered to provide minimal security and efficient allocation of energy consumption
by nodes to increase the network lifetime. In this paper, we introduce a solution to solve the bottleneck
problem through an efficient message route selection method. The proposed method selects an efficient
messaging path using GA and fuzzy logic composed of multiple rules. Message route selection plays an
important role in controlling the load balancing of nodes. A principal benefit of the proposed scheme is the
potential portability of the clustering-based protocol. In addition, the proposed method is updated to find
the optimal path through the genetic algorithm to respond to various environments. We demonstrated the
effectiveness of the proposed method through an experiment in which the proposed method is applied to a
probabilistic voting-based filtering scheme that is one of the cluster-based security schemes.
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...IJCNCJournal
Software-Defined Network (SDN) is an innovative network architecture with the goal of providing the
flexibility and simplicity in network operation and management through a centralized controller. These
features help SDN to easily adapt to the expansion of network requirements, but it is also a weakness when
it comes to security. With centralized architecture, SDN is vulnerable to cyber-attacks, especially
Distributed Denial of Service (DDoS) attack. DDoS is a popular attack type which consumes all network
resources and causes congestion in the entire network. In this research, we will introduce a DDoS
detection model based on the statistical method with a dynamic threshold value that changes over time.
Along with the simulation result, we build a practical SDN model to apply our method, the results show
that our method can detect DDoS attacks rapidly with high accuracy.
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...IJCNCJournal
Software-Defined Network (SDN) is an innovative network architecture with the goal of providing the flexibility and simplicity in network operation and management through a centralized controller. These features help SDN to easily adapt tothe expansion of networkrequirements, but it is also a weakness when it comes to security. With centralized architecture, SDN is vulnerable to cyber-attacks, especially Distributed Denial of Service (DDoS) attack. DDoS is a popular attack type which consumes all network resources and causes congestion in the entire network. In this research, we will introduce a DDoS detection model based on the statistical method with a dynamic threshold value that changes over time. Along with the simulation result, we build a practical SDN model to apply our method, the results show that our method can detectD DoS attacks rapidly with high accuracy.
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
With the growing deployment of host-based and network-based intrusion detection systems in increasingly
large and complex communication networks, managing low-level alerts from these systems becomes
critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or
intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of
alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be
a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators
cannot manage the large number of alerts occurring per second, in particular since most alerts are false
positives. Hence, an emerging track of security research has focused on alert correlation to better identify
true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis
(MONA). This method builds on data correlation to derive network dependencies and manage security
events by linking incoming alerts to network dependencies.
USING A DEEP UNDERSTANDING OF NETWORK ACTIVITIES FOR SECURITY EVENT MANAGEMENTIJNSA Journal
With the growing deployment of host-based and network-based intrusion detection systems in increasingly large and complex communication networks, managing low-level alerts from these systems becomes critically important. Probes of multiple distributed firewalls (FWs), intrusion detection systems (IDSs) or intrusion prevention systems (IPSs) are collected throughout a monitored network such that large series of alerts (alert streams) need to be fused. An alert indicates an abnormal behavior, which could potentially be a sign for an ongoing cyber attack. Unfortunately, in a real data communication network, administrators cannot manage the large number of alerts occurring per second, in particular since most alerts are false positives. Hence, an emerging track of security research has focused on alert correlation to better identify true positive and false positive. To achieve this goal we introduce Mission Oriented Network Analysis (MONA). This method builds on data correlation to derive network dependencies and manage security events by linking incoming alerts to network dependencies.
Pre-filters in-transit malware packets detection in the networkTELKOMNIKA JOURNAL
Conventional malware detection systems cannot detect most of the new malware in the network
without the availability of their signatures. In order to solve this problem, this paper proposes a technique
to detect both metamorphic (mutated malware) and general (non-mutated) malware in the network using a
combination of known malware sub-signature and machine learning classification. This network-based
malware detection is achieved through a middle path for efficient processing of non-malware packets.
The proposed technique has been tested and verified using multiple data sets (metamorphic malware,
non-mutated malware, and UTM real traffic), this technique can detect most of malware packets in
the network-based before they reached the host better than the previous works which detect malware in
host-based. Experimental results showed that the proposed technique can speed up the transmission of
more than 98% normal packets without sending them to the slow path, and more than 97% of malware
packets are detected and dropped in the middle path. Furthermore, more than 75% of metamorphic
malware packets in the test dataset could be detected. The proposed technique is 37 times faster than
existing technique.
Similar to A HYBRID APPROACH COMBINING RULE-BASED AND ANOMALY-BASED DETECTION AGAINST DDOS ATTACKS (20)
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Connector Corner: Automate dynamic content and events by pushing a button
A HYBRID APPROACH COMBINING RULE-BASED AND ANOMALY-BASED DETECTION AGAINST DDOS ATTACKS
1. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
DOI: 10.5121/ijnsa.2016.8401 1
A HYBRID APPROACH COMBINING RULE-BASED
AND ANOMALY-BASED DETECTION AGAINST DDOS
ATTACKS
Chin-Ling Chen1
and Hsin-Chiao Chen2
1
Department of Information Management, National Pingtung University, Pingtung,
Taiwan, 900
2
Department of Information Management, National Pingtung Institute of Commerce,
Pingtung, Taiwan, 900
ABSTRACT
We have designed a hybrid approach combining rule-based and anomaly-based detection against DDoS
attacks. In the approach, the rule-based detection has established a set of rules and the anomaly-based
detection use one-way ANOVA test to detect possible attacks. We adopt TFN2K (Tribe Flood, the Net 2K)
as an attack traffic generator and monitor the system resource of the victim like throughput, memory
utilization, CPU utilization consumed by attack traffic. Target users of the proposed scheme are data
center administrators. The types of attack traffic have been analysed and by that we develop a defense
scheme. The experiment has demonstrated that the proposed scheme can effectively detect the attack traffic.
KEYWORDS
Distributed denial of service, firewall, detection
1. INTRODUCTION
Distributed Denial of Service (DDoS) has caused a serious threat to network security since it has
significantly damaged network infrastructure as well as Internet services. DDoS attacks can be
categorized into two types: semantic and flooding attacks. Semantic attacks usually exploit some
weakness of the target system and implant bot onto it. On the other hand, flooding attack creates a
large number of attack network traffic, service requests and connections, and thus consuming a
large number of victim resources, such as CPU, bandwidth and internal memory.
Recently, much effort has concentrated on detection methods for flooding attacks. We may
categorize them into four main approaches: traceback-based [1-5], rule-based [6-16], protocol-
based [17-27] and anomaly-based [28-30]. Traceback-based methods make the victim to identify
the attack source as well as attack paths once the attack has been encountered. Among the
available traceback methods, Deterministic Packet Marking (DPM) [4] is considered to be a
simple and relatively effective traceback scheme. The victim employs a DPM algorithm to
identify data marks of suspicious packets and choose the filtering probability of the marked
packets, which is based on both arrival rate and attack paths. The data mark rate is adjusted
dynamically based on attack frequency. Rule-based detection usually defines some rules (also
called signatures) to set normal traffic apart from suspicious traffic. Whenever the methods
locates incoming traffic that matches content or condition found in a rule, alert will occur. Rule-
based detection is effective in the past when only a few malware strains can be found. However,
2. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
2
as the number of malware increase dramatically, it is impossible to create and maintain this
number of rules.
Scalable detection [6] has proposed a new data structure called partial completion filters (PCFs)
that can detect scanning attacks and partial completion attacks in the network. Not only small
traffic volumes but also flooding traffics was used on the experiments to demonstrate how PCFs
works to achieve high effectiveness. By using group-testing theory, Live Baiting [7] has the
advantage of exploiting attackers within incoming traffic with the minimum number of test and
low state overhead. The state overhead needed is in the order of number of attackers, rather than
number of clients. Neither legitimate requests nor anomalous behaviour are required in model,
Live Baiting scales to large services with millions of clients.
Protocol-based flooding attacks can be classified into two categories based on the protocol level
that is targeted [17]. They are network/transport-level [18-23] and application-level flooding [24-
27]. Network/transport-level flooding has been launched attacks to consume the victims’ resource
by exploiting the bugs and the weakness of IP, TCP, UDP and ICMP protocols. Similarly,
Application-level flooding sends faked application-level protocol requests to the large number of
innocent servers (reflectors), which flush packets to the victims.
Anomaly-based detection [28-30] usually discusses the methods for generating statistical data
that can be used to perform detection and analysis. Rather than simply alerting whenever some
exceptional traffic pattern is observed, an anomaly-based detection is capable of discerning
between attack traffic and normal traffic. This type of detection is more powerful, but more
difficult to implement.
The proposed scheme combines the best properties of rule-based and anomaly-based detection.
For the part of rule-based detection, we set up three criteria for incoming traffic. They are
throughput, CPU utilization and memory utilization. We further identify suspicious traffic by
examining one criteria or combination of criteria along with ANOVA test for the part of
anomaly-based detection. In this study, we mainly focus on network/transport-level flooding
attacks to simplify the experiment.
The rest of paper can be organized as follows. Section II describes the proposed scheme and
discusses the detection and response mechanism. In Section III, simulation and results are
presented. Finally, we draw our conclusions in Section IV.
2. THE PROPOSED SYSTEM
The proposed system can be classified into two parts: detection and response, which can be
described as follows.
2.1. Detection
The design principle of detection aims to identify the traffic with suspicious behaviour. Because
no single flow may be suspicious, we perform flow aggregation with arrival rate to identify
overloading behaviour. Assume Ft is the arrival rate measured at the receiver at time t. We have
(1)
The receiver first checks whether ∆Ft reaches incremental rate threshold (Thf). If this does occur,
incremental rate counter, Cf, is incremented by 1. Otherwise, Cf is decreased by 1 until it reaches
0. We also set a counter threshold, αf, to ensure proper provisioning of QoS. When Cf grows up to
3. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
3
be αf, we may say these aggregate flows enter warning state. The Boolean variable Bf is set to be
1. If Cf reduces to be below αf, Bf is set to be 0. The flowchart of flow identification is depicted at
Figure 1. Legitimate traffic can be considered as attack traffic whenever they show certain
overloading behaviour. Therefore, we need another indicator(s) to assist to identify suspicious
traffic. Active query, like DNS amplification, usually introduces significant overhead to the
interface loading of the victim. Query frequency is in proportion to current network utilization
[13]. The network utilization information includes memory utilization and interface loading (CPU
utilization), which will be examined in the following.
Figure 1. Flowchart of flow identification
Let Mt be memory utilization observed at the receiver at time t. We have
(2)
We further check whether ∆Mt reaches incremental memory utilization threshold (Thm), a value
set by experienced operator to avoid memory exhaustion by extremely high traffic volume. If so,
the counter of incremental memory utilization, Cm, is incremented by 1. Otherwise, Cm is
decreased by 1 until it reaches 0. We use a counter, αm, to examine the continuity of potential
attack. When Cm increases up to αm, memory utilization enters warning state. The Boolean
variable, Bm, is set to be 1. When Cm decreases down below αm, Bm is set to be 0. Figure 2
represents the flowchart of memory utilization identification.
Again, we set Pt to be the CPU utilization measured at the receiver at time t. We have
(3)
4. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
4
Figure 2. Flowchart of memory utilization identification
Let Thp and Cp be the incremental threshold and the incremental counter of CPU utilization,
respectively. Whenever ∆Pt exceeds Thp, Cp is incremented by 1. Otherwise, Cp, is decreased by 1
until it reaches 0. When Cp reaches its upper bound threshold,αp, the CPU utilization enters
warning state. The Boolean variable Bp is set to be 1. Otherwise, Bp is initialized to be 0. Figure 3
is the flowchart of interface loading identification. Table 1 represents the status of combination of
three parameters, Bf, Bm and Bp. We have three status results: OK, minor warning and attack alert.
A flow is considered to be OK if passes through all the three parameters’ examination. A flow is
plausible if only pass one or two parameters’ tests. We may consider it as minor warning and
need one-way ANOVA test (will be described at section 3.3) to further verify. On the other hand,
a flow is said to be attack alert if fails all the three parameters’ tests or two parameters’ test (at
least including parameter Bp). The reason attack alert always includes parameter Bp is that an
increase on CPU utilization of the victim is an indication of DDoS attacks [13].
Minor warning traffic should be further identified by comparing the mean and variance of the
throughput of normal traffic. We use a one-way ANOVA (analysis of variance) to test the
difference of k group means. In this case, k=2. The attack traffic is generated randomly by
TFN2K (Tribe Flood, the Net 2K). We measure using a test statistic that has an F-distribution
with (k−1, n−k) degrees of freedom. The null hypothesis will be the throughput means of two
population, normal traffic and attack traffic, are equal, and alternative will be that the throughput
means of two population differ from each other. We have H0: µ1 = µ2, where µ1, µ2, are the mean
throughput of normal traffic and attack traffic, respectively.
H1: µ1 ≠ µ2.
The numerator (MSR) is the variability between group means. The denominator (MSE) measures
how much individual observations vary in each group from their group mean estimates. MSR is
the mean squared treatment and MSE is the mean squared error. MSR and MSE stands for
Regression Sum of Squares (SSR) and Error Sum of Squares (SSE) divided by its degrees of
freedom k−1 and n−k, respectively. If the ratio of MSR to MSE is significantly high, we can
5. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
5
conclude that the group means are significantly different from each other. The F-statistic is given
below.
,
where n is total number of observations, is the overall mean of all observations, and and
are the mean and the number of observations for the jth group, respectively. We assume the level
of significance (α) is 0.05. If the P-value computed from the samples is less than the level of
significance, α, we have evidence against the null hypothesis. That is, we reject the null
hypothesis and say that the result is statistically significant.
2.2. Response
The overall procedure of our system architecture is illustrated in Figure 4. The machine
information of symbol A-I are listed in Table 2. The scheme can be divided into three parts:
Attacker, Monitoring Server and Victim Host. There are two main modules within the Attacker: a
command module (tfn) and a Zombie module (td). The command module is the piece that
controls the Zombie. The command module tells the Zombies when to attack and with what
exploit. The Zombie runs on a machine in listening mode and waits to get commands from the
command module. The Attacker generates randomized UDP flood, TCP/SYN flood, ICMP/PING
flood, ICMP/SMURF flood, MIX flood (UDP/TCP/ICMP interchanged), TARGA3 flood (IP
stack penetration).
Figure 3. Flowchart of CPU utilization identification
6. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
6
Table 1. Status of combination of three parameters
Bf Bm Bsp Status
C1 0 0 0 OK
C2 0 0 1 minor warning
C3 0 1 0 minor warning
C4 0 1 1 attack alert
C5 1 1 1 attack alert
C6 1 0 0 minor warning
C7 1 0 1 attack alert
C8 1 1 0 minor warning
There are three modules in the Monitoring Server. They are Control module, Mirror module and
Statistics module. The Secure Shell (SSH) secures the remote connection to a remote machine.
The Control module writes a shell script to SSH command(s) to firewall (Figure 4(a)). The
Control module modifies the rule of IPTABLE based on the information provided by both Mirror
module (Figure 4(b)) and Statistics module (Figure 4(c)). Port mirroring is used on a switch to
send a copy of packets to the mirror module. Mirror module monitors the network traffic and
helps the administrators to diagnosis the network performance. Statistics module collects data
from victim host and mirror module. We use AWK to search for particular strings and modify the
data as required. Statistics module then does plotting in gnuplot script from perl. We use free
command and iostat command to get the information on available RAM and interface loading in
the victim host. The victim host output the related information to monitoring server for further
diagnosis.
Figure 4. System architecture
7. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
7
Table 2. Machine information
Symbol Specification OS Role
A
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Attacker
B
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Zombie
C DES-3200-26 Switch
D
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Firewall
E
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Monitorin
g Server
F DES-1024D Switch
G
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Victim
Host
H
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Server
I
Intel® Core™2 Duo E7500
RAM: 8 GB 1066 MHz DDR3 SDRAM
Linux
Fedora 20
Server
3. EXPERIMENTS AND EVALUATION
In this section, we analyse which combination is appropriate and discuss to take some action to
mitigate DDoS attack under each combination type. We implement the attack tool- TFN2K (Tribe
Flood, the Net 2K) on the attacker and evaluate the performance of the proposed system through
experiments based on the following criteria: 1) Comparison of resource utilization for normal
traffic and attack traffic; 2) The minimum cost to detect the attack traffic; 3) Correction of
detection result (false positive and false negative). We concentrate on four major DDoS attacks:
UDP flood, TCP SYN flood, ICMP flood and MIX flood.
3.1. Comparison of resource utilization for normal traffic and attack traffic
We first observe the real normal traffic traces captured at the campus network. Not only low
scale, but also large scale normal traffic are observed in the experiment. Figure 5 and Figure 6
have shown that low scale normal traffics featuring TCP and UDP mix and large scale TCP
traffic within 300 seconds, respectively. The throughput of TCP normal traffic drops periodically
due to transmission completion. Continuous sending a low rate traffic is another strategy for the
attackers to bring down a server. We found that the original TFN2K only generates constant-like
rate attack traffic. The reason is that the implementations of rand ( ) in original TFN2K have
serious shortcomings in the randomness, distribution and period of the sequence produced. At the
start, we use the original TFN2K as the attacker to command one single zombie to generate
constant-like rate attack traffic. Therefore, we may observe the stealthy behavior of the attacker.
Various types of attack traffic in term of throughput, system CPU utilization and memory
utilization are presented in Figure 7, Figure 8 and Figure 9, respectively. After the initial 30
seconds, the throughput jumps abruptly and achieves the maximum till the end of the attack
period (Figure 7). This is because the zombie is programed to direct attack traffic to the victim at
its maximum capacity. In Figure 8, we found that the system CPU usage is vulnerable to ICMP
flooding. In ICMP flooding, the attacker overwhelms the victim with ICMP echo request packets,
8. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
8
large ICMP packets, and other ICMP types to increase system CPU utilization, thereby slowing
down the victim. We can conclude that ICMP flooding is CPU bound attack. The ideal way to
deal with such attack is to ban zero-sized UDP packets via netfilter. On the other hand, the other
three attacks have little effects on system CPU utilization. When flooded with DDoS attack
messages, the victim uses up all its memory (Figure 9). The four types of attack traffic constantly
and evenly saturate the victim's memory. The victim host is then unable to perform operations
that need additional memory.
Figure 5. Throughput (bit(s)/s), low scale normal traffic
Figure 6. Throughput (bit(s)/s), large scale TCP normal traffic
9. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
9
Figure 7. Throughput (bit(s)/s), constant rate attack traffic
Figure 8. System CPU utilization (%), constant rate attack traffic
Figure 9. Memory utilization (%), constant rate attack traffic
In order to simulate the real DDoS traffic, we replace rand ( ) with /dev/random in flood.c, ip.c
and tribe.c of TFN2K. /dev/random is a special file that serves as a blocking pseudorandom
number generator. The attacker triggers n zombies for every 1/∆ second, where n is randomly
selected from 1 to 4. On receiving the commands from the attacker, the zombies start to forward
the attack traffic to the victim. In Figure 10, we found that the throughput of randomized attack
10. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
10
flooding grows variably over time, which is in contrast to that of Figure 7. Therefore, we may
conclude that the throughput on the increase (Figure 10) or a sudden change in the average
incoming traffic (Figure 7) cannot be used as the only evidence of a DDoS attack. Figure 11
represents resource utilization with TCP SYN flooding between 40 and 300 seconds at 1 second
interval. TCP SYN flooding stimulates a surge of both system CPU utilization and memory
utilization. The data shows that the memory utilization grows faster even than we have expected.
The reason is that TCP SYN flooding exploits a memory exhaustion issue inherent in the design
of the TCP protocol. TCP SYN flooding initiates many connections without completing three-
way handshake, until the victim is exhausted and has no memory left to track the TCP connection
state for normal traffic.
0 100 200 300 400 500 600 700 800 900 1000
0
20
40
60
80
100
120
140
160
180
200
time (s)
throughput(1.0e+007*bit(s)/s)
Figure 10. Throughput (bit/s), randomized attack traffic flooding
3.2. The minimum cost to detect the attack traffic
The minimum cost here is said to be k and s. Let k be the minimum percentage of system resource
and s be the saturation time, respectively, exhausted by the attack traffic, such that the system
service is disrupted. Table 3-5 represents the evaluation result of parameter Thf, Thp and Thm,
respectively, for four types of attack traffic, which are measured by system operators 10 times.
Table 6 indicates the statistics of attack traffic. We run 1,000 samples for each trial. From Table 3,
we can find that the lowest value of Thf, 908,874 bits/s, is for TCP SYN Flood. Therefore, we
choose 900,000 bits/s as the recommended value of Thf. Similarly, the lowest value of Thp,
2.6x10-3
%, is for TCP SYN Flood (Table 4) and the lowest value of Thm, 1,096 bits/s, is for UDP
Flood (Table 5). We choose 3.0x10-3
% and 1,000 bits/s as the recommended value of Thp and
Thm, individually.
11. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
11
Table 3. Evaluation result of parameter Thf, attack traffic
Type of Attack Thf (packets/s) Thf (bits/s)
TCP SYN Flood 17,149 908,874
UDP Flood 32,504 1,415,646
ICMP Flood 45,509 4,647,782
Mix Flood 26,131 1,762,852
Table 4. Evaluation result of parameter Thp, attack traffic
Type of Attack Thp (%) k (%) Saturation time (s)
TCP SYN Flood 2.6x10-3
0.7 38,571
UDP Flood 4.4x10-3
1.2 22,500
ICMP Flood 6.1 x10-2
16.6 1,627
Mix Flood 4.1x10-3
1.1 24,545
Table 5. Evaluation result of parameter Thm, attack traffic
Type of Attack Thm (bits/s) k (%) Saturation time (s)
TCP SYN Flood 1,781 7 40
UDP Flood 1,096 7 65
ICMP Flood 6,995 11 16
Mix Flood 4,578 9 20
3.3. Correction of detection result
Suspicious traffic should be further identified by comparing the mean x and variance D of the
throughput of normal traffic. d is represented as the standard deviation. Table 6 and 7 indicates
statistics of large scale normal traffic and attack traffic on 10 trials, respectively. The large scale
normal traffic are for data obtained in 10-second interval at every o’clock from 8 AM to 5 PM.
The attack traffic is generated randomly by TFN2K. We use 360 samples (6/min × 60 min(s)/hour)
for each trial. We measure using a test statistic that has an F-distribution with (k−1, n−k) degrees
of freedom. In this case, k=2 and n=360. If the P-value computed from the samples is less than
the level of significance, α, we have evidence against the null hypothesis. That is, we reject the
null hypothesis and say that the result is statistically significant. From Table 8, we can find that
only the P-value of trial 3 is great than 0.05, we do not reject the null hypothesis. That is, the
throughput means of normal traffic and attack traffic is not statistically significant.
Table 6. Throughput statistics of normal traffic on 10 trials
Trial # Mean (x)
(1.0e+008 * b/s)
Standard deviation (s)
(1.0e+008 * b/s)
Variance (D)
(1.0e+008 * b/s)
1 0.0652 0.0204 4.1695
2 0.0639 0.0203 4.1309
3 0.0649 0.0203 4.1032
4 0.0651 0.0202 4.0728
5 0.0644 0.0206 4.2405
6 0.0655 0.0202 4.0630
7 0.0653 0.0197 3.8744
8 0.0653 0.0204 4.1675
9 0.0649 0.0204 4.1805
10 0.0655 0.0199 3.9488
12. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
12
Table 7. Throughput statistics of randomized attack traffic on 10 trials
Trial # Mean (x)
(1.0e+010 * b/s)
Standard deviation (s)
(1.0e+010 * b/s)
Variance (D)
(1.0e+010 * b/s)
1 0.0581 0.0468 2.1873
2 0.0511 0.0407 1.6578
3 0.0517 0.0419 1.7575
4 0.0460 0.0366 1.3377
5 0.0589 0.0467 2.1822
6 0.0506 0.0410 1.6798
7 0.0468 0.0388 1.5028
8 0.0485 0.0400 1.5964
9 0.0482 0.0388 1.5018
10 0.0570 0.0463 2.1429
Table 8. One-way ANOVA statistics on 10 trials
Trial # F P-value
1 19.21 1.42197e-05
2 58.86 8.45398e-14
3 2.90 0.0893
4 48.55 9.81709e-12
5 34.45 7.82179e-09
6 40.55 4.23702e-10
7 8.66 0.0034
8 4.21 0.0407
9 26.01 4.77702e-07
10 37.93 1.47365e-09
In this section, we validate and tune the model to find the optimal value of parameter αf, αm and
αp. False negative rate (FNR) is the possibilities of identifying attack traffic as non-defective,
while false positive rate (FPR) is the possibilities of recognizing normal traffic as defective. We
estimate FNR and FPR in the presence of both attacks traffic and normal traffic. Figure 11(a)
represents the FNR and FPR for the counter threshold of throughput, αf, respectively. FNR grows
as the value of αf increases. We found that FNR becomes stable in case of αf >6. On the other
hand, FPR declines slightly in the beginning and remains steady in case of αf >6. Both FNR and
FPR are so high because they mistake attack traffic for benign traffic, and mistake high-rate
normal traffic for attack traffic as well. However, if we use one-way ANOVA to further test
group variation by considering time-of-day variation of normal traffic, both of the FNR and FPR
decrease dramatically (Figure 11(b)). Combing one-way ANOVA is shown to be more effective
to differentiate between attack traffic and normal traffic.
13. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
13
Figure 11(a). FNR and FPR for the counter threshold of throughput (αf)
f
1 2 3 4 5 6 7 8 9 10
*10-3
0
0.1
0.2
0.3
0.4
0.5
0.6
0.7
0.8
0.9
1
FNR
FPR
Figure 11(b). FNR and FPR for the counter threshold of throughput (αf) with AVOVA test
Figure 12(a) shows both of the FNR and FPR for the counter threshold of memory utilization, αm.
FNR surges as αm rises up to 25. However, FPR plummets more than 50 % as αm grows up to 50.
A lower αm is fast to detect attack traffic, but may cause erroneous detection of normal traffic as
attack traffic (causing higher FPR). On the flip side, a higher threshold value is needed to take
time to detect the attack traffic, and thus is easily to identify the attack traffic as the normal traffic
erroneously (causing higher FNR). Both of FNR and FPR drop significantly when introducing
one-way ANOVA test to further discriminate the normal traffic and the attack traffic (Figure
12(b)).
14. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
14
Figure 12(a). FNR and FPR for the counter threshold of memory utilization (αm)
Figure 12(b). FNR and FPR for the counter threshold of memory utilization (αm) with AVOVA test
Figure 13(a) has shown the FNR and FPR for evaluating the counter threshold of system CPU
utilization (αp). As we can see, increasing the value of αp does not have high impact on FPR in
case of αp>3. On the other hand, the FNR increases gradually when αp exceeds 1.5. As mentioned
above, both of the FNR and FPR drop significantly if additionally running one-way ANOVA test
(Figure 13(b)). We consider αp=2.5 as an optimal value since it keeps FNR and FPR at low value
at the same time.
15. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
15
Figure 13(a). FNR and FPR for the counter threshold of system CPU utilization (αp)
Figure 13(b). FNR and FPR for the counter threshold of system CPU utilization (αp) with AVOVA test
In the following, we compare the proposed scheme with the other two− Scalable detection [6] and
Live bait [7] by studying effectiveness in terms of FPR and FNR. In order to detect attackers in
an effective way, we have to choose the detection threshold properly, which can be derived from
the results of above mentioned experiments. We pick αf =1, αm=25 and αp=3 as the optimal value
of the proposed scheme. As shown in Figure 14(a), the FPR increases as the increasing number of
zombies for all of three schemes. The proposed scheme has better performance than the other two
since it further analyzes performance in terms of throughput, CPU utilization and memory
utilization. Scalable detection has much higher FPR in the presence of a large number of zombies,
which cause a higher number of imbalance counter of bad flows [6]. Figure 14(b) has shown that
16. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
16
FNR increases as the number of zombies grows for Live Bait while remains constant for both of
the proposed and Scalable detection. The reason is that Live Bait does not effectively deal with
increasing number of attackers, which generate low-rate request as legitimate traffic [7]. As
mentioned above, the proposed scheme can effectively detect DDoS attacks with additional
consideration of ANOVA test.
Number of Zombies
10 20 30 40 50 60 70 80 90 100
FPR(*10-3
)
0
2
4
6
8
10
12
Live bait
Scalable detection
The proposed scheme with ANOVA
Figure 14(a). FPR comparison
Figure 14(b). FNR comparison
17. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
17
4. CONCLUSIONS
In the paper, we has proposed a novel rule-based DDoS detection scheme along with ANOVA
test, in which three types of system resource usage are examined. The strength of this paper is
that it makes use of real traffic traces captured at the east campus of Pingtung University.
Furthermore, we analyse the performance of the proposed system under the conditions imposed
by both of the normal traffic and the TFN2K attack. Secondly, we find the minimum cost, such as
the saturation time and critical point, for attack traffic to saturate the victim. Thirdly, a thorough
investigation on comparison of the proposed scheme and the other well-known schemes is
presented. Our analysis and experiments demonstrate that the proposed scheme can work very
well with suitable combination and fine tuning of threshold value. In the future, we would like to
implement the real-time traffic detection in a high-speed network.
REFERENCES
[1] Shang, Y., Luo, W. and Xu, S. (2011) “L-hop percolation on networks with arbitrary degree
distributions and its applications,” Phys. Rev. E 84, 031113.
[2] Yu, S., Zhou, W., Doss, R. and Jia, W. (2011) “Traceback of DDoS Attacks Using Entropy
Variations,” IEEE Transactions on Parallel and Distributed Systems, Vol. 22, No. 3.
[3] Soundar Rajam, V. K., Selvaram, G., Pradeep Kumar M. and Mercy Shalinie S. (2013) “Autonomous
system based traceback mechanism for DDoS attack,” 2013 Fifth International Conference on
Advanced Computing (ICoAC).
[4] Yu, S., Zhou, W., Guo, S. and Guo, M. (2013) “A dynamical deterministic packet marking scheme
for DDoS traceback,” GLOBECOM 2013 - IEEE Global Telecommunications Conference, Vol. 32,
No. 1.
[5] Kiremire, A., Brust, M and Phoha, V. (2014) “Topology-dependent performance of attack graph
reconstruction in PPM-based IP traceback,” CCNC 2014 - 11th IEEE Consumer Communications and
Networking Conference, Vol. 11, No. 1.
[6] Kompella, R. R., Singh, S. and Varghese, G (2007) “On scalable attack detection in the network,”
IEEE/ACM Transactions on Networking, Vol. 15, No. 1, pp14-25.
[7] Khattab, S., Gobriel, S., Melhem, R. and Mosse, D. (2008) “Live Baiting for Service-Level DoS
Attackers,” INFOCOM 2008, IEEE - 27th Conference on Computer Communications.
[8] Liu, H., Sun, Y., Valgenti V. and Kim, M. (2011) “TrustGuard: A flow-level reputation-based DDoS
defense system,” CCNC 2011 - 8th IEEE Consumer Communications and Networking Conference,
Vol. 8, No. 1.
[9] Yoon, M., Li, T., Chen, S. and Peir, J.-K. (2011) “Fit a Compact Spread Estimator in Small High-
Speed Memory,” IEEE/ACM Transactions on Networking, Vol. 19, No. 5.
[10] Salah, K., Elbadawi, K. and Boutaba, R. (2012) “Performance Modelling and Analysis of Network
Firewalls,” IEEE Transactions on Network and Service Management, Vol. 9, No. 1.
[11] François, J., Aib, I. and Boutaba, R. (2012) “FireCol: A Collaborative Protection Network for the
Detection of Flooding DDoS Attacks,” IEEE/ACM Transactions on Networking, Vol. 20, No. 6.
[12] Gangam, S., Sharma, P. and Fahmy, S. (2013) “Pegasus: Precision hunting for icebergs and
anomalies in network flows,” IEEE INFOCOM 2013 - 32th IEEE International Conference on
Computer Communications, Vol. 32, No. 1.
[13] Wang, Y., Zhang, Y., Singh, V., Lumezanu C. and Jiang, G. (2013) “NetFuse: Short-circuiting traffic
surges in the cloud,” ICC 2013 - IEEE International Conference on Communications, Vol. 36, No. 1.
[14] Chen, Y., Ma, X. and Wu, X. (2013) “DDoS Detection Algorithm Based on Preprocessing Network
Traffic Predicted Method and Chaos Theory,” IEEE Communications Letters, Vol. 17, No. 5.
[15] Kiruthika Devi, B.S., Preetha, G., Selvaram, G. and Mercy Shalinie, S. (2014) “An Impact Analysis:
Real Time DDoS Attack Detection and Mitigation using Machine Learning,” 2014 International
Conference on Recent Trends in Information Technology.
[16] Jog, M., Natu M. and Shelke, S. (2015) ” Distributed capabilities-based DDoS defense,”
International Conference on Pervasive Computing (ICPC).
18. International Journal of Network Security & Its Applications (IJNSA) Vol.8, No.5, September 2016
18
[17] Zargar, S.T., Joshi, J. and Tipper, D. (2013) “A Survey of Defense Mechanisms against Distributed
Denial of Service (DDoS) Flooding Attacks,” IEEE Communications Surveys & Tutorials, Vol. 15,
No. 4.
[18] Liu, Y., Chen, W. and Guan, Y. (2012) “A fast sketch for aggregate queries over high-speed network
traffic,” IEEE INFOCOM 2012 - 31th IEEE International Conference on Computer Communications,
Vol. 31, No. 1.
[19] Sadre, R., Sperotto, A. and Pras, A. (2012) “The effects of DDoS attacks on flow monitoring
applications,” NOMS 2012 - 13th IEEE/IFIP Network Operations and Management Symposium, Vol.
13, No. 1.
[20] Rontti, T., Juuso, A.-M. and Takanen, A. (2012) “Preventing DoS Attacks in NGN Networks with
Proactive Specification-Based Fuzzing,” IEEE Communications Magazine, Vol. 50, No. 9.
[21] Khor, S. and Nakao, A. (2011) “MI: Cross-layer malleable identity,” ICC 2011 - IEEE International
Conference on Communications, Vol. 34, No. 1.
[22] Vashist, A., Chadha, R., Kaplan, M. and Moeltner, K. (2012) “Detecting communication anomalies in
tactical networks via graph learning,” MILCOM 2012 - IEEE Military Communications Conference,
Vol. 31, No. 1.
[23] Wei, W., Chen, F., Xia, Y. and Jin, G. (2013) “A Rank Correlation Based Detection against
Distributed Reflection DoS Attacks,” IEEE Communications Letters, Vol. 17, No. 1.
[24] Xie Y. and Yu, S.-Z. (2009) “Monitoring the application-layer DDOS attacks for popular websites,”
IEEE/ACM Transactions on Networking, Vol. 17, No. 1, pp15-25.
[25] Ranjan, S., Swaminathan, R., Uysal, M., Nucci, A. and Knightly, E. (2009) “DDoS-shield: DDoS-
resilient scheduling to counter application layer attacks,” IEEE/ACM Transactions on Networking,
Vol. 17, No. 1, pp26-39.
[26] Wang, J. (2011) “Web DDoS detection schemes based on measuring user's access behavior with large
deviation,” GLOBECOM 2011 - IEEE Global Telecommunications Conference, Vol. 30, No. 1.
[27] Lua, R.-P., Wah, C. and Ng, W. (2014) “Cornstarch Effect: Intensifying flow resistance for increasing
DDoS attacks in autonomous overlays,” CCNC 2014 - 11th IEEE Consumer Communications and
Networking Conference, Vol. 11, No. 1.
[28] Liu, L., Jin, X., Min, G. and Xu, L. (2012) “Real-Time Diagnosis of Network Anomaly Based on
Statistical Traffic Analysis,” 2012 IEEE 11th International Conference on Trust, Security and Privacy
in Computing and Communications.
[29] Purwanto, Y., Kuspriyanto, Hendrawan and Rahardjo, B. (2014) “Traffic anomaly detection in DDoS
flooding attack,” 2014 8th International Conference on Telecommunication Systems Services and
Applications (TSSA).
[30] Toulouse, M., Minh, B.Q., Curtis, P. (2015) “A Consensus Based Network Intrusion Detection
System,” 2015 5th International Conference on IT Convergence and Security (ICITCS).