Slow denial of service attack (DoS) is a tricky issue in software-defined network (SDN) as it uses less bandwidth to attack a server. In this paper, a slow-rate DoS attack called Slowloris is detected and mitigated on Apache2 and Nginx servers using a methodology called an intelligent system for slow DoS detection using machine learning (ISSDM) in SDN. Data generation module of ISSDM generates dataset with response time, the number of connections, timeout, and pattern match as features. Data are generated in a real environment using Apache2, Nginx server, Zodiac FX OpenFlow switch and Ryu controller. Monte Carlo simulation is used to estimate threshold values for attack classification. Further, ISSDM performs header inspection using regular expressions to mark flows as legitimate or attacked during data generation. The proposed feature selection module of ISSDM, called blended statistical and information gain (BSIG), selects those features that contribute best to classification. These features are used for classification by various machine learning and deep learning models. Results are compared with feature selection methods like Chi-square, T-test, and information gain.
Cybersecurity Threat Detection of Anomaly Based DDoS Attack Using Machine Lea...IRJET Journal
This document discusses machine learning techniques for detecting distributed denial of service (DDoS) attacks. It reviews related work applying methods like decision trees, support vector machines, naive Bayes, and deep learning to identify DDoS attacks based on network traffic patterns. The document evaluates these algorithms based on accuracy metrics and processing time. It also explores feature selection and parameter tuning to optimize model performance and training efficiency for detecting DDoS attacks.
An approach for slow distributed denial of service attack detection and allev...nooriasukmaningtyas
Over the last few years, the need for programmable networks has captured the interest of industrialists and academicians. It has led to the development of a paradigm called software defined network (SDN). It separates the network intelligence into the control plane and forwarding logic into the data plane. This architecture gives scope to various security issues of which denial of service (DoS) is the most common and challenging to detect. This paper focuses on the detection and mitigation of a slow DoS attack called Slowloris on Apache2 server in SDN based networks. The proposed solution is called Slowloris detection and mitigation mechanism (SDMM). Mininet, an emulator, and SimpleHTTPServer are used for simulation and the same is implemented using Zodiac FX OpenFlow switch, Ryu controller and Apache2 server. SDMM algorithm detects and mitigates prolonged Slowloris attack in typical networks as well as in slow networks with low bandwidth and high delay in 240-280s with an accuracy of 100% and 98% respectively. It uses expectation of burst size as a key factor for detection.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEIJNSA Journal
Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and
diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds
of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack
based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively
new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since
only the normal data is required for training, it is effective for detection of application-layer DDoS attack.
In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal
users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS
attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection
method.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
This document summarizes a research paper that proposes a new method for identifying denial of service (DoS) attacks using multivariate correlation analysis (MCA). The method involves three main steps: 1) generating basic features from network traffic, 2) using MCA to extract correlations between features and generate triangle area maps, and 3) using an anomaly-based detection mechanism to distinguish attacks from normal traffic based on differences from pre-generated normal profiles. The researchers evaluate their method on the KDD Cup 99 dataset and achieve moderate detection performance. However, they identify issues related to differences in feature scales that reduce detection of some attacks. They propose using statistical normalization to address this.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Design & Implementation of Secure AODV In Multicast Routing To Detect DDOS At...IJNSA Journal
The wireless ad hoc network is particularly vulnerable to DOS attacks due to its features of open medium, dynamic changing topology, cooperative algorithms, decentralization of the protocols, and lack of a clear line of defense is a growing problem in networks today. In Mobile Ad hoc Networks (MANET), various types of Denial of Service Attacks (DOS) are possible because of the inherent limitations of its routing protocols. In this paper we will secure the MANET from the DDOS attack. DDOS attacks are similar to DOS attacks but there is a difference between them and that is DDOS attacks involve breaking in to hundreds or thousands of machines, so for this reason, this attack called Distributed. Very often, systems that use for attack is a part of the networks and users of these systems don’t know about that, their systems used for attack to another systems. This kind of attack, consume more bandwidth and uses more sources in network. . In this work, we study the effect of one of the important attacks that called DDOS in MANET on most vulnerability protocol that named AODV. The product of this study is detection of DDOS attack by
using AODV (adhoc on demand distance vector) protocol. Proposed scheme is distributed in nature it has the capability to prevent Distributed DOS (DDOS) as well..
Cybersecurity Threat Detection of Anomaly Based DDoS Attack Using Machine Lea...IRJET Journal
This document discusses machine learning techniques for detecting distributed denial of service (DDoS) attacks. It reviews related work applying methods like decision trees, support vector machines, naive Bayes, and deep learning to identify DDoS attacks based on network traffic patterns. The document evaluates these algorithms based on accuracy metrics and processing time. It also explores feature selection and parameter tuning to optimize model performance and training efficiency for detecting DDoS attacks.
An approach for slow distributed denial of service attack detection and allev...nooriasukmaningtyas
Over the last few years, the need for programmable networks has captured the interest of industrialists and academicians. It has led to the development of a paradigm called software defined network (SDN). It separates the network intelligence into the control plane and forwarding logic into the data plane. This architecture gives scope to various security issues of which denial of service (DoS) is the most common and challenging to detect. This paper focuses on the detection and mitigation of a slow DoS attack called Slowloris on Apache2 server in SDN based networks. The proposed solution is called Slowloris detection and mitigation mechanism (SDMM). Mininet, an emulator, and SimpleHTTPServer are used for simulation and the same is implemented using Zodiac FX OpenFlow switch, Ryu controller and Apache2 server. SDMM algorithm detects and mitigates prolonged Slowloris attack in typical networks as well as in slow networks with low bandwidth and high delay in 240-280s with an accuracy of 100% and 98% respectively. It uses expectation of burst size as a key factor for detection.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
APPLICATION-LAYER DDOS DETECTION BASED ON A ONE-CLASS SUPPORT VECTOR MACHINEIJNSA Journal
Application-layer Distributed Denial-of-Service (DDoS) attack takes advantage of the complexity and
diversity of network protocols and services. This kind of attacks is more difficult to prevent than other kinds
of DDoS attacks. This paper introduces a novel detection mechanism for application-layer DDoS attack
based on a One-Class Support Vector Machine (OC-SVM). Support vector machine (SVM) is a relatively
new machine learning technique based on statistics. OC-SVM is a special variant of the SVM and since
only the normal data is required for training, it is effective for detection of application-layer DDoS attack.
In this detection strategy, we first extract 7 features from normal users’ sessions. Then, we build normal
users’ browsing models by using OC-SVM. Finally, we use these models to detect application-layer DDoS
attacks. Numerical results based on simulation experiments demonstrate the efficacy of our detection
method.
A New Way of Identifying DOS Attack Using Multivariate Correlation Analysisijceronline
This document summarizes a research paper that proposes a new method for identifying denial of service (DoS) attacks using multivariate correlation analysis (MCA). The method involves three main steps: 1) generating basic features from network traffic, 2) using MCA to extract correlations between features and generate triangle area maps, and 3) using an anomaly-based detection mechanism to distinguish attacks from normal traffic based on differences from pre-generated normal profiles. The researchers evaluate their method on the KDD Cup 99 dataset and achieve moderate detection performance. However, they identify issues related to differences in feature scales that reduce detection of some attacks. They propose using statistical normalization to address this.
Distributed Denial of Service (DDoS) attack is the most severe cyber-attack that
affects the availability of critical applications. The attackers identify the weakness in
the machines and compromise them to involve in the flooding attack. During the
DDOS attack generation, they also gain access to secret information. These
computers are then used to wage a DDoS Attack in host’s computer. Through many
security measures have been taken in order to stop DDOS Attack to be protect our
data, the attackers have developed new techniques and attack methodology. Hence it
is very important that instead of reacting to new attacks, it is necessary to build a
complete DDoS solution that will defend all types of DDoS attacks. So, the
researchers must understand the cyber space and methods utilized to block the DDoS
attacks. The proposed system provides a unique method to detect DDoS attack using
Splunk. We propose two methods for prevention of DDoS attack. One is using
Randomly generated Captchas and other one is using Linux bash script to prevent
DDoS attack by automatically blocking IP of the client, who is sending multiple
request at a time.
Secure intrusion detection and countermeasure selection in virtual system usi...eSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology
Design & Implementation of Secure AODV In Multicast Routing To Detect DDOS At...IJNSA Journal
The wireless ad hoc network is particularly vulnerable to DOS attacks due to its features of open medium, dynamic changing topology, cooperative algorithms, decentralization of the protocols, and lack of a clear line of defense is a growing problem in networks today. In Mobile Ad hoc Networks (MANET), various types of Denial of Service Attacks (DOS) are possible because of the inherent limitations of its routing protocols. In this paper we will secure the MANET from the DDOS attack. DDOS attacks are similar to DOS attacks but there is a difference between them and that is DDOS attacks involve breaking in to hundreds or thousands of machines, so for this reason, this attack called Distributed. Very often, systems that use for attack is a part of the networks and users of these systems don’t know about that, their systems used for attack to another systems. This kind of attack, consume more bandwidth and uses more sources in network. . In this work, we study the effect of one of the important attacks that called DDOS in MANET on most vulnerability protocol that named AODV. The product of this study is detection of DDOS attack by
using AODV (adhoc on demand distance vector) protocol. Proposed scheme is distributed in nature it has the capability to prevent Distributed DOS (DDOS) as well..
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
This document discusses detecting distributed denial-of-service (DDoS) attacks on software defined networks (SDNs). It first provides background on SDNs and DDoS attacks. It then reviews related research on DDoS detection methods for SDNs. The document evaluates these methods based on results using the KDD99 dataset in a simulated SDN environment. It finds that the Double P-value of Transductive Confidence Machines for K-Nearest Neighbors (DPTCM-KNN) method achieved the highest true positive rate and lowest false positive rate, making it the most efficient approach for detecting anomalous flows in SDNs.
Q-learning based distributed denial of service detectionIJECEIAES
This document summarizes a research paper that proposes a new approach for detecting distributed denial of service (DDoS) attacks in software-defined networks using Q-learning. The proposed approach uses entropy detection and Q-learning to enhance detection and reduce false positives and negatives. Results show the approach detects DDoS attacks faster than entropy detection alone and ensures service continuity for legitimate users by redirecting traffic. The approach increases throughput by up to 50% compared to other methods.
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
Using Grid Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared networks of configurable computing resources, without the burden of local data storage and maintenance. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). The basic idea of dynamic secrets is to generate a series of secrets from unavoidable transmission errors and other random factors in wireless communications In DSE, the previous packets are coded as binary values 0 and 1 according to whether they are retransmitted due to channel error. This 0/1 sequence is called as retransmission sequence (RS) which is applied to generate dynamic secret (DS). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS.
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
Using Grid Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared networks of configurable computing resources, without the burden of local data storage and maintenance. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). The basic idea of dynamic secrets is to generate a series of secrets from unavoidable transmission errors and other random factors in wireless communications In DSE, the previous packets are coded as binary values 0 and 1 according to whether they are retransmitted due to channel error. This 0/1 sequence is called as retransmission sequence (RS) which is applied to generate dynamic secret (DS). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS.
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
Using Grid Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared networks of configurable computing resources, without the burden of local data storage and maintenance. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). The basic idea of dynamic secrets is to generate a series of secrets from unavoidable transmission errors and other random factors in wireless communications In DSE, the previous packets are coded as binary values 0 and 1 according to whether they are retransmitted due to channel error. This 0/1 sequence is called as retransmission sequence (RS) which is applied to generate dynamic secret (DS). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS
Security and risk analysis in the cloud with software defined networking arch...IJECEIAES
Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both costeffective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data.
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Efficient ddos attacks security scheme using asvseSAT Journals
Abstract A distributed Denial of Service (DDoS) attack enables higher threats to the internet. There are so many scheme designed to identify the node which is to be attacker node. The real process is such as we want to trace the source of the attacker and enable security to our network. The protocol introduced here, called Adaptive Selective Verification with Stub (ASVS) is shown to use bandwidth efficiently and uses stub creation. The Stub procedure to reduce the server load at the time of emergency and congestion. Using this stub idea we can store the ASVS protocol procedure in the server and we can have the stub in the every client so that we can detect the hacker system by the client itself. We use omniscient protocol which enables to send information about the attacker to all the clients. Keywordss: Adaptive Selective Verification With Stub (ASVS), Distributive Denial Of Service Attacks (DDoS) Flooding, Performance Analysis.
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
A system for denial of-service attack detection based on multivariate correla...IGEEKS TECHNOLOGIES
The document proposes a denial-of-service (DoS) attack detection system using multivariate correlation analysis (MCA) to accurately characterize network traffic. It extracts geometric correlations between network traffic features using triangle area maps. This anomaly-based system can detect both known and unknown DoS attacks by learning patterns in legitimate traffic. Evaluation on the KDD Cup 99 dataset shows it outperforms two previous state-of-the-art methods in detection accuracy.
Three level intrusion detection system based on conditional generative advers...IJECEIAES
Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
This document proposes a scalable framework using SDN and machine learning techniques to detect and mitigate DDoS attacks in large-scale networks. The framework uses a lightweight detection layer implemented across multiple controllers to detect anomalies locally using entropy calculations. It also includes a heavyweight detection layer in a centralized system that employs machine learning for more accurate detection. The goal is to provide robust intrusion detection that can quickly detect network attacks efficiently in large networks.
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...IJCNCJournal
This document discusses a study that proposes a dynamic entropy-based method for detecting DDoS attacks in SDN environments. The study introduces using dynamic threshold values that change over time based on the entropy value variability of network traffic windows, to help predict system state and detect new attacks more accurately compared to static thresholds. The study also evaluates the proposed method in a practical SDN testbed environment, not just in simulations, and finds it can rapidly detect DDoS attacks with high accuracy.
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...IJCNCJournal
Software-Defined Network (SDN) is an innovative network architecture with the goal of providing the flexibility and simplicity in network operation and management through a centralized controller. These features help SDN to easily adapt tothe expansion of networkrequirements, but it is also a weakness when it comes to security. With centralized architecture, SDN is vulnerable to cyber-attacks, especially Distributed Denial of Service (DDoS) attack. DDoS is a popular attack type which consumes all network resources and causes congestion in the entire network. In this research, we will introduce a DDoS detection model based on the statistical method with a dynamic threshold value that changes over time. Along with the simulation result, we build a practical SDN model to apply our method, the results show that our method can detectD DoS attacks rapidly with high accuracy.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
More Related Content
Similar to An intelligent system to detect slow denial of service attacks in software-defined networks
IRJET- Detection of Distributed Denial-of-Service (DDos) Attack on Software D...IRJET Journal
This document discusses detecting distributed denial-of-service (DDoS) attacks on software defined networks (SDNs). It first provides background on SDNs and DDoS attacks. It then reviews related research on DDoS detection methods for SDNs. The document evaluates these methods based on results using the KDD99 dataset in a simulated SDN environment. It finds that the Double P-value of Transductive Confidence Machines for K-Nearest Neighbors (DPTCM-KNN) method achieved the highest true positive rate and lowest false positive rate, making it the most efficient approach for detecting anomalous flows in SDNs.
Q-learning based distributed denial of service detectionIJECEIAES
This document summarizes a research paper that proposes a new approach for detecting distributed denial of service (DDoS) attacks in software-defined networks using Q-learning. The proposed approach uses entropy detection and Q-learning to enhance detection and reduce false positives and negatives. Results show the approach detects DDoS attacks faster than entropy detection alone and ensures service continuity for legitimate users by redirecting traffic. The approach increases throughput by up to 50% compared to other methods.
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
Using Grid Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared networks of configurable computing resources, without the burden of local data storage and maintenance. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). The basic idea of dynamic secrets is to generate a series of secrets from unavoidable transmission errors and other random factors in wireless communications In DSE, the previous packets are coded as binary values 0 and 1 according to whether they are retransmitted due to channel error. This 0/1 sequence is called as retransmission sequence (RS) which is applied to generate dynamic secret (DS). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS.
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
Using Grid Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared networks of configurable computing resources, without the burden of local data storage and maintenance. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). The basic idea of dynamic secrets is to generate a series of secrets from unavoidable transmission errors and other random factors in wireless communications In DSE, the previous packets are coded as binary values 0 and 1 according to whether they are retransmitted due to channel error. This 0/1 sequence is called as retransmission sequence (RS) which is applied to generate dynamic secret (DS). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS.
DIVISION AND REPLICATION OF DATA IN GRID FOR OPTIMAL PERFORMANCE AND SECURITYijgca
Using Grid Storage, users can remotely store their data and enjoy the on-demand high quality applications and services from a shared networks of configurable computing resources, without the burden of local data storage and maintenance. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS. In this project based on the dynamic secrets proposed design an encryption scheme for SG wireless communication, named as dynamic secret-based encryption (DSE). The basic idea of dynamic secrets is to generate a series of secrets from unavoidable transmission errors and other random factors in wireless communications In DSE, the previous packets are coded as binary values 0 and 1 according to whether they are retransmitted due to channel error. This 0/1 sequence is called as retransmission sequence (RS) which is applied to generate dynamic secret (DS). Dynamic encryption key (DEK) is updated by XOR the previous DEK with current DS
Security and risk analysis in the cloud with software defined networking arch...IJECEIAES
Cloud computing has emerged as the actual trend in business information technology service models, since it provides processing that is both costeffective and scalable. Enterprise networks are adopting software-defined networking (SDN) for network management flexibility and lower operating costs. Information technology (IT) services for enterprises tend to use both technologies. Yet, the effects of cloud computing and software defined networking on business network security are unclear. This study addresses this crucial issue. In a business network that uses both technologies, we start by looking at security, namely distributed denial-of-service (DDoS) attack defensive methods. SDN technology may help organizations protect against DDoS assaults provided the defensive architecture is structured appropriately. To mitigate DDoS attacks, we offer a highly configurable network monitoring and flexible control framework. We present a dataset shift-resistant graphic model-based attack detection system for the new architecture. The simulation findings demonstrate that our architecture can efficiently meet the security concerns of the new network paradigm and that our attack detection system can report numerous threats using real-world network data.
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Efficient ddos attacks security scheme using asvseSAT Journals
Abstract A distributed Denial of Service (DDoS) attack enables higher threats to the internet. There are so many scheme designed to identify the node which is to be attacker node. The real process is such as we want to trace the source of the attacker and enable security to our network. The protocol introduced here, called Adaptive Selective Verification with Stub (ASVS) is shown to use bandwidth efficiently and uses stub creation. The Stub procedure to reduce the server load at the time of emergency and congestion. Using this stub idea we can store the ASVS protocol procedure in the server and we can have the stub in the every client so that we can detect the hacker system by the client itself. We use omniscient protocol which enables to send information about the attacker to all the clients. Keywordss: Adaptive Selective Verification With Stub (ASVS), Distributive Denial Of Service Attacks (DDoS) Flooding, Performance Analysis.
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
A system for denial of-service attack detection based on multivariate correla...IGEEKS TECHNOLOGIES
The document proposes a denial-of-service (DoS) attack detection system using multivariate correlation analysis (MCA) to accurately characterize network traffic. It extracts geometric correlations between network traffic features using triangle area maps. This anomaly-based system can detect both known and unknown DoS attacks by learning patterns in legitimate traffic. Evaluation on the KDD Cup 99 dataset shows it outperforms two previous state-of-the-art methods in detection accuracy.
Three level intrusion detection system based on conditional generative advers...IJECEIAES
Security threat protection is important in the internet of things (IoT) applications since both the connected device and the captured data can be hacked or hijacked or both at the same time. To tackle the above-mentioned problem, we proposed three-level intrusion detection system conditional generative adversarial network (3LIDS-CGAN) model which includes four phases such as first-level intrusion detection system (IDS), second-level IDS, third-level IDS, and attack type classification. In first-level IDS, features of the incoming packets are extracted by the firewall. Based on the extracted features the packets are classified into three classes such as normal, malicious, and suspicious using support vector machine and golden eagle optimization. Suspicious packets are forwarded to the second-level IDS which classified the suspicious packets as normal or malicious. Here, signature-based intrusions are detected using attack history information, and anomaly-based intrusions are detected using event-based semantic mapping. In third-level IDS, adversary packets are detected using CGAN which automatically learns the adversarial environment and detects adversary packets accurately. Finally, proximal policy optimization is proposed to detect the attack type. Experiments are conducted using the NS-3.26 network simulator and performance is evaluated by various performance metrics which results that the proposed 3LIDS-CGAN model outperforming other existing works.
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
IEEE 2014 DOTNET PARALLEL DISTRIBUTED PROJECTS A system-for-denial-of-service...IEEEMEMTECHSTUDENTPROJECTS
To Get any Project for CSE, IT ECE, EEE Contact Me @ 09666155510, 09849539085 or mail us - ieeefinalsemprojects@gmail.com-Visit Our Website: www.finalyearprojects.org
IRJET- SDN Multi-Controller based Framework to Detect and Mitigate DDoS i...IRJET Journal
This document proposes a scalable framework using SDN and machine learning techniques to detect and mitigate DDoS attacks in large-scale networks. The framework uses a lightweight detection layer implemented across multiple controllers to detect anomalies locally using entropy calculations. It also includes a heavyweight detection layer in a centralized system that employs machine learning for more accurate detection. The goal is to provide robust intrusion detection that can quickly detect network attacks efficiently in large networks.
DDOS ATTACKS DETECTION USING DYNAMIC ENTROPY INSOFTWARE-DEFINED NETWORK PRACT...IJCNCJournal
This document discusses a study that proposes a dynamic entropy-based method for detecting DDoS attacks in SDN environments. The study introduces using dynamic threshold values that change over time based on the entropy value variability of network traffic windows, to help predict system state and detect new attacks more accurately compared to static thresholds. The study also evaluates the proposed method in a practical SDN testbed environment, not just in simulations, and finds it can rapidly detect DDoS attacks with high accuracy.
DDoS Attacks Detection using Dynamic Entropy in Software-Defined Network Prac...IJCNCJournal
Software-Defined Network (SDN) is an innovative network architecture with the goal of providing the flexibility and simplicity in network operation and management through a centralized controller. These features help SDN to easily adapt tothe expansion of networkrequirements, but it is also a weakness when it comes to security. With centralized architecture, SDN is vulnerable to cyber-attacks, especially Distributed Denial of Service (DDoS) attack. DDoS is a popular attack type which consumes all network resources and causes congestion in the entire network. In this research, we will introduce a DDoS detection model based on the statistical method with a dynamic threshold value that changes over time. Along with the simulation result, we build a practical SDN model to apply our method, the results show that our method can detectD DoS attacks rapidly with high accuracy.
COPYRIGHTThis thesis is copyright materials protected under the .docxvoversbyobersby
COPYRIGHT
This thesis is copyright materials protected under the Berne Convection, the copyright Act 1999 and other international and national enactments in that behalf, on intellectual property. It may not be reproduced by any means in full or in part except for short extracts in fair dealing so for research or private study, critical scholarly review or discourse with acknowledgment, with written permission of the Dean School of Graduate Studies on behalf of both the author and XXX XXX University.ABSTRACT
With Fast growing internet world the risk of intrusion has also increased, as a result Intrusion Detection System (IDS) is the admired key research field. IDS are used to identify any suspicious activity or patterns in the network or machine, which endeavors the security features or compromise the machine. IDS majorly use all the features of the data. It is a keen observation that all the features are not of equal relevance for the detection of attacks. Moreover every feature does not contribute in enhancing the system performance significantly. The main aim of the work done is to develop an efficient denial of service network intrusion classification model. The specific objectives included: to analyse existing literature in intrusion detection systems; what are the techniques used to model IDS, types of network attacks, performance of various machine learning tools, how are network intrusion detection systems assessed; to find out top network traffic attributes that can be used to model denial of service intrusion detection; to develop a machine learning model for detection of denial of service network intrusion.Methods: The research design was experimental and data was collected by simulation using NSL-KDD dataset. By implementing Correlation Feature Selection (CFS) mechanism using three search algorithms, a smallest set of features is selected with all the features that are selected very frequently. Findings: The smallest subset of features chosen is the most nominal among all the feature subset found. Further, the performances using Artificial neural networks(ANN), decision trees, Support Vector Machines (SVM) and K-Nearest Neighbour (KNN) classifiers is compared for 7 subsets found by filter model and 41 attributes. Results: The outcome indicates a remarkable improvement in the performance metrics used for comparison of the two classifiers. The results show that using 17/18 selected features improves DOS types classification accuracies as compared to using the 41 features in the NSL-KDD dataset. It was further observed that using an ensemble of three classifiers with decision fusion performs better as compared to using a single classifier for DOS type’s classification. Among machine learning tools experimented, ANN achieved best classification accuracies followed by SVM and DT. KNN registered the lowest classification accuracies. Application: The proposed work with such an improved detection rate and lesser classification time and lar.
Preemptive modelling towards classifying vulnerability of DDoS attack in SDN ...IJECEIAES
Software-Defined Networking (SDN) has become an essential networking concept towards escalating the networking capabilities that are highly demanded future internet system, which is immensely distributed in nature. Owing to the novel concept in the field of network, it is still shrouded with security problems. It is also found that the Distributed Denial-of-Service (DDoS) attack is one of the prominent problems in the SDN environment. After reviewing existing research solutions towards resisting DDoS attack in SDN, it is found that still there are many open-end issues. Therefore, these issues are identified and are addressed in this paper in the form of a preemptive model of security. Different from existing approaches, this model is capable of identifying any malicious activity that leads to a DDoS attack by performing a correct classification of attack strategy using a machine learning approach. The paper also discusses the applicability of best classifiers using machine learning that is effective against DDoS attack.
Optimized Intrusion Detection System using Deep Learning Algorithmijtsrd
A method and a system for the detection of an intrusion in a computer network compare the network traffic of the computer network at multiple different points in the network. In an uncompromised network the network traffic monitored at these two different points in the network should be identical. A network intrusion detection system is mostly place at strategic points in a network, so that it can monitor the traffic traveling to or from different devices on that network. The existing Software Defined Network SDN proposes the separation of forward and control planes by introducing a new independent plane called network controller. Machine learning is an artificial intelligence approach that focuses on acquiring knowledge from raw data and, based at least in part on the identified flow, selectively causing the packet, or a packet descriptor associated with the packet. The performance is evaluated using the network analysis metrics such as key generation delay, key sharing delay and the hash code generation time for both SDN and the proposed machine learning SDN. Prof P. Damodharan | K. Veena | Dr N. Suguna "Optimized Intrusion Detection System using Deep Learning Algorithm" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-2 , February 2019, URL: https://www.ijtsrd.com/papers/ijtsrd21447.pdf
Paper URL: https://www.ijtsrd.com/engineering/other/21447/optimized-intrusion-detection-system-using-deep-learning-algorithm/prof-p-damodharan
Similar to An intelligent system to detect slow denial of service attacks in software-defined networks (20)
Redefining brain tumor segmentation: a cutting-edge convolutional neural netw...IJECEIAES
Medical image analysis has witnessed significant advancements with deep learning techniques. In the domain of brain tumor segmentation, the ability to
precisely delineate tumor boundaries from magnetic resonance imaging (MRI)
scans holds profound implications for diagnosis. This study presents an ensemble convolutional neural network (CNN) with transfer learning, integrating
the state-of-the-art Deeplabv3+ architecture with the ResNet18 backbone. The
model is rigorously trained and evaluated, exhibiting remarkable performance
metrics, including an impressive global accuracy of 99.286%, a high-class accuracy of 82.191%, a mean intersection over union (IoU) of 79.900%, a weighted
IoU of 98.620%, and a Boundary F1 (BF) score of 83.303%. Notably, a detailed comparative analysis with existing methods showcases the superiority of
our proposed model. These findings underscore the model’s competence in precise brain tumor localization, underscoring its potential to revolutionize medical
image analysis and enhance healthcare outcomes. This research paves the way
for future exploration and optimization of advanced CNN models in medical
imaging, emphasizing addressing false positives and resource efficiency.
Embedded machine learning-based road conditions and driving behavior monitoringIJECEIAES
Car accident rates have increased in recent years, resulting in losses in human lives, properties, and other financial costs. An embedded machine learning-based system is developed to address this critical issue. The system can monitor road conditions, detect driving patterns, and identify aggressive driving behaviors. The system is based on neural networks trained on a comprehensive dataset of driving events, driving styles, and road conditions. The system effectively detects potential risks and helps mitigate the frequency and impact of accidents. The primary goal is to ensure the safety of drivers and vehicles. Collecting data involved gathering information on three key road events: normal street and normal drive, speed bumps, circular yellow speed bumps, and three aggressive driving actions: sudden start, sudden stop, and sudden entry. The gathered data is processed and analyzed using a machine learning system designed for limited power and memory devices. The developed system resulted in 91.9% accuracy, 93.6% precision, and 92% recall. The achieved inference time on an Arduino Nano 33 BLE Sense with a 32-bit CPU running at 64 MHz is 34 ms and requires 2.6 kB peak RAM and 139.9 kB program flash memory, making it suitable for resource-constrained embedded systems.
Advanced control scheme of doubly fed induction generator for wind turbine us...IJECEIAES
This paper describes a speed control device for generating electrical energy on an electricity network based on the doubly fed induction generator (DFIG) used for wind power conversion systems. At first, a double-fed induction generator model was constructed. A control law is formulated to govern the flow of energy between the stator of a DFIG and the energy network using three types of controllers: proportional integral (PI), sliding mode controller (SMC) and second order sliding mode controller (SOSMC). Their different results in terms of power reference tracking, reaction to unexpected speed fluctuations, sensitivity to perturbations, and resilience against machine parameter alterations are compared. MATLAB/Simulink was used to conduct the simulations for the preceding study. Multiple simulations have shown very satisfying results, and the investigations demonstrate the efficacy and power-enhancing capabilities of the suggested control system.
Neural network optimizer of proportional-integral-differential controller par...IJECEIAES
Wide application of proportional-integral-differential (PID)-regulator in industry requires constant improvement of methods of its parameters adjustment. The paper deals with the issues of optimization of PID-regulator parameters with the use of neural network technology methods. A methodology for choosing the architecture (structure) of neural network optimizer is proposed, which consists in determining the number of layers, the number of neurons in each layer, as well as the form and type of activation function. Algorithms of neural network training based on the application of the method of minimizing the mismatch between the regulated value and the target value are developed. The method of back propagation of gradients is proposed to select the optimal training rate of neurons of the neural network. The neural network optimizer, which is a superstructure of the linear PID controller, allows increasing the regulation accuracy from 0.23 to 0.09, thus reducing the power consumption from 65% to 53%. The results of the conducted experiments allow us to conclude that the created neural superstructure may well become a prototype of an automatic voltage regulator (AVR)-type industrial controller for tuning the parameters of the PID controller.
An improved modulation technique suitable for a three level flying capacitor ...IJECEIAES
This research paper introduces an innovative modulation technique for controlling a 3-level flying capacitor multilevel inverter (FCMLI), aiming to streamline the modulation process in contrast to conventional methods. The proposed
simplified modulation technique paves the way for more straightforward and
efficient control of multilevel inverters, enabling their widespread adoption and
integration into modern power electronic systems. Through the amalgamation of
sinusoidal pulse width modulation (SPWM) with a high-frequency square wave
pulse, this controlling technique attains energy equilibrium across the coupling
capacitor. The modulation scheme incorporates a simplified switching pattern
and a decreased count of voltage references, thereby simplifying the control
algorithm.
A review on features and methods of potential fishing zoneIJECEIAES
This review focuses on the importance of identifying potential fishing zones in seawater for sustainable fishing practices. It explores features like sea surface temperature (SST) and sea surface height (SSH), along with classification methods such as classifiers. The features like SST, SSH, and different classifiers used to classify the data, have been figured out in this review study. This study underscores the importance of examining potential fishing zones using advanced analytical techniques. It thoroughly explores the methodologies employed by researchers, covering both past and current approaches. The examination centers on data characteristics and the application of classification algorithms for classification of potential fishing zones. Furthermore, the prediction of potential fishing zones relies significantly on the effectiveness of classification algorithms. Previous research has assessed the performance of models like support vector machines, naïve Bayes, and artificial neural networks (ANN). In the previous result, the results of support vector machine (SVM) were 97.6% more accurate than naive Bayes's 94.2% to classify test data for fisheries classification. By considering the recent works in this area, several recommendations for future works are presented to further improve the performance of the potential fishing zone models, which is important to the fisheries community.
Electrical signal interference minimization using appropriate core material f...IJECEIAES
As demand for smaller, quicker, and more powerful devices rises, Moore's law is strictly followed. The industry has worked hard to make little devices that boost productivity. The goal is to optimize device density. Scientists are reducing connection delays to improve circuit performance. This helped them understand three-dimensional integrated circuit (3D IC) concepts, which stack active devices and create vertical connections to diminish latency and lower interconnects. Electrical involvement is a big worry with 3D integrates circuits. Researchers have developed and tested through silicon via (TSV) and substrates to decrease electrical wave involvement. This study illustrates a novel noise coupling reduction method using several electrical involvement models. A 22% drop in electrical involvement from wave-carrying to victim TSVs introduces this new paradigm and improves system performance even at higher THz frequencies.
Electric vehicle and photovoltaic advanced roles in enhancing the financial p...IJECEIAES
Climate change's impact on the planet forced the United Nations and governments to promote green energies and electric transportation. The deployments of photovoltaic (PV) and electric vehicle (EV) systems gained stronger momentum due to their numerous advantages over fossil fuel types. The advantages go beyond sustainability to reach financial support and stability. The work in this paper introduces the hybrid system between PV and EV to support industrial and commercial plants. This paper covers the theoretical framework of the proposed hybrid system including the required equation to complete the cost analysis when PV and EV are present. In addition, the proposed design diagram which sets the priorities and requirements of the system is presented. The proposed approach allows setup to advance their power stability, especially during power outages. The presented information supports researchers and plant owners to complete the necessary analysis while promoting the deployment of clean energy. The result of a case study that represents a dairy milk farmer supports the theoretical works and highlights its advanced benefits to existing plants. The short return on investment of the proposed approach supports the paper's novelty approach for the sustainable electrical system. In addition, the proposed system allows for an isolated power setup without the need for a transmission line which enhances the safety of the electrical network
Bibliometric analysis highlighting the role of women in addressing climate ch...IJECEIAES
Fossil fuel consumption increased quickly, contributing to climate change
that is evident in unusual flooding and draughts, and global warming. Over
the past ten years, women's involvement in society has grown dramatically,
and they succeeded in playing a noticeable role in reducing climate change.
A bibliometric analysis of data from the last ten years has been carried out to
examine the role of women in addressing the climate change. The analysis's
findings discussed the relevant to the sustainable development goals (SDGs),
particularly SDG 7 and SDG 13. The results considered contributions made
by women in the various sectors while taking geographic dispersion into
account. The bibliometric analysis delves into topics including women's
leadership in environmental groups, their involvement in policymaking, their
contributions to sustainable development projects, and the influence of
gender diversity on attempts to mitigate climate change. This study's results
highlight how women have influenced policies and actions related to climate
change, point out areas of research deficiency and recommendations on how
to increase role of the women in addressing the climate change and
achieving sustainability. To achieve more successful results, this initiative
aims to highlight the significance of gender equality and encourage
inclusivity in climate change decision-making processes.
Voltage and frequency control of microgrid in presence of micro-turbine inter...IJECEIAES
The active and reactive load changes have a significant impact on voltage
and frequency. In this paper, in order to stabilize the microgrid (MG) against
load variations in islanding mode, the active and reactive power of all
distributed generators (DGs), including energy storage (battery), diesel
generator, and micro-turbine, are controlled. The micro-turbine generator is
connected to MG through a three-phase to three-phase matrix converter, and
the droop control method is applied for controlling the voltage and
frequency of MG. In addition, a method is introduced for voltage and
frequency control of micro-turbines in the transition state from gridconnected mode to islanding mode. A novel switching strategy of the matrix
converter is used for converting the high-frequency output voltage of the
micro-turbine to the grid-side frequency of the utility system. Moreover,
using the switching strategy, the low-order harmonics in the output current
and voltage are not produced, and consequently, the size of the output filter
would be reduced. In fact, the suggested control strategy is load-independent
and has no frequency conversion restrictions. The proposed approach for
voltage and frequency regulation demonstrates exceptional performance and
favorable response across various load alteration scenarios. The suggested
strategy is examined in several scenarios in the MG test systems, and the
simulation results are addressed.
Enhancing battery system identification: nonlinear autoregressive modeling fo...IJECEIAES
Precisely characterizing Li-ion batteries is essential for optimizing their
performance, enhancing safety, and prolonging their lifespan across various
applications, such as electric vehicles and renewable energy systems. This
article introduces an innovative nonlinear methodology for system
identification of a Li-ion battery, employing a nonlinear autoregressive with
exogenous inputs (NARX) model. The proposed approach integrates the
benefits of nonlinear modeling with the adaptability of the NARX structure,
facilitating a more comprehensive representation of the intricate
electrochemical processes within the battery. Experimental data collected
from a Li-ion battery operating under diverse scenarios are employed to
validate the effectiveness of the proposed methodology. The identified
NARX model exhibits superior accuracy in predicting the battery's behavior
compared to traditional linear models. This study underscores the
importance of accounting for nonlinearities in battery modeling, providing
insights into the intricate relationships between state-of-charge, voltage, and
current under dynamic conditions.
Smart grid deployment: from a bibliometric analysis to a surveyIJECEIAES
Smart grids are one of the last decades' innovations in electrical energy.
They bring relevant advantages compared to the traditional grid and
significant interest from the research community. Assessing the field's
evolution is essential to propose guidelines for facing new and future smart
grid challenges. In addition, knowing the main technologies involved in the
deployment of smart grids (SGs) is important to highlight possible
shortcomings that can be mitigated by developing new tools. This paper
contributes to the research trends mentioned above by focusing on two
objectives. First, a bibliometric analysis is presented to give an overview of
the current research level about smart grid deployment. Second, a survey of
the main technological approaches used for smart grid implementation and
their contributions are highlighted. To that effect, we searched the Web of
Science (WoS), and the Scopus databases. We obtained 5,663 documents
from WoS and 7,215 from Scopus on smart grid implementation or
deployment. With the extraction limitation in the Scopus database, 5,872 of
the 7,215 documents were extracted using a multi-step process. These two
datasets have been analyzed using a bibliometric tool called bibliometrix.
The main outputs are presented with some recommendations for future
research.
Use of analytical hierarchy process for selecting and prioritizing islanding ...IJECEIAES
One of the problems that are associated to power systems is islanding
condition, which must be rapidly and properly detected to prevent any
negative consequences on the system's protection, stability, and security.
This paper offers a thorough overview of several islanding detection
strategies, which are divided into two categories: classic approaches,
including local and remote approaches, and modern techniques, including
techniques based on signal processing and computational intelligence.
Additionally, each approach is compared and assessed based on several
factors, including implementation costs, non-detected zones, declining
power quality, and response times using the analytical hierarchy process
(AHP). The multi-criteria decision-making analysis shows that the overall
weight of passive methods (24.7%), active methods (7.8%), hybrid methods
(5.6%), remote methods (14.5%), signal processing-based methods (26.6%),
and computational intelligent-based methods (20.8%) based on the
comparison of all criteria together. Thus, it can be seen from the total weight
that hybrid approaches are the least suitable to be chosen, while signal
processing-based methods are the most appropriate islanding detection
method to be selected and implemented in power system with respect to the
aforementioned factors. Using Expert Choice software, the proposed
hierarchy model is studied and examined.
Enhancing of single-stage grid-connected photovoltaic system using fuzzy logi...IJECEIAES
The power generated by photovoltaic (PV) systems is influenced by
environmental factors. This variability hampers the control and utilization of
solar cells' peak output. In this study, a single-stage grid-connected PV
system is designed to enhance power quality. Our approach employs fuzzy
logic in the direct power control (DPC) of a three-phase voltage source
inverter (VSI), enabling seamless integration of the PV connected to the
grid. Additionally, a fuzzy logic-based maximum power point tracking
(MPPT) controller is adopted, which outperforms traditional methods like
incremental conductance (INC) in enhancing solar cell efficiency and
minimizing the response time. Moreover, the inverter's real-time active and
reactive power is directly managed to achieve a unity power factor (UPF).
The system's performance is assessed through MATLAB/Simulink
implementation, showing marked improvement over conventional methods,
particularly in steady-state and varying weather conditions. For solar
irradiances of 500 and 1,000 W/m2
, the results show that the proposed
method reduces the total harmonic distortion (THD) of the injected current
to the grid by approximately 46% and 38% compared to conventional
methods, respectively. Furthermore, we compare the simulation results with
IEEE standards to evaluate the system's grid compatibility.
Enhancing photovoltaic system maximum power point tracking with fuzzy logic-b...IJECEIAES
Photovoltaic systems have emerged as a promising energy resource that
caters to the future needs of society, owing to their renewable, inexhaustible,
and cost-free nature. The power output of these systems relies on solar cell
radiation and temperature. In order to mitigate the dependence on
atmospheric conditions and enhance power tracking, a conventional
approach has been improved by integrating various methods. To optimize
the generation of electricity from solar systems, the maximum power point
tracking (MPPT) technique is employed. To overcome limitations such as
steady-state voltage oscillations and improve transient response, two
traditional MPPT methods, namely fuzzy logic controller (FLC) and perturb
and observe (P&O), have been modified. This research paper aims to
simulate and validate the step size of the proposed modified P&O and FLC
techniques within the MPPT algorithm using MATLAB/Simulink for
efficient power tracking in photovoltaic systems.
Adaptive synchronous sliding control for a robot manipulator based on neural ...IJECEIAES
Robot manipulators have become important equipment in production lines, medical fields, and transportation. Improving the quality of trajectory tracking for
robot hands is always an attractive topic in the research community. This is a
challenging problem because robot manipulators are complex nonlinear systems
and are often subject to fluctuations in loads and external disturbances. This
article proposes an adaptive synchronous sliding control scheme to improve trajectory tracking performance for a robot manipulator. The proposed controller
ensures that the positions of the joints track the desired trajectory, synchronize
the errors, and significantly reduces chattering. First, the synchronous tracking
errors and synchronous sliding surfaces are presented. Second, the synchronous
tracking error dynamics are determined. Third, a robust adaptive control law is
designed,the unknown components of the model are estimated online by the neural network, and the parameters of the switching elements are selected by fuzzy
logic. The built algorithm ensures that the tracking and approximation errors
are ultimately uniformly bounded (UUB). Finally, the effectiveness of the constructed algorithm is demonstrated through simulation and experimental results.
Simulation and experimental results show that the proposed controller is effective with small synchronous tracking errors, and the chattering phenomenon is
significantly reduced.
Remote field-programmable gate array laboratory for signal acquisition and de...IJECEIAES
A remote laboratory utilizing field-programmable gate array (FPGA) technologies enhances students’ learning experience anywhere and anytime in embedded system design. Existing remote laboratories prioritize hardware access and visual feedback for observing board behavior after programming, neglecting comprehensive debugging tools to resolve errors that require internal signal acquisition. This paper proposes a novel remote embeddedsystem design approach targeting FPGA technologies that are fully interactive via a web-based platform. Our solution provides FPGA board access and debugging capabilities beyond the visual feedback provided by existing remote laboratories. We implemented a lab module that allows users to seamlessly incorporate into their FPGA design. The module minimizes hardware resource utilization while enabling the acquisition of a large number of data samples from the signal during the experiments by adaptively compressing the signal prior to data transmission. The results demonstrate an average compression ratio of 2.90 across three benchmark signals, indicating efficient signal acquisition and effective debugging and analysis. This method allows users to acquire more data samples than conventional methods. The proposed lab allows students to remotely test and debug their designs, bridging the gap between theory and practice in embedded system design.
Detecting and resolving feature envy through automated machine learning and m...IJECEIAES
Efficiently identifying and resolving code smells enhances software project quality. This paper presents a novel solution, utilizing automated machine learning (AutoML) techniques, to detect code smells and apply move method refactoring. By evaluating code metrics before and after refactoring, we assessed its impact on coupling, complexity, and cohesion. Key contributions of this research include a unique dataset for code smell classification and the development of models using AutoGluon for optimal performance. Furthermore, the study identifies the top 20 influential features in classifying feature envy, a well-known code smell, stemming from excessive reliance on external classes. We also explored how move method refactoring addresses feature envy, revealing reduced coupling and complexity, and improved cohesion, ultimately enhancing code quality. In summary, this research offers an empirical, data-driven approach, integrating AutoML and move method refactoring to optimize software project quality. Insights gained shed light on the benefits of refactoring on code quality and the significance of specific features in detecting feature envy. Future research can expand to explore additional refactoring techniques and a broader range of code metrics, advancing software engineering practices and standards.
Smart monitoring technique for solar cell systems using internet of things ba...IJECEIAES
Rapidly and remotely monitoring and receiving the solar cell systems status parameters, solar irradiance, temperature, and humidity, are critical issues in enhancement their efficiency. Hence, in the present article an improved smart prototype of internet of things (IoT) technique based on embedded system through NodeMCU ESP8266 (ESP-12E) was carried out experimentally. Three different regions at Egypt; Luxor, Cairo, and El-Beheira cities were chosen to study their solar irradiance profile, temperature, and humidity by the proposed IoT system. The monitoring data of solar irradiance, temperature, and humidity were live visualized directly by Ubidots through hypertext transfer protocol (HTTP) protocol. The measured solar power radiation in Luxor, Cairo, and El-Beheira ranged between 216-1000, 245-958, and 187-692 W/m 2 respectively during the solar day. The accuracy and rapidity of obtaining monitoring results using the proposed IoT system made it a strong candidate for application in monitoring solar cell systems. On the other hand, the obtained solar power radiation results of the three considered regions strongly candidate Luxor and Cairo as suitable places to build up a solar cells system station rather than El-Beheira.
An efficient security framework for intrusion detection and prevention in int...IJECEIAES
Over the past few years, the internet of things (IoT) has advanced to connect billions of smart devices to improve quality of life. However, anomalies or malicious intrusions pose several security loopholes, leading to performance degradation and threat to data security in IoT operations. Thereby, IoT security systems must keep an eye on and restrict unwanted events from occurring in the IoT network. Recently, various technical solutions based on machine learning (ML) models have been derived towards identifying and restricting unwanted events in IoT. However, most ML-based approaches are prone to miss-classification due to inappropriate feature selection. Additionally, most ML approaches applied to intrusion detection and prevention consider supervised learning, which requires a large amount of labeled data to be trained. Consequently, such complex datasets are impossible to source in a large network like IoT. To address this problem, this proposed study introduces an efficient learning mechanism to strengthen the IoT security aspects. The proposed algorithm incorporates supervised and unsupervised approaches to improve the learning models for intrusion detection and mitigation. Compared with the related works, the experimental outcome shows that the model performs well in a benchmark dataset. It accomplishes an improved detection accuracy of approximately 99.21%.
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Transcat
Join us for this solutions-based webinar on the tools and techniques for commissioning and maintaining PV Systems. In this session, we'll review the process of building and maintaining a solar array, starting with installation and commissioning, then reviewing operations and maintenance of the system. This course will review insulation resistance testing, I-V curve testing, earth-bond continuity, ground resistance testing, performance tests, visual inspections, ground and arc fault testing procedures, and power quality analysis.
Fluke Solar Application Specialist Will White is presenting on this engaging topic:
Will has worked in the renewable energy industry since 2005, first as an installer for a small east coast solar integrator before adding sales, design, and project management to his skillset. In 2022, Will joined Fluke as a solar application specialist, where he supports their renewable energy testing equipment like IV-curve tracers, electrical meters, and thermal imaging cameras. Experienced in wind power, solar thermal, energy storage, and all scales of PV, Will has primarily focused on residential and small commercial systems. He is passionate about implementing high-quality, code-compliant installation techniques.
Particle Swarm Optimization–Long Short-Term Memory based Channel Estimation w...IJCNCJournal
Paper Title
Particle Swarm Optimization–Long Short-Term Memory based Channel Estimation with Hybrid Beam Forming Power Transfer in WSN-IoT Applications
Authors
Reginald Jude Sixtus J and Tamilarasi Muthu, Puducherry Technological University, India
Abstract
Non-Orthogonal Multiple Access (NOMA) helps to overcome various difficulties in future technology wireless communications. NOMA, when utilized with millimeter wave multiple-input multiple-output (MIMO) systems, channel estimation becomes extremely difficult. For reaping the benefits of the NOMA and mm-Wave combination, effective channel estimation is required. In this paper, we propose an enhanced particle swarm optimization based long short-term memory estimator network (PSOLSTMEstNet), which is a neural network model that can be employed to forecast the bandwidth required in the mm-Wave MIMO network. The prime advantage of the LSTM is that it has the capability of dynamically adapting to the functioning pattern of fluctuating channel state. The LSTM stage with adaptive coding and modulation enhances the BER.PSO algorithm is employed to optimize input weights of LSTM network. The modified algorithm splits the power by channel condition of every single user. Participants will be first sorted into distinct groups depending upon respective channel conditions, using a hybrid beamforming approach. The network characteristics are fine-estimated using PSO-LSTMEstNet after a rough approximation of channels parameters derived from the received data.
Keywords
Signal to Noise Ratio (SNR), Bit Error Rate (BER), mm-Wave, MIMO, NOMA, deep learning, optimization.
Volume URL: https://airccse.org/journal/ijc2022.html
Abstract URL:https://aircconline.com/abstract/ijcnc/v14n5/14522cnc05.html
Pdf URL: https://aircconline.com/ijcnc/V14N5/14522cnc05.pdf
#scopuspublication #scopusindexed #callforpapers #researchpapers #cfp #researchers #phdstudent #researchScholar #journalpaper #submission #journalsubmission #WBAN #requirements #tailoredtreatment #MACstrategy #enhancedefficiency #protrcal #computing #analysis #wirelessbodyareanetworks #wirelessnetworks
#adhocnetwork #VANETs #OLSRrouting #routing #MPR #nderesidualenergy #korea #cognitiveradionetworks #radionetworks #rendezvoussequence
Here's where you can reach us : ijcnc@airccse.org or ijcnc@aircconline.com
Determination of Equivalent Circuit parameters and performance characteristic...pvpriya2
Includes the testing of induction motor to draw the circle diagram of induction motor with step wise procedure and calculation for the same. Also explains the working and application of Induction generator
Sachpazis_Consolidation Settlement Calculation Program-The Python Code and th...Dr.Costas Sachpazis
Consolidation Settlement Calculation Program-The Python Code
By Professor Dr. Costas Sachpazis, Civil Engineer & Geologist
This program calculates the consolidation settlement for a foundation based on soil layer properties and foundation data. It allows users to input multiple soil layers and foundation characteristics to determine the total settlement.
Applications of artificial Intelligence in Mechanical Engineering.pdfAtif Razi
Historically, mechanical engineering has relied heavily on human expertise and empirical methods to solve complex problems. With the introduction of computer-aided design (CAD) and finite element analysis (FEA), the field took its first steps towards digitization. These tools allowed engineers to simulate and analyze mechanical systems with greater accuracy and efficiency. However, the sheer volume of data generated by modern engineering systems and the increasing complexity of these systems have necessitated more advanced analytical tools, paving the way for AI.
AI offers the capability to process vast amounts of data, identify patterns, and make predictions with a level of speed and accuracy unattainable by traditional methods. This has profound implications for mechanical engineering, enabling more efficient design processes, predictive maintenance strategies, and optimized manufacturing operations. AI-driven tools can learn from historical data, adapt to new information, and continuously improve their performance, making them invaluable in tackling the multifaceted challenges of modern mechanical engineering.
This study Examines the Effectiveness of Talent Procurement through the Imple...DharmaBanothu
In the world with high technology and fast
forward mindset recruiters are walking/showing interest
towards E-Recruitment. Present most of the HRs of
many companies are choosing E-Recruitment as the best
choice for recruitment. E-Recruitment is being done
through many online platforms like Linkedin, Naukri,
Instagram , Facebook etc. Now with high technology E-
Recruitment has gone through next level by using
Artificial Intelligence too.
Key Words : Talent Management, Talent Acquisition , E-
Recruitment , Artificial Intelligence Introduction
Effectiveness of Talent Acquisition through E-
Recruitment in this topic we will discuss about 4important
and interlinked topics which are
Open Channel Flow: fluid flow with a free surfaceIndrajeet sahu
Open Channel Flow: This topic focuses on fluid flow with a free surface, such as in rivers, canals, and drainage ditches. Key concepts include the classification of flow types (steady vs. unsteady, uniform vs. non-uniform), hydraulic radius, flow resistance, Manning's equation, critical flow conditions, and energy and momentum principles. It also covers flow measurement techniques, gradually varied flow analysis, and the design of open channels. Understanding these principles is vital for effective water resource management and engineering applications.
An intelligent system to detect slow denial of service attacks in software-defined networks
1. International Journal of Electrical and Computer Engineering (IJECE)
Vol. 13, No. 3, June 2023, pp. 3099~3110
ISSN: 2088-8708, DOI: 10.11591/ijece.v13i3.pp3099-3110 3099
Journal homepage: http://ijece.iaescore.com
An intelligent system to detect slow denial of service attacks in
software-defined networks
Prathima Mabel John, Rama Mohan Babu Kasturi Nagappasetty
Department of Information Science and Engineering, Dayananda Sagar College of Engineering, Visvesvaraya Technological University,
Bengaluru, India
Article Info ABSTRACT
Article history:
Received May 18, 2022
Revised Oct 12, 2022
Accepted Dec 2, 2022
Slow denial of service attack (DoS) is a tricky issue in software-defined
network (SDN) as it uses less bandwidth to attack a server. In this paper, a
slow-rate DoS attack called Slowloris is detected and mitigated on Apache2
and Nginx servers using a methodology called an intelligent system for slow
DoS detection using machine learning (ISSDM) in SDN. Data generation
module of ISSDM generates dataset with response time, the number of
connections, timeout, and pattern match as features. Data are generated in a
real environment using Apache2, Nginx server, Zodiac FX OpenFlow switch
and Ryu controller. Monte Carlo simulation is used to estimate threshold
values for attack classification. Further, ISSDM performs header inspection
using regular expressions to mark flows as legitimate or attacked during data
generation. The proposed feature selection module of ISSDM, called
blended statistical and information gain (BSIG), selects those features that
contribute best to classification. These features are used for classification by
various machine learning and deep learning models. Results are compared
with feature selection methods like Chi-square, T-test, and information gain.
Keywords:
Machine learning
Multi-layer perceptron
Slow DoS attack
Slowloris
Software-defined network
This is an open access article under the CC BY-SA license.
Corresponding Author:
Prathima Mabel John
Department of Information Science and Engineering, Dayananda Sagar College of Engineering
Visvesvaraya Technological University
Kumarswamy Layout, Bengaluru-560078, India
Email: prathimamabel-ise@dayanandasagar.edu
1. INTRODUCTION
Computer networks have enormously evolved over the years to enable high standards of data
communication in science and technology. The amount of data that needs to be handled by the network is
vast. In such a scenario, it is highly desirable to have an easily manageable and programmable network that is
vendor independent. The ease of programmable networks has gained the attention of many researchers and
data center professionals in recent times. One such architecture that provides a high degree of
programmability in networking is software-defined network (SDN). It is a new paradigm of networking
where the entire network is divided into two planes: the control plane and the data plane. The data plane is
responsible for carrying data via network elements like hosts, switches, routers, and gateways. The behavior
of the data plane is controlled by a device called a controller which is present in the control plane.
The controller is the brain of the network and runs algorithms to provide network services. The
control plane interfaces with the data plane with the help of a protocol called OpenFlow. OpenFlow acts as
the carrier of messages between the control and data planes. It coordinates the functions of the data plane by
installing rules in the OpenFlow tables that are maintained in the OpenFlow switches of the data plane. The
controller formulates these rules using algorithms. Even though the SDN brings many advantages concerning
2. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 3099-3110
3100
programmability, its centralized architecture makes it more vulnerable to attacks. Therefore, it is of the
utmost importance to secure the controller.
SDN can be attacked in several ways, as explained in [1]. A compromised control plane is a major
risk SDN can face. A common type of attack that can bring SDN down is the distributed denial of service
(DDoS) attack. It is a type of attack where the attacker establishes many connections to the server to exhaust
its thread pool. This brings the server down and makes it unavailable to other genuine users who want to
connect to the server. A DDoS attack can be large and voluminous, like flooding, or low and slow, like a
slow DoS attack. This paper deals with the detection of slow DoS attacks on Apache2 and Nginx servers in
an SDN network.
Slow DoS attacks are usually application-level attacks that bring the server down when the attacker
generates many concurrent connection requests to the server. These connections are kept open indefinitely
until the attack is active. The most common slow attacks are Slowloris, R U Dead Yet, and Slow Read. They
exploit the hypertext transfer protocol (HTTP) request and response message headers to create attacks. This
paper deals with the detection and mitigation of Slowloris attacks. A Slowloris attack is generated by a script
that runs on the attacker’s machine. It creates enormous open connections by default to a web server and
keeps these connections active by sending incomplete HTTP GET messages every 15 seconds. The server
waits for the complete request to arrive without knowing that it has been attacked. This makes the server
inaccessible to other genuine users.
The proposed method in this paper, called an intelligent system for slow DoS detection using
machine learning (ISSDM), detects Slowloris attacks on Apache2 and Nginx servers. ISSDM has a data
generation module which monitors and records server parameters such as time to test, the number of
concurrent connections, and timeout statistics. The Apache Bench tool (ab) [2] is used to test the server
behavior. A Monte Carlo simulation is used for the estimation of the threshold value for the time to test and
connection count parameters. Along with monitoring server statistics, it performs header inspection to
identify the attack pattern in HTTP GET request headers using regular expression. The parameters generated
as a part of data generation module are recorded in a csv file. Parameters of CSV file are used as features for
attack classification using certain machine learning (ML) and deep learning models such as support vector
machine (SVM), k-nearest neighbors (KNN), decision trees (DT), naïve Bayes (NB), random forest (RF) and
multi-layer perceptron (MLP). ISSDM includes a proposed feature selection module called blended statistical
and information gain (BSIG). It is used to select the most suitable features for classification and increase the
accuracy of detection models. The performance of the detection models trained using BSIG is compared with
other feature selection methods such as the Chi-square test, T-test, and information gain. This work is carried
out in a laboratory set up with 20 clients, 3 Zodiac FX [3] OpenFlow switches, Apache2 server, Nginx server,
and Ryu controller [4]. Data are generated both for legitimate and attack scenarios for training the detection
models. Further, models are tested with attacks generated by the Slowloris script on the attacker nodes.
2. LITERATURE SURVEY
This section summarizes the work related to DoS attacks and methods to detect and mitigate them.
Research in [5] discusses DDoS, its evolution, its types, and the ways in which a normal system on the
internet becomes vulnerable to such vulnerabilities. DDoS depletes the victim’s resources by exhausting disk,
bandwidth, and other resources, thus making them unavailable to anyone who actually needs the resources.
Researchers describe two types of attacks: undetectable and devastating low-rate DDoS, and detectable high-
rate DDoS. John and Nagappasetty [6] proposes a slow DoS detection and mitigation method called
Slowloris detection and mitigation mechanism (SDMM). Detection used expectation of burst size based on
identification of bursts of data during slow DoS attack.
Pascoal et al. [7], [8] delve into two types of attacks called slow ternary content-addressable
memory (TCAM) exhaustion attack and slow saturation attack. These attacks deplete the TCAM of
OpenFlow switches by forcibly installing new forwarding rules. Another type of saturation attack called a
table miss striking attack is identified in [9]. It exploits sensitive packet fields to trigger a table miss and
initiate unnecessary communication between the control pane and the data plane. SDNGuardian is proposed
as a countermeasure to detect such attacks. A new algorithm, MultiQueue, which is designed to protect the
controller from DDoS attacks is proposed in [10]. In [11] to detect reduction of quality (RoQ) attacks, the
authors used four machine learning algorithms; MLP, K-NN, SVM, and multinomial naive Bayes (MNB),
fuzzy logic (FL) and Euclidean distance (ED). Aamir and Zaidi [12] use unlabeled or partially labeled
datasets. Then they cluster them using two different algorithms: agglomerative and K-means with feature
extraction under principal component analysis (PCA) clustering.
An ensemble framework for feature selection methods (EnFS) is proposed in [13]. The methods fall
into three major categories of feature selection methods: filter-based methods, wrapper-based methods, and
3. Int J Elec & Comp Eng ISSN: 2088-8708
An intelligent system to detect slow denial of service attacks in software-defined … (Prathima Mabel John)
3101
embedded methods which are built-in mechanisms for selecting certain features during model training time.
Myint Oo et al. [14] have proposed an approach to detect DDOS attacks that adapts advanced SVM that is
more efficient than the SVM algorithm. The accuracy of the proposed model is 97%. Ye et al. [15] proposed
a model for detecting DDoS attacks by using a combination of SVM classification algorithms in SDN. The
platform is set by mininet [16] and Floodlight. Osanaiye et al. [17] proposed a method that involves an
ensemble-based multi-filter feature selection method that adds the output of different filters to reach optimum
selection.
Studies [18], [19] used machine learning and feature selection methods to train and test the dataset.
ML algorithms such as SVM, NB, artificial neural network (ANN), and KNN are used along with feature
selection methods based on thresholds. To identify attacks, Studies [20], [21] used Chi-square test and
information gain feature selection mechanisms, as well as NB, SVM, C4.5, K-NN, K-means, fuzzy C-means,
and a number of other models. A system that extracts only important attributes from network traffic in a
computer network is proposed in [22].
The work in [23] discusses the detection of three types of DDoS attacks, namely controller,
bandwidth, and flow-table attacks in SDN networks using machine learning techniques such as SVM, MLP,
DT, and RF. The research work in [24] focuses on detecting distributed reflection denial of service (DrDoS)
attacks in the internet of things (IoT). It uses a hybrid intrusion detection system (IDS) to detect IoT-DoS
attacks, which detects suspicious network traffic from network nodes based on long short-term memory
(LSTM). In [25], [26] the application of deep learning in the detection and mitigation of DDoS attacks on
SDN controllers using models such as LSTM and convolutional neural network (CNN) is discussed. The
models were implemented to detect transmission control protocol (TCP), user datagram protocol (UDP), and
internet control message protocol (ICMP) flood attacks. Studies [27], [28] study the performance of
emulating SDN and the impact of firewalls on throughput of the network.
The study of existing research work that is presented in this section has unlocked avenues for
research in DDoS. This has been a motivation for selecting slow DDoS attacks as a problem for study. The
objective is to study the nature of the Slowloris attack and design a method to detect and mitigate it. A
variety of machine learning and deep learning models are considered in the proposed work. Their accuracy is
compared with that of the models used by researchers in this section.
3. PROPOSED METHOD
The methodology proposed in this paper is called “An intelligent system for slow DoS detection
using machine learning (ISSDM)”. It is responsible for generating the data set using the data generation
module, selecting features that contribute more to data classification using the feature selection module, and
classifying traffic flows using some of the ML and deep learning techniques. The process begins when the
data generation module continuously monitors and collects server parameters. These parameters are carefully
monitored based on threshold values to observe any variations in the behavior of the server. Threshold values
are generated using a Monte Carlo simulation. Further, if parameters exceed the threshold value, ISSDM
performs header inspection of the HTTP GET header to look for a match to the attack pattern using regular
expressions. If a match is found, the flow is marked as attack traffic in the data set. Using this process, a data
set is generated for legitimate and attack traffic. Once the data set is generated, the proposed feature
technique called BSIG is used to select the best possible features for traffic classification. Classification is
then performed on this set of features using some of ML the and deep learning techniques such as SVM,
KNN, DT, NB, RF, and MLP. The detection accuracy of the machine learning algorithms using BSIG is
compared to other feature selection methods such as Chi-square, T-test, and Information gain. The process of
the proposed methodology is shown in Figure 1.
A DoS attack is generated by the Slowloris attack script, which attacks both the servers with 150
simultaneous connections by default. However, because the Nginx server is resistant to Slowloris attack with
150 sockets, the number of sockets is increased to 1250 to ensure a successful attack. In ISSDM, data
generation and feature selection using BSIG are the crux of the process. The remaining part of this section
explain the two modules and the entire process in detail.
3.1. Data generation
Data traffic is generated for this work using Zodiac FX OpenFlow switch, Ryu controller, Apache2
server, Nginx server, hosts, and the Apache Bench tool (ab). Legitimate traffic is generated using tools like
ping and iperf. Attack traffic is generated using Slowloris. The topology used for the experiment is shown in
Figure 2.
The Apache bench works on HTTP servers by sending numerous concurrent requests and measuring
the server’s response to the offered load. In this work, ab offers a load every 2 seconds to Apache2 and Nginx
to study the server’s response. The server’s response statistics are sent to the Ryu controller, where ISSDM
4. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 3099-3110
3102
writes the parameters into the dataset. Apart from server parameters, header inspection is performed at the
controller to identify the attack pattern in the HTTP GET header. The following parameters are considered
the features of the data set:
- Time_to_test: this parameter indicates the amount of time taken for the server to complete the requests of
the ab tool. In this experiment, “ab-n 10-c 1 http: //localhost:80/” is the ab load used to test the server with
n (10) http requests and concurrency of c (1). A server with normal load responds with a time_to_test
value of 0.001 s. When under attack this variable increase by more than 0.01 s. A threshold is chosen for
this variable to predict an attack. The threshold for time_to_test is chosen by using Monte Carlo
simulation.
The Monte Carlo simulation is used when there is uncertainty in estimating a single or average value
of a variable. It takes the variable that has uncertainty and makes the closest approximation by assigning
random numbers. This process is repeated hundreds of times with different random numbers. On
completion of the simulation, the results are averaged to obtain the closest estimate. In this paper, the
Monte Carlo simulation was conducted for more than 400 values of time_to_test variable when the server
was in a normal state as well as an attack state. The final estimation obtained from the simulation was
0.22 s. This was chosen as the threshold value to suspect an attack on the server. The graph of the Monte
Carlo model is shown in Figure 3.
Figure 1. ISSDM model
Figure 2. Network topology
5. Int J Elec & Comp Eng ISSN: 2088-8708
An intelligent system to detect slow denial of service attacks in software-defined … (Prathima Mabel John)
3103
− Timeout: the ab tests the server response by presenting n requests with concurrency c. If the server does
not respond for 30 s, ab times out by default. When a server is under attack, ab times out as it cannot find
any thread to get connected to. This property of ab is used as another server parameter to detect a DoS
attack on the server. Timeout is set to 1 on ab time out, 0 otherwise.
− Connection count: Slowloris attacks open a large number of connections to the server at once to bring it
down. The drastic increase in the number of connections from a specific client is considered a server
parameter for attack detection. A Monte Carlo simulation was used to consider the data of server in a
normal state and an attack state to make an approximation of the average connection count on the server.
This value was calculated to be 135 and chosen as the threshold for attack detection. The graph for this
simulation is shown in Figure 4.
Figure 3. Monte Carlo simulation graph for
estimation of Time_to_test
Figure 4. Monte Carlo simulation graph for
estimation of Connection_Count
− Pattern match: This is a Boolean variable considered as a feature of the data set. This parameter is
obtained by inspecting the header of the HTTP GET message. The pattern of the request header, which is
generated by an attack every 15s becomes a key factor for identifying the attack. The general format of an
HTTP GET message includes a header followed by the message body [29]. The message body is
separated from the header by a blank line. It means that 2 consecutive carriages return and line feed
characters (rn) must be present after the header. The attack sends incomplete requests every 15s by
including only one rn after the header instead of two. The server keeps waiting for the complete request
to arrive, but indefinitely keeps receiving incomplete requests.
ISSDM uses regular expressions to identify incomplete GET requests. When the time_to_test or
connection_count exceed the threshold, or a timeout occurs on ab, the controller installs flows in the
switch to redirect all traffic from the suspected client to the controller. The ISSDM module running in the
controller buffers the data and starts inspecting the packet headers which are coming in as byte streams,
using the regular expression r"rnrn". The absence of this pattern in the header is an indication that
the blank line is missing at the end of the header. If there is no match for the regular expression, then the
Pattern match variable is set to true. If the header does not match the attack pattern, the buffered data are
forwarded to the destination after installing a new flow in the switch.
− Server Type: indicates the type of server (Apache2 or Nginx).
− Traffic type: this feature holds two categorical values, namely: legitimate and attack. It classifies the
incoming traffic based on the server parameters and header inspection. The entire process of data
generation is shown in Figure 5.
The size of the data set generated is around 400. It includes both the classes (legitimate and attack)
of data. This data set is trained and tested using SVM, RF, KNN, NB, DT, and MLP algorithms. The
Chi-square test is a feature selection method that tests the relationship between features. It is used when the
predictor and response features are categorical. When two variables are given along with their values, the
observed count O and the expected count E can be measured with Chi-square using (1).
𝜒𝑐
2
= ∑
(𝑂𝑖−𝐸𝑖)
𝐸𝑖
(1)
where, c is the degree of freedom, O is the observed values, and E is the expected values.
6. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 3099-3110
3104
In this paper, Chi-square and p values are calculated for the features in the data set generated by the
proposed system. For independent variables, the Chi-square value and p value are small. Feature selection is
aimed at finding features that are highly dependent on the response. Hence, after the Chi-square test is
performed, those features with higher values for the Chi-square statistic and p value are considered for
training the machine learning models for prediction.
Figure 5. Flowchart of data generation process of ISSDM
A T-test is a statistical test used in hypothesis testing to determine if a process has an effect on the
population or if the groups differ from each other. A T-test is used when the means of two groups are to be
compared. There are 3 types of T-tests, namely: one sample, when one group is being compared with a
standard value; two sample, when groups belong to two different populations; and paired T-test, when a
group belongs to a single population. In the proposed method, a paired sample T-test is performed on the
individual numeric population of the data set. The T value is calculated using the formula shown (2).
𝑡 =
𝑋𝐷
̅̅̅̅− 𝜇𝑜
𝑠𝐷/√𝑛
(2)
where, 𝑋𝐷
̅̅̅̅ is the sample mean of differences, 𝑠𝐷 is the standard deviation of differences, n is the sample size,
and 𝜇𝑜 is the population mean.
After T-test, the p value is calculated and features having a p value less than 0.05 (level of
significance) are chosen for modeling as they indicate a larger difference in the mean. This plays an
important role in identifying an attack. Machine learning models are trained with the selected features and
their accuracy is compared.
Information gain (IG): to train a model or to predict or classify between classes, DT are made. The
features or attributes of a dataset that are most important in predicting the outcome are chosen. The
importance of each attribute needs to be understood before actually computing or modeling, and that’s where
IG comes into the picture. IG tells us how important an attribute of a feature vector is. This information is
then used to decide the ordering of attributes in the decision tree. Thus, an attribute that increases IG,
minimizes the entropy or impurity from the dataset, thus giving better prediction. IG provides a way to use
entropy to calculate how a change to the dataset impacts the purity of the dataset. IG is calculated by
comparing the entropy of the dataset before and after a transformation. For a binary classification, problem
entropy is calculated as in (3).
Entropy = ((p(1)*log(P(1) − (p(0)*log(P(0))) (3)
IG is given by (4),
7. Int J Elec & Comp Eng ISSN: 2088-8708
An intelligent system to detect slow denial of service attacks in software-defined … (Prathima Mabel John)
3105
IG(S, a) = H(S)–H(S|a) (4)
where, 𝐼𝐺(𝑆, 𝑎) is the information for the dataset 𝑆, 𝐻(𝑆) is entropy of dataset before any change, and
𝐻(𝑆|𝑎) is the conditional entropy for the dataset given the variable a. Information gain is calculated for each
feature of the generated data set in this experiment. Features of high importance are considered for training
the machine learning models and their accuracy is compared.
BSIG is a feature selection method proposed in this paper which combines the optimal features
selected by Chi square, T-test, and IG. It is proposed with the aim of improving the accuracy of the detection
models. Let S be the set of all the features of the generated data set.
𝑆 = (𝑇𝑖𝑚𝑒_𝑡𝑜_𝑡𝑒𝑠𝑡, 𝑇𝑖𝑚𝑒𝑜𝑢𝑡, 𝐶𝑜𝑛𝑛𝑒𝑐𝑡𝑖𝑜𝑛_𝑐𝑜𝑢𝑛𝑡, 𝑃𝑎𝑡𝑡𝑒𝑟𝑛_𝑚𝑎𝑡𝑐ℎ, 𝑆𝑒𝑟𝑣𝑒𝑟_𝑡𝑦𝑝𝑒, 𝑇𝑟𝑎𝑓𝑓𝑖𝑐 𝑡𝑦𝑝𝑒)
A Chi-square test is performed on the categorical features, namely Timeout, Pattern_match, and
Server_type. Let the set of features 𝐶⸦𝑆 be chosen based on the p values. Similarly, the T-test is performed
on numerical features such as time_to_test and Connection_count. Let T⸦S be the chosen subset of features
based on the p value obtained from the T-test. Let I be the set of features where I⸦S, chosen based on the p
value of information gain applied to S. Let 𝑍 = 𝐶 ∪ 𝑇 ∪ 𝐼 be the set of features chosen from Chi square,
T–test and information gain. The final set of features having the maximum impact on the prediction are used
to train the models. The machine learning models are trained for features in C, T, and I separately to analyze
the behavior of each model. Finally, models are trained using features from set Z to determine the best model
for Slowloris attack prediction.
4. EXPERIMENT AND RESULT
The topology of the experimental setup is as shown in Figure 2. It consists of 20 clients, out of
which 10 are attackers and 10 are legitimate clients; 1 Apache2 server, and 1 Nginx server connected to 2
Zodiac FX switches in the data plane. The control place consists of a Ryu controller running the ISSDM
module. Data generation is the first step toward detection of an attack in this work. As explained previously,
both legitimate and attack traffic data are collected for the features Time_to_test, Timeout, Connection_count,
Pattern_match, Server type, and Traffic type. A Monte Carlo simulation is performed to choose thresholds
for Time_to_test and Connection_count. Detection models such as SVM, KNN, DT, RF, NB, and MLP are
trained with features set S. The data generated by attackers using the Slowloris tool is used to test these
models for attack detection. The accuracy and F-score for this detection using feature set S are shown in
Table 1 along with the receiver operating curve (ROC) in Figure 6.
Table 1. Accuracy and F-score of models trained with feature set S
Algorithm Accuracy F-score
SVM 0.93 0.96
KNN 0.89 0.94
DT 0.85 0.91
NB 0.89 0.94
RF 1 1
MLP 0.85 0.91
Figure 6 . ROC curve of models trained with feature set S
8. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 3099-3110
3106
The accuracy of a classification model is the ratio of the number of correct predictions to the total
number of input samples as given by (5).
Accuracy =
True Positive+True Negative
Total Sample
(5)
F-score indicates how precise the classifier is i.e., how many instances it classifies correctly. It given by (6).
F − score = 2 ∗
1
1
precision
+
1
recall
(6)
where,
Precision =
True positives
True positives+False positives
(7)
Recall =
True positives
True positives+False Negatives
(8)
Feature selection using the Chi-square test: the categorical features of S, namely timeout,
Pattern_match, and Server_type, are subject to the Chi-square test to obtain the Chi-square statistics and p
value. Table 2 shows the result of Chi-square test on the categorical features. According to the Chi-square
test result, features with a higher p value are chosen because the class variable Traffic_type is considered to
be more dependent on features with a higher p value. Pattern_match and Timeout are chosen as the elements
of set C. Table 3 and Figure 7 show the accuracy, F-score, and ROC curve indicating true positive rate (TPR)
and false positive rate (FPR) for models trained with feature C.
Table 2. Chi-Square test statistics
Feature Chi-square statistic p value
Timeout 2.72727273e-01 6.01508134e-01
Pattern_match 1.00000000e+00 3.17310508e-01
Server_Type 8.90909091e-01 3.45231072e-01
Table 3. Accuracy and F-score of models trained with feature set C
Algorithm Accuracy F-score
SVM 0.89 0.94
KNN 0.89 0.94
DT 1 1
NB 0.89 0.94
RF 1 1
MLP 1 1
Figure 7. ROC curve of models trained with feature set C
9. Int J Elec & Comp Eng ISSN: 2088-8708
An intelligent system to detect slow denial of service attacks in software-defined … (Prathima Mabel John)
3107
Feature selection using T-test: The numerical features of S, namely Time_to_test and
Connection_count, are subject to T-test to obtain the statistics and p value. Table 4 shows the result of the T
test on the chosen numerical features. Features with a higher p value are chosen for set T as a higher p value
implies higher correlation between the dependent and independent variable. Here, set T contains
Connection_count as its element. Table 5 and Figure 8 show the accuracy, F-score, and ROC curve for
models trained with feature T.
Table 4. T-test statistics
Feature T-test statistic p value
Time_to_test -10.99497051 2.07390283e-10
Connection_count 5.04253005 4.75313476e-05
Table 5. Accuracy and F-score of models trained with feature set T
Algorithm Accuracy F-score
SVM 0.85 0.91
KNN 0.89 0.94
DT 0.85 0.91
NB 0.85 0.91
RF 0.85 0.91
MLP 0.85 0.91
Figure 8. ROC curve of models trained with feature set T
Feature selection using IG: All the features of S are subject to IG to obtain the statistics. Table 6
shows the result of IG. IG calculates the importance of each independent feature with respect to the
dependent feature. Therefore, features with higher values are considered to be more significant.
Pattern_match and Connection_count are the features that have higher IG statistics. Hence, set
I=(Pattern_match, Connection_count). Table 7 and Figure 9 show the accuracy, F-score, and ROC curve for
models trained with feature T.
Feature selection using BSIG: the proposed method BSIG uses the features selected by Chi-square,
T-test and IG to train the models. From the previous observations, we have: i) C is (Pattern_match, Timeout),
ii) T is (Connection_count), iii) I is (Pattern_match, Connection_count), iv) Z is 𝐶 ∪ 𝑇 ∪ 𝐼 is (Pattern_match,
Timeout, Connection_count). Table 8 and Figure 10 show the accuracy, F-score, and ROC curve for models
trained with feature T.
Table 6. IG statistics
Feature IG statistics
Timeout 0.098217
Pattern_match 0.475789
Server_Type 0.016875
Time_to_test 0.016875
Connection_count 0.302149
10. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 3099-3110
3108
Table 7. Accuracy and F-score of models trained with feature set I
Algorithm Accuracy F-score
SVM 0.85 0.91
KNN 0.89 0.94
DT 0.85 0.91
NB 0.85 0.91
RF 1 1
MLP 0.85 0.91
Figure 9. ROC curve of models trained with feature set I
Table 8. Accuracy and F-score of models trained with feature set Z
Algorithm Accuracy F-score
SVM 1 1
KNN 0.89 0.94
DT 0.85 0.91
NB 1 1
RF 1 1
MLP 1 1
Figure 10. ROC curve of models trained with feature set Z
The results shown above indicate the performance of models with different features, obtained from
various feature selection techniques. The results are summarized in Figure 11. The accuracy of SVM, NB,
RF, and MLP increases to 100% by using BSIG when compared to the accuracy of models using the entire
feature set S. Therefore, it can be concluded that Slowloris can be detected with greater accuracy by using
BSIG as a feature selection technique for SVM, NB, RF and MLP. BSIG keeps KNN’s accuracy consistent
11. Int J Elec & Comp Eng ISSN: 2088-8708
An intelligent system to detect slow denial of service attacks in software-defined … (Prathima Mabel John)
3109
with other feature selection techniques. MLP performs well for the Chi-square selection method as well. DT
offers the best results when the Chi-square test is used for feature selection, while being consistently less
when other methods are considered for detection of Slowloris attack.
Figure 11. Comparison of detection accuracy obtained by using feature set of proposed feature selection
method with other feature selection methods
5. CONCLUSION
This research focuses on detecting a common type of slow DDoS attack known as Slowloris. The
proposed method, called ISSDM, is responsible for detecting and mitigating the Slowloris attack on Apache2
and Nginx servers. It gathers data from Apache2 and Nginx servers along with an HTTP GET request header
to generate the data set for legitimate and attack traffic. Monte Carlo simulations are performed to find the
threshold of certain server parameters during data generation to segregate attack and genuine flows. A feature
selection method called BSIG is proposed to select the most appropriate features for traffic classification. The
features extracted by BSIG are used to train ML models such as SVM, KNN, DT, NB, and RF, along with a
deep learning technique called MLP. This is done to detect attacks. The accuracy of the models is compared
by training them with different feature selection methods like Chi-square, T-test, and information gain and
the proposed feature selection method named BSIG. It was observed that SVM, NB, RF, and MLP performed
extremely well with 100% accuracy while detecting Slowloris attacks using BGIS. This work can be
extended further to detect different types of attacks.
REFERENCES
[1] J. P. Mabel, K. Vani, and K. R. M. Babu, “SDN security: challenges and solutions,” in Emerging Research in Electronics,
Computer Science and Technology, Springer, 2019, pp. 837–848.
[2] Apache, “Apache HTTP server benchmarking tool,” HTTP Server Project. https://httpd.apache.org/docs/2.4/programs/ab.html
(accessed Oct. 20, 2022).
[3] P. Zanna, “Zodiac FX-the world’s smallest, most affordable openflow SDN switch is now on kickstarter,” Northbound
Networks. https://northboundnetworks.com/pages/zodiac-fx-the-world-s-smallest-most-affordable-openflow-sdn-switch-is-now-
on-kickstarter (accessed Sep. 10, 2021).
[4] Ryu, “Ryu SDN framework.” Ryu SDN Framework (ryu-sdn.org). https://ryu-sdn.org/ (accessed June 30, 2022).
[5] M. P. Singh and A. Bhandari, “New-flow based DDoS attacks in SDN: taxonomy, rationales, and research challenges,” Computer
Communications, vol. 154, pp. 509–527, Mar. 2020, doi: 10.1016/j.comcom.2020.02.085.
[6] P. M. John and R. M. B. K. Nagappasetty, “An approach for slow distributed denial of service attack detection and alleviation in
software defined networks,” Indonesian Journal of Electrical Engineering and Computer Science (IJEECS), vol. 25, no. 1,
pp. 404–413, Jan. 2022, doi: 10.11591/ijeecs.v25.i1.pp404-413.
[7] T. A. Pascoal, Y. G. Dantas, I. E. Fonseca, and V. Nigam, “Slow TCAM exhaustion DDoS attack,” in ICT Systems Security and
Privacy Protection, Springer International Publishing, 2017, pp. 17–31.
[8] T. A. Pascoal, I. E. Fonseca, and V. Nigam, “Slow denial-of-service attacks on software defined networks,” Computer Networks,
vol. 173, May 2020, doi: 10.1016/j.comnet.2020.107223.
[9] J. Xu, L. Wang, and Z. Xu, “An enhanced saturation attack and its mitigation mechanism in software-defined networking,”
Computer Networks, vol. 169, Mar. 2020, doi: 10.1016/j.comnet.2019.107092.
[10] Q. Yan, Q. Gong, and F. R. Yu, “Effective software‐defined networking controller scheduling method to mitigate DDoS attacks,”
Electronics Letters, vol. 53, no. 7, pp. 469–471, Mar. 2017, doi: 10.1049/el.2016.2234.
[11] V. de M. Rios, P. R. M. Inácio, D. Magoni, and M. M. Freire, “Detection of reduction-of-quality DDoS attacks using Fuzzy Logic
and machine learning algorithms,” Computer Networks, vol. 186, Feb. 2021, doi: 10.1016/j.comnet.2020.107792.
[12] M. Aamir and S. M. Ali Zaidi, “Clustering based semi-supervised machine learning for DDoS attack classification,” Journal of
King Saud University-Computer and Information Sciences, vol. 33, no. 4, pp. 436–446, May 2021, doi:
10.1016/j.jksuci.2019.02.003.
75
80
85
90
95
100
105
Feature set S Feature set C Feature set T Feature set I Feature set Z
Accuracy
(%)
SVM KNN DT NB RF MLP
12. ISSN: 2088-8708
Int J Elec & Comp Eng, Vol. 13, No. 3, June 2023: 3099-3110
3110
[13] S. Das, D. Venugopal, S. Shiva, and F. T. Sheldon, “Empirical evaluation of the ensemble framework for feature selection in
DDoS attack,” in 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE
International Conference on Edge Computing and Scalable Cloud (EdgeCom), Aug. 2020, pp. 56–61, doi: 10.1109/CSCloud-
EdgeCom49738.2020.00019.
[14] M. Myint Oo, S. Kamolphiwong, T. Kamolphiwong, and S. Vasupongayya, “Advanced support vector machine-(ASVM-) based
detection for distributed denial of service (DDoS) attack on software defined networking (SDN),” Journal of Computer Networks
and Communications, pp. 1–12, Mar. 2019, doi: 10.1155/2019/8012568.
[15] J. Ye, X. Cheng, J. Zhu, L. Feng, and L. Song, “A DDoS attack detection method based on SVM in software defined network,”
Security and Communication Networks, pp. 1–8, 2018, doi: 10.1155/2018/9804061.
[16] ONF, “Mininet,” The Open Networking Foundation (ONF). https://opennetworking.org/mininet/ (accessed Mar. 23, 2022).
[17] O. Osanaiye, H. Cai, K.-K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection
method for DDoS detection in cloud computing,” EURASIP Journal on Wireless Communications and Networking, no. 1, Dec.
2016, doi: 10.1186/s13638-016-0623-3.
[18] H. Polat, O. Polat, and A. Cetin, “Detecting DDoS attacks in software-defined networks through feature selection methods and
machine learning models,” Sustainability, vol. 12, no. 3, Feb. 2020, doi: 10.3390/su12031035.
[19] S. Hosseini and M. Azizi, “The hybrid technique for DDoS detection with supervised learning algorithms,” Computer Networks,
vol. 158, pp. 35–45, Jul. 2019, doi: 10.1016/j.comnet.2019.04.027.
[20] O. S. Akanji, O. A. Abisoye, and M. A. Iliyasu, “Mitigating slow hypertext transfer protocol distributed denial of service attacks
in software defined networks,” Journal of Information and Communication Technology, vol. 20, no. 3, pp. 277–304, Jun. 2021,
doi: 10.32890/jict2021.20.3.1.
[21] M. Suresh and R. Anitha, “Evaluating machine learning algorithms for detecting DDoS attacks,” in International Conference on
Network Security and Applications, 2011, pp. 441–452.
[22] W. Wang and S. Gombault, “Efficient detection of DDoS attacks with important attributes,” in 2008 Third International
Conference on Risks and Security of Internet and Systems, Oct. 2008, pp. 61–67, doi: 10.1109/CRISIS.2008.4757464.
[23] R. Santos, D. Souza, W. Santo, A. Ribeiro, and E. Moreno, “Machine learning algorithms to detect DDoS attacks in SDN,”
Concurrency and Computation: Practice and Experience, vol. 32, no. 16, Aug. 2020, doi: 10.1002/cpe.5402.
[24] M. Shurman, R. Khrais, and A. Yateem, “DoS and DDoS attack detection using deep learning and IDS,” The International Arab
Journal of Information Technology, vol. 17, no. 4A, pp. 655–661, Jul. 2020, doi: 10.34028/iajit/17/4A/10.
[25] J. D. Gadze, A. A. Bamfo-Asante, J. O. Agyemang, H. Nunoo-Mensah, and K. A.-B. Opare, “An Investigation into the
application of deep learning in the detection and mitigation of DDOS attack on SDN controllers,” Technologies, vol. 9, no. 1, Feb.
2021, doi: 10.3390/technologies9010014.
[26] D. Tang, L. Tang, W. Shi, S. Zhan, and Q. Yang, “MF-CNN: a new approach for LDoS attack detection based on multi-feature
fusion and CNN,” Mobile Networks and Applications, vol. 26, no. 4, pp. 1705–1722, 2021, doi: 10.1007/s11036-019-01506-1.
[27] T. A. Assegie, “Performance analysis of emulated software defined wireless network,” Indonesian Journal of Electrical
Engineering and Computer Science (IJEECS), vol. 16, no. 1, pp. 311–318, Oct. 2019, doi: 10.11591/ijeecs.v16.i1.pp311-318.
[28] M. H. H. Khairi, S. H. S. Ariffin, N. M. Abdul Latiff, K. Mohamad Yusof, M. K. Hassan, and M. Rava, “The impact of firewall
on TCP and UDP throughput in an openflow software defined network,” Indonesian Journal of Electrical Engineering and
Computer Science (IJEECS), vol. 20, no. 1, pp. 256–263, Oct. 2020, doi: 10.11591/ijeecs.v20.i1.pp256-263.
[29] R. Fielding et al., “RFC2616: hypertext transfer protocol-HTTP/1.1.” RFC Editor, 1999.
BIOGRAPHIES OF AUTHORS
Prathima Mabel John is Assistant Professor at Dayananda Sagar College of
Engineering, Visvesvaraya Technological University (VTU), Bengaluru, Karnataka, India. She
received her Bachelor of Engineering and Master of Technology degree in Computer Science
and Engineering from VTU, Belagavi, Karnataka, India. She is currently pursuing Ph.D. from
VTU, Belagavi, Karnataka, India. She has about 13 years of experience in teaching and
industry together. Her areas of interest are computer networks, SDN, mobile networks,
network security and machine learning. She can be contacted at email: prathimamabel-
ise@dayanandasagar.edu.
Rama Mohan Babu Kasturi Nagappasetty is currently working as Professor in
the Department of Information Science and Engineering at Dayananda Sagar College of
Engineering, Bengaluru, India. He obtained his B.Tech in Computer Engineering from
Mangalore University, India, M.S from BITS-PILANI, India and Ph.D. from Dr. MGR
University, India. His areas of interest are computer networks, wireless mobile networks, SDN
and network security. He can be contacted at ramamohanbabu-ise@dayanandasagar.edu.