A distributed denial of service (DDoS) attack is where one or more computers attack or target a server computer, by flooding internet traffic to the server. As a result, the server cannot be accessed by legitimate users. A result of this attack causes enormous losses for a company because it can reduce the level of user trust, and reduce the company’s reputation to lose customers due to downtime. One of the services at the application layer that can be accessed by users is a web-based lightweight directory access protocol (LDAP) service that can provide safe and easy services to access directory applications. We used a deep learning approach to detect DDoS attacks on the CICDDoS 2019 dataset on a complex computer network at the application layer to get fast and accurate results for dealing with unbalanced data. Based on the results obtained, it is observed that DDoS attack detection using a deep learning approach on imbalanced data performs better when implemented using synthetic minority oversampling technique (SMOTE) method for binary classes. On the other hand, the proposed deep learning approach performs better for detecting DDoS attacks in multiclass when implemented using the adaptive synthetic (ADASYN) method.
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of nodes that interrelate with each other for switch over the information. This information is necessary for that node is reserved confidentially. Attacker in the system may capture this private information and distorted. So security is the major issue. There are several security attacks in network. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviors they may happen obviously or it may due to some attackers .Various schemes are developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
PREVENTING DISTRIBUTED DENIAL OF SERVICE ATTACKS IN CLOUD ENVIRONMENTS IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of nodes that interrelate with each other for switch over the information. This information is necessary for that node is reserved confidentially. Attacker in the system may capture this private information and distorted. So security is the major issue. There are several security attacks in network. One of the major intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two different behaviors they may happen obviously or it may due to some attackers .Various schemes are developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
Encountering distributed denial of service attack utilizing federated softwar...IJECEIAES
This research defines the distributed denial of service (DDoS) problem in software-defined-networks (SDN) environments. The proposes solution uses Software defined networks capabilities to reduce risk, introduces a collaborative, distributed defense mechanism rather than server-side filtration. Our proposed network detection and prevention agent (NDPA) algorithm negotiates the maximum amount of traffic allowed to be passed to server by reconfiguring network switches and routers to reduce the ports' throughput of the network devices by the specified limit ratio. When the passed traffic is back to normal, NDPA starts network recovery to normal throughput levels, increasing ports' throughput by adding back the limit ratio gradually each time cycle. The simulation results showed that the proposed algorithms successfully detected and prevented a DDoS attack from overwhelming the targeted server. The server was able to coordinate its operations with the SDN controllers through a communication mechanism created specifically for this purpose. The system was also able to determine when the attack was over and utilize traffic engineering to improve the quality of service (QoS). The solution was designed with a sophisticated way and high level of separation of duties between components so it would not be affected by the design aspect of the network architecture.
Among different online attacks obstructing IT security,
Denial of Service (DoS) and Distributed Denial of Service (DDoS)
are the most devastating attack. It also put the security experts under
enormous pressure recently in finding efficient defiance methods.
DoS attack can be performed variously with diverse codes and tools
and can be launched form different OSI model layers. This paper
describes in details DoS and DDoS attack, and explains how different
types of attacks can be implemented and launched from different OSI
model layers. It provides a better understanding of these increasing
occurrences in order to improve
Low-rate distributed denial of service attacks detection in software defined ...IAESIJAI
One of the main challenges in developing the internet of things (IoT) is the existence of availability problems originated from the low-rate distributed denial of service attacks (LRDDoS). The complexity of IoT makes the LRDDoS hard to detect because the attack flow is performed similarly to the regular traffic. Integration of software defined IoT (SDN-Enabled IoT) is considered an alternative solution for overcoming the specified problem through a single detection point using machine learning approaches. The controller has a resource limitation for implementing the classification process. Therefore, this paper extends the usage of Feature Importance to reduce the data complexity during the model generation process and choose an appropriate feature for generating an efficient classification model. The research results show that the Gaussian Naïve Bayes (GNB) produced the most effective outcome. GNB performed better than the other algorithms because the feature reduction only selected the independent feature, which had no relation to the other features.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO
LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH
ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN
DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY
CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER
WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
Abstract Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper different types of DDoS attacks has been studied, a dumb-bell topology have been created and effect of UDP flooding attacks has been analyzed on web service by using attack tools available in DETER testbed. Throughput of web server is analyzed with and without DDoS attacks.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
DDoS attack is a distributed source but coordinated Internet security threat that attackers either degrade or disrupt a shared service to legitimate users. It uses various methods to inflict damages on limited resources. It can be broadly classified as: flood and semantic (logic) attacks. DDoS attacking mechanisms vary from time to time and simple but powerful attacking tools are freely available on the Internet. There have been many trials on defending victims from DDoS attacks. However, many of the previous attack prevention systems lack effective handling of various attacking mechanisms and protecting legitimate users from collateral damages during detection and protection. In this paper, we proposed a distributed but synchronized DDoS defense architecture by using multiple agents, which are autonomous systems that perform their assigned mission in other networks on behalf of the victim. The major assignments of defense agents are IP spoofing verification, high traffic rate limitation, anomaly packet detection, and attack source detection.These tasks are distributed through four agents that are deployed on different domain networks. The proposed solution was tested through simulation with sample attack scenarios on the model Internet topology. The experiments showed encouraging results. A more comprehensive attack protection and legitimate users prevention from collateral damages makes this system more effective than other previous works.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets in order that the router’s resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a
promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the
puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid scheme called Router based Pushback technique, which involves both the techniques to solve the problem of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core routers rather than having at the victim. The router based client puzzle mechanism checks the host system whether it is legitimate or not by providing a puzzle to be solved by the suspected host.
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS
attacks are treated as a congestion-control problem, but because most such congestion is caused by
malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the
routers. Functionality is added to each router to detect and preferentially drop packets that probably
belong to an attack. Upstream routers are also notified to drop such packets in order that the router’s
resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a
promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim
server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is
assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the
puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving
technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the
destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid
scheme called Router based Pushback technique, which involves both the techniques to solve the problem
of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core
routers rather than having at the victim. The router based client puzzle mechanism checks the host system
whether it is legitimate or not by providing a puzzle to be solved by the suspected host.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of
Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to
prevent DDoS attacks. However, their performance is greatly affected by a large class imbalance nature of
the training datasets as well as the presence of redundant and irrelevant features in them. This study
proposes RTL-DL, a new framework for an effective intrusion detection model based on the random
oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data
imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3%
accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current
approaches, the suggested model has demonstrated promising results in identifying network threats in
imbalanced data sets.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
Distributed reflection denial of service attack: A critical review IJECEIAES
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.
Amazon products reviews classification based on machine learning, deep learni...TELKOMNIKA JOURNAL
In recent times, the trend of online shopping through e-commerce stores and websites has grown to a huge extent. Whenever a product is purchased on an e-commerce platform, people leave their reviews about the product. These reviews are very helpful for the store owners and the product’s manufacturers for the betterment of their work process as well as product quality. An automated system is proposed in this work that operates on two datasets D1 and D2 obtained from Amazon. After certain preprocessing steps, N-gram and word embedding-based features are extracted using term frequency-inverse document frequency (TF-IDF), bag of words (BoW) and global vectors (GloVe), and Word2vec, respectively. Four machine learning (ML) models support vector machines (SVM), logistic regression (RF), logistic regression (LR), multinomial Naïve Bayes (MNB), two deep learning (DL) models convolutional neural network (CNN), long-short term memory (LSTM), and standalone bidirectional encoder representations (BERT) are used to classify reviews as either positive or negative. The results obtained by the standard ML, DL models and BERT are evaluated using certain performance evaluation measures. BERT turns out to be the best-performing model in the case of D1 with an accuracy of 90% on features derived by word embedding models while the CNN provides the best accuracy of 97% upon word embedding features in the case of D2. The proposed model shows better overall performance on D2 as compared to D1.
Design, simulation, and analysis of microstrip patch antenna for wireless app...TELKOMNIKA JOURNAL
In this study, a microstrip patch antenna that works at 3.6 GHz was built and tested to see how well it works. In this work, Rogers RT/Duroid 5880 has been used as the substrate material, with a dielectric permittivity of 2.2 and a thickness of 0.3451 mm; it serves as the base for the examined antenna. The computer simulation technology (CST) studio suite is utilized to show the recommended antenna design. The goal of this study was to get a more extensive transmission capacity, a lower voltage standing wave ratio (VSWR), and a lower return loss, but the main goal was to get a higher gain, directivity, and efficiency. After simulation, the return loss, gain, directivity, bandwidth, and efficiency of the supplied antenna are found to be -17.626 dB, 9.671 dBi, 9.924 dBi, 0.2 GHz, and 97.45%, respectively. Besides, the recreation uncovered that the transfer speed side-lobe level at phi was much better than those of the earlier works, at -28.8 dB, respectively. Thus, it makes a solid contender for remote innovation and more robust communication.
More Related Content
Similar to Deep learning approach to DDoS attack with imbalanced data at the application layer
PASSWORD BASED SCHEME AND GROUP TESTING FOR DEFENDING DDOS ATTACKSIJNSA Journal
DOS ATTACKS ARE ONE OF THE TOP SECURITY PROBLEMS AFFECTING NETWORKS AND DISRUPTING SERVICES TO LEGITIMATE USERS. THE VITAL STEP IN DEALING WITH THIS PROBLEM IS THE NETWORK'S ABILITY TO DETECT SUCH ATTACKS. APPLICATION DDOS ATTACK, WHICH AIMS AT DISRUPTING APPLICATION SERVICE RATHER THAN DEPLETING THE NETWORK RESOURCE. UP TO NOW ALL THE RESEARCHES MADE ON THIS DDOS ATTACKS ONLY CONCENTRATES EITHER ON NETWORK RESOURCES OR ON APPLICATION SERVERS BUT NOT ON BOTH. IN THIS PAPER WE PROPOSED A SOLUTION FOR BOTH THESE PROBLEMS BY AUTHENTICATION METHODS AND GROUP TESTING.
Augmented split –protocol; an ultimate d do s defenderijcsa
Distributed Denials of Service (DDoS) attacks have become the daunting problem for businesses, state
administrator and computer system users. Prevention and detection of a DDoS attack is a major research
topic for researchers throughout the world. As new remedies are developed to prevent or mitigate DDoS
attacks, invaders are continually evolving new methods to circumvent these new procedures. In this paper,
we describe various DDoS attack mechanisms, categories, scope of DDoS attacks and their existing
countermeasures. In response, we propose to introduce DDoS resistant Augmented Split-protocol (ASp).
The migratory nature and role changeover ability of servers in Split-protocol architecture will avoid
bottleneck at the server side. It also offers the unique ability to avoid server saturation and compromise
from DDoS attacks. The goal of this paper is to present the concept and performance of (ASp) as a
defensive tool against DDoS attacks.
DDOS DETECTION IN SOFTWARE-DEFINED NETWORK (SDN) USING MACHINE LEARNINGIJCI JOURNAL
In recent years, the concept of cloud computing and the software-defined network (SDN) have spread
widely. The services provided by many sectors such as medicine, education, banking, and transportation
are being replaced gradually with cloud-based applications. Consequently, the availability of these
services is critical. However, the cloud infrastructure and services are vulnerable to attackers who aim to
breach its availability. One of the major threats to any system availability is a Denial-of-Service (DoS)
attack, which is intended to deny the legitimate user from accessing cloud resources. The Distributed
Denial-of-Service attack (DDoS) is a type of DoS attack which is considerably more effective and
dangerous. A lot of efforts have been made by the research community to detect DDoS attacks, however,
there is still a need for further efforts in this germane field. In this paper, machine learning techniques are
utilized to build a model that can detect DDoS attacks in Software-Defined Networks (SDN). The used ML
algorithms have shown high performance in the earliest studies; hence they have been used in this study
along with feature selection technique. Therefore, our model utilized these algorithms to detect DDoS
attacks in network traffic. The outcome of this experiment shows the impact of feature selection in
improving the model performance. Eventually, The Random Forest classifier has achieved the highest
accuracy of 0.99 in detecting DDoS attack.
Study of flooding based ddos attacks and their effect using deter testbedeSAT Journals
Abstract Today, Internet is the primary medium for communication which is used by number of users across the Network. At the same time, its commercial nature is causing increase vulnerability to enhance cyber crimes and there has been an enormous increase in the number of DDOS (distributed denial of service attack) attacks on the internet over the past decade. Whose impact can be proportionally severe. With little or no advance warning, a DDoS attack can easily exhaust the computing and communication resources of its victim within a short period of time. Network resources such as network bandwidth, web servers and network switches are mostly the victims of DDoS attacks. In this paper different types of DDoS attacks has been studied, a dumb-bell topology have been created and effect of UDP flooding attacks has been analyzed on web service by using attack tools available in DETER testbed. Throughput of web server is analyzed with and without DDoS attacks.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Our world today relies heavily on informatics and the internet, as computers and communications networks have increased day by day. In fact, the increase is not limited to portable devices such as smartphones and tablets, but also to home appliances such as: televisions, refrigerators, and controllers. It has made them more vulnerable to electronic attacks. The denial of service (DoS) attack is one of the most common attacks that affect the provision of services and commercial sites over the internet. As a result, we decided in this paper to create a smart model that depends on the swarm algorithms to detect the attack of denial of service in internet networks, because the intelligence algorithms have flexibility, elegance and adaptation to different situations. The particle swarm algorithm and the bee colony algorithm were used to detect the packets that had been exposed to the DoS attack, and a comparison was made between the two algorithms to see which of them can accurately characterize the DoS attack.
IP Traceback for Flooding attacks on Internet Threat Monitors (ITM ) Using Ho...IJNSA Journal
The Internet Threat Monitoring (ITM) is an efficient monitoring system used globally to measure, detect, characterize and track threats such as denial of service (DoS) and distributed Denial of Service (DDoS) attacks and worms. . To block the monitoring system in the internet the attackers are targeted the ITM system. In this paper we address the flooding attack of DDoS against ITM monitors to exhaust the network resources, such as bandwidth, computing power, or operating system data structures by sending the malicious traffic. We propose an information-theoretic frame work that models the flooding attacks using Botnet on ITM. One possible way to counter DDoS attacks is to trace the attack sources and punish the perpetrators. we propose a novel traceback method for DDoS using Honeypots. IP tracing through honeypot is a single packet tracing method and is more efficient than commonly used packet marking techniques.
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
A SYNCHRONIZED DISTRIBUTED DENIAL OF SERVICE PREVENTION SYSTEMcscpconf
DDoS attack is a distributed source but coordinated Internet security threat that attackers either degrade or disrupt a shared service to legitimate users. It uses various methods to inflict damages on limited resources. It can be broadly classified as: flood and semantic (logic) attacks. DDoS attacking mechanisms vary from time to time and simple but powerful attacking tools are freely available on the Internet. There have been many trials on defending victims from DDoS attacks. However, many of the previous attack prevention systems lack effective handling of various attacking mechanisms and protecting legitimate users from collateral damages during detection and protection. In this paper, we proposed a distributed but synchronized DDoS defense architecture by using multiple agents, which are autonomous systems that perform their assigned mission in other networks on behalf of the victim. The major assignments of defense agents are IP spoofing verification, high traffic rate limitation, anomaly packet detection, and attack source detection.These tasks are distributed through four agents that are deployed on different domain networks. The proposed solution was tested through simulation with sample attack scenarios on the model Internet topology. The experiments showed encouraging results. A more comprehensive attack protection and legitimate users prevention from collateral damages makes this system more effective than other previous works.
DDOS ATTACK DETECTION ON INTERNET OF THINGS USING UNSUPERVISED ALGORITHMSijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations.
However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent
weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS
attack in IoT networks by classifying incoming network packets on the transport layer as either
“Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep
learning algorithms and two clustering algorithms were independently trained for mitigating DDoS
attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and
UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during
the experimentation phase. The accuracy score and normalized-mutual-information score are used to
quantify the classification performance of the four algorithms. Our results show that the autoencoder
performed overall best with the highest accuracy across all the datasets.
DDoS Attack Detection on Internet o Things using Unsupervised Algorithmsijfls
The increase in the deployment of IoT networks has improved productivity of humans and organisations. However, IoT networks are increasingly becoming platforms for launching DDoS attacks due to inherent weaker security and resource-constrained nature of IoT devices. This paper focusses on detecting DDoS attack in IoT networks by classifying incoming network packets on the transport layer as either “Suspicious” or “Benign” using unsupervised machine learning algorithms. In this work, two deep learning algorithms and two clustering algorithms were independently trained for mitigating DDoS attacks. We lay emphasis on exploitation based DDOS attacks which include TCP SYN-Flood attacks and UDP-Lag attacks. We use Mirai, BASHLITE and CICDDoS2019 dataset in training the algorithms during the experimentation phase. The accuracy score and normalized-mutual-information score are used to quantify the classification performance of the four algorithms. Our results show that the autoencoder performed overall best with the highest accuracy across all the datasets.
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISMijcseit
Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS attacks are treated as a congestion-control problem, but because most such congestion is caused by malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the routers. Functionality is added to each router to detect and preferentially drop packets that probably belong to an attack. Upstream routers are also notified to drop such packets in order that the router’s resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a
promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the
puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid scheme called Router based Pushback technique, which involves both the techniques to solve the problem of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core routers rather than having at the victim. The router based client puzzle mechanism checks the host system whether it is legitimate or not by providing a puzzle to be solved by the suspected host.
DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACKS DETECTION MECHANISM ijcseit
Pushback is a mechanism for defending against Distributed Denial-of-Service (DDoS) attacks. DDoS
attacks are treated as a congestion-control problem, but because most such congestion is caused by
malicious hosts not obeying traditional end-to-end congestion control, the problem must be handled by the
routers. Functionality is added to each router to detect and preferentially drop packets that probably
belong to an attack. Upstream routers are also notified to drop such packets in order that the router’s
resources be used to route legitimate traffic hence term pushback. Client puzzles have been advocated as a
promising countermeasure to DoS attacks in the recent years. In order to identify the attackers, the victim
server issues a puzzle to the client that sent the traffic. When the client is able to solve the puzzle, it is
assumed to be authentic and the traffic from it is allowed into the server. If the victim suspects that the
puzzles are solved by most of the clients, it increases the complexity of the puzzles. This puzzle solving
technique allows the traversal of the attack traffic throughout the intermediate routers before reaching the
destination. In order to attain the advantages of both pushback and puzzle solving techniques, a hybrid
scheme called Router based Pushback technique, which involves both the techniques to solve the problem
of DDoS attacks is proposed. In this proposal, the puzzle solving mechanism is pushed back to the core
routers rather than having at the victim. The router based client puzzle mechanism checks the host system
whether it is legitimate or not by providing a puzzle to be solved by the suspected host.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of
Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to
prevent DDoS attacks. However, their performance is greatly affected by a large class imbalance nature of
the training datasets as well as the presence of redundant and irrelevant features in them. This study
proposes RTL-DL, a new framework for an effective intrusion detection model based on the random
oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data
imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3%
accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current
approaches, the suggested model has demonstrated promising results in identifying network threats in
imbalanced data sets.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
Distributed reflection denial of service attack: A critical review IJECEIAES
As the world becomes increasingly connected and the number of users grows exponentially and “things” go online, the prospect of cyberspace becoming a significant target for cybercriminals is a reality. Any host or device that is exposed on the internet is a prime target for cyberattacks. A denial-of-service (DoS) attack is accountable for the majority of these cyberattacks. Although various solutions have been proposed by researchers to mitigate this issue, cybercriminals always adapt their attack approach to circumvent countermeasures. One of the modified DoS attacks is known as distributed reflection denial-of-service attack (DRDoS). This type of attack is considered to be a more severe variant of the DoS attack and can be conducted in transmission control protocol (TCP) and user datagram protocol (UDP). However, this attack is not effective in the TCP protocol due to the three-way handshake approach that prevents this type of attack from passing through the network layer to the upper layers in the network stack. On the other hand, UDP is a connectionless protocol, so most of these DRDoS attacks pass through UDP. This study aims to examine and identify the differences between TCP-based and UDP-based DRDoS attacks.
Similar to Deep learning approach to DDoS attack with imbalanced data at the application layer (20)
Amazon products reviews classification based on machine learning, deep learni...TELKOMNIKA JOURNAL
In recent times, the trend of online shopping through e-commerce stores and websites has grown to a huge extent. Whenever a product is purchased on an e-commerce platform, people leave their reviews about the product. These reviews are very helpful for the store owners and the product’s manufacturers for the betterment of their work process as well as product quality. An automated system is proposed in this work that operates on two datasets D1 and D2 obtained from Amazon. After certain preprocessing steps, N-gram and word embedding-based features are extracted using term frequency-inverse document frequency (TF-IDF), bag of words (BoW) and global vectors (GloVe), and Word2vec, respectively. Four machine learning (ML) models support vector machines (SVM), logistic regression (RF), logistic regression (LR), multinomial Naïve Bayes (MNB), two deep learning (DL) models convolutional neural network (CNN), long-short term memory (LSTM), and standalone bidirectional encoder representations (BERT) are used to classify reviews as either positive or negative. The results obtained by the standard ML, DL models and BERT are evaluated using certain performance evaluation measures. BERT turns out to be the best-performing model in the case of D1 with an accuracy of 90% on features derived by word embedding models while the CNN provides the best accuracy of 97% upon word embedding features in the case of D2. The proposed model shows better overall performance on D2 as compared to D1.
Design, simulation, and analysis of microstrip patch antenna for wireless app...TELKOMNIKA JOURNAL
In this study, a microstrip patch antenna that works at 3.6 GHz was built and tested to see how well it works. In this work, Rogers RT/Duroid 5880 has been used as the substrate material, with a dielectric permittivity of 2.2 and a thickness of 0.3451 mm; it serves as the base for the examined antenna. The computer simulation technology (CST) studio suite is utilized to show the recommended antenna design. The goal of this study was to get a more extensive transmission capacity, a lower voltage standing wave ratio (VSWR), and a lower return loss, but the main goal was to get a higher gain, directivity, and efficiency. After simulation, the return loss, gain, directivity, bandwidth, and efficiency of the supplied antenna are found to be -17.626 dB, 9.671 dBi, 9.924 dBi, 0.2 GHz, and 97.45%, respectively. Besides, the recreation uncovered that the transfer speed side-lobe level at phi was much better than those of the earlier works, at -28.8 dB, respectively. Thus, it makes a solid contender for remote innovation and more robust communication.
Design and simulation an optimal enhanced PI controller for congestion avoida...TELKOMNIKA JOURNAL
In this paper, snake optimization algorithm (SOA) is used to find the optimal gains of an enhanced controller for controlling congestion problem in computer networks. M-file and Simulink platform is adopted to evaluate the response of the active queue management (AQM) system, a comparison with two classical controllers is done, all tuned gains of controllers are obtained using SOA method and the fitness function chose to monitor the system performance is the integral time absolute error (ITAE). Transient analysis and robust analysis is used to show the proposed controller performance, two robustness tests are applied to the AQM system, one is done by varying the size of queue value in different period and the other test is done by changing the number of transmission control protocol (TCP) sessions with a value of ± 20% from its original value. The simulation results reflect a stable and robust behavior and best performance is appeared clearly to achieve the desired queue size without any noise or any transmission problems.
Improving the detection of intrusion in vehicular ad-hoc networks with modifi...TELKOMNIKA JOURNAL
Vehicular ad-hoc networks (VANETs) are wireless-equipped vehicles that form networks along the road. The security of this network has been a major challenge. The identity-based cryptosystem (IBC) previously used to secure the networks suffers from membership authentication security features. This paper focuses on improving the detection of intruders in VANETs with a modified identity-based cryptosystem (MIBC). The MIBC is developed using a non-singular elliptic curve with Lagrange interpolation. The public key of vehicles and roadside units on the network are derived from number plates and location identification numbers, respectively. Pseudo-identities are used to mask the real identity of users to preserve their privacy. The membership authentication mechanism ensures that only valid and authenticated members of the network are allowed to join the network. The performance of the MIBC is evaluated using intrusion detection ratio (IDR) and computation time (CT) and then validated with the existing IBC. The result obtained shows that the MIBC recorded an IDR of 99.3% against 94.3% obtained for the existing identity-based cryptosystem (EIBC) for 140 unregistered vehicles attempting to intrude on the network. The MIBC shows lower CT values of 1.17 ms against 1.70 ms for EIBC. The MIBC can be used to improve the security of VANETs.
Conceptual model of internet banking adoption with perceived risk and trust f...TELKOMNIKA JOURNAL
Understanding the primary factors of internet banking (IB) acceptance is critical for both banks and users; nevertheless, our knowledge of the role of users’ perceived risk and trust in IB adoption is limited. As a result, we develop a conceptual model by incorporating perceived risk and trust into the technology acceptance model (TAM) theory toward the IB. The proper research emphasized that the most essential component in explaining IB adoption behavior is behavioral intention to use IB adoption. TAM is helpful for figuring out how elements that affect IB adoption are connected to one another. According to previous literature on IB and the use of such technology in Iraq, one has to choose a theoretical foundation that may justify the acceptance of IB from the customer’s perspective. The conceptual model was therefore constructed using the TAM as a foundation. Furthermore, perceived risk and trust were added to the TAM dimensions as external factors. The key objective of this work was to extend the TAM to construct a conceptual model for IB adoption and to get sufficient theoretical support from the existing literature for the essential elements and their relationships in order to unearth new insights about factors responsible for IB adoption.
Efficient combined fuzzy logic and LMS algorithm for smart antennaTELKOMNIKA JOURNAL
The smart antennas are broadly used in wireless communication. The least mean square (LMS) algorithm is a procedure that is concerned in controlling the smart antenna pattern to accommodate specified requirements such as steering the beam toward the desired signal, in addition to placing the deep nulls in the direction of unwanted signals. The conventional LMS (C-LMS) has some drawbacks like slow convergence speed besides high steady state fluctuation error. To overcome these shortcomings, the present paper adopts an adaptive fuzzy control step size least mean square (FC-LMS) algorithm to adjust its step size. Computer simulation outcomes illustrate that the given model has fast convergence rate as well as low mean square error steady state.
Design and implementation of a LoRa-based system for warning of forest fireTELKOMNIKA JOURNAL
This paper presents the design and implementation of a forest fire monitoring and warning system based on long range (LoRa) technology, a novel ultra-low power consumption and long-range wireless communication technology for remote sensing applications. The proposed system includes a wireless sensor network that records environmental parameters such as temperature, humidity, wind speed, and carbon dioxide (CO2) concentration in the air, as well as taking infrared photos.The data collected at each sensor node will be transmitted to the gateway via LoRa wireless transmission. Data will be collected, processed, and uploaded to a cloud database at the gateway. An Android smartphone application that allows anyone to easily view the recorded data has been developed. When a fire is detected, the system will sound a siren and send a warning message to the responsible personnel, instructing them to take appropriate action. Experiments in Tram Chim Park, Vietnam, have been conducted to verify and evaluate the operation of the system.
Wavelet-based sensing technique in cognitive radio networkTELKOMNIKA JOURNAL
Cognitive radio is a smart radio that can change its transmitter parameter based on interaction with the environment in which it operates. The demand for frequency spectrum is growing due to a big data issue as many Internet of Things (IoT) devices are in the network. Based on previous research, most frequency spectrum was used, but some spectrums were not used, called spectrum hole. Energy detection is one of the spectrum sensing methods that has been frequently used since it is easy to use and does not require license users to have any prior signal understanding. But this technique is incapable of detecting at low signal-to-noise ratio (SNR) levels. Therefore, the wavelet-based sensing is proposed to overcome this issue and detect spectrum holes. The main objective of this work is to evaluate the performance of wavelet-based sensing and compare it with the energy detection technique. The findings show that the percentage of detection in wavelet-based sensing is 83% higher than energy detection performance. This result indicates that the wavelet-based sensing has higher precision in detection and the interference towards primary user can be decreased.
A novel compact dual-band bandstop filter with enhanced rejection bandsTELKOMNIKA JOURNAL
In this paper, we present the design of a new wide dual-band bandstop filter (DBBSF) using nonuniform transmission lines. The method used to design this filter is to replace conventional uniform transmission lines with nonuniform lines governed by a truncated Fourier series. Based on how impedances are profiled in the proposed DBBSF structure, the fractional bandwidths of the two 10 dB-down rejection bands are widened to 39.72% and 52.63%, respectively, and the physical size has been reduced compared to that of the filter with the uniform transmission lines. The results of the electromagnetic (EM) simulation support the obtained analytical response and show an improved frequency behavior.
The appearance of uncertainties and disturbances often effects the characteristics of either linear or nonlinear systems. Plus, the stabilization process may be deteriorated thus incurring a catastrophic effect to the system performance. As such, this manuscript addresses the concept of matching condition for the systems that are suffering from miss-match uncertainties and exogeneous disturbances. The perturbation towards the system at hand is assumed to be known and unbounded. To reach this outcome, uncertainties and their classifications are reviewed thoroughly. The structural matching condition is proposed and tabulated in the proposition 1. Two types of mathematical expressions are presented to distinguish the system with matched uncertainty and the system with miss-matched uncertainty. Lastly, two-dimensional numerical expressions are provided to practice the proposed proposition. The outcome shows that matching condition has the ability to change the system to a design-friendly model for asymptotic stabilization.
Implementation of FinFET technology based low power 4×4 Wallace tree multipli...TELKOMNIKA JOURNAL
Many systems, including digital signal processors, finite impulse response (FIR) filters, application-specific integrated circuits, and microprocessors, use multipliers. The demand for low power multipliers is gradually rising day by day in the current technological trend. In this study, we describe a 4×4 Wallace multiplier based on a carry select adder (CSA) that uses less power and has a better power delay product than existing multipliers. HSPICE tool at 16 nm technology is used to simulate the results. In comparison to the traditional CSA-based multiplier, which has a power consumption of 1.7 µW and power delay product (PDP) of 57.3 fJ, the results demonstrate that the Wallace multiplier design employing CSA with first zero finding logic (FZF) logic has the lowest power consumption of 1.4 µW and PDP of 27.5 fJ.
Evaluation of the weighted-overlap add model with massive MIMO in a 5G systemTELKOMNIKA JOURNAL
The flaw in 5G orthogonal frequency division multiplexing (OFDM) becomes apparent in high-speed situations. Because the doppler effect causes frequency shifts, the orthogonality of OFDM subcarriers is broken, lowering both their bit error rate (BER) and throughput output. As part of this research, we use a novel design that combines massive multiple input multiple output (MIMO) and weighted overlap and add (WOLA) to improve the performance of 5G systems. To determine which design is superior, throughput and BER are calculated for both the proposed design and OFDM. The results of the improved system show a massive improvement in performance ver the conventional system and significant improvements with massive MIMO, including the best throughput and BER. When compared to conventional systems, the improved system has a throughput that is around 22% higher and the best performance in terms of BER, but it still has around 25% less error than OFDM.
Reflector antenna design in different frequencies using frequency selective s...TELKOMNIKA JOURNAL
In this study, it is aimed to obtain two different asymmetric radiation patterns obtained from antennas in the shape of the cross-section of a parabolic reflector (fan blade type antennas) and antennas with cosecant-square radiation characteristics at two different frequencies from a single antenna. For this purpose, firstly, a fan blade type antenna design will be made, and then the reflective surface of this antenna will be completed to the shape of the reflective surface of the antenna with the cosecant-square radiation characteristic with the frequency selective surface designed to provide the characteristics suitable for the purpose. The frequency selective surface designed and it provides the perfect transmission as possible at 4 GHz operating frequency, while it will act as a band-quenching filter for electromagnetic waves at 5 GHz operating frequency and will be a reflective surface. Thanks to this frequency selective surface to be used as a reflective surface in the antenna, a fan blade type radiation characteristic at 4 GHz operating frequency will be obtained, while a cosecant-square radiation characteristic at 5 GHz operating frequency will be obtained.
Reagentless iron detection in water based on unclad fiber optical sensorTELKOMNIKA JOURNAL
A simple and low-cost fiber based optical sensor for iron detection is demonstrated in this paper. The sensor head consist of an unclad optical fiber with the unclad length of 1 cm and it has a straight structure. Results obtained shows a linear relationship between the output light intensity and iron concentration, illustrating the functionality of this iron optical sensor. Based on the experimental results, the sensitivity and linearity are achieved at 0.0328/ppm and 0.9824 respectively at the wavelength of 690 nm. With the same wavelength, other performance parameters are also studied. Resolution and limit of detection (LOD) are found to be 0.3049 ppm and 0.0755 ppm correspondingly. This iron sensor is advantageous in that it does not require any reagent for detection, enabling it to be simpler and cost-effective in the implementation of the iron sensing.
Impact of CuS counter electrode calcination temperature on quantum dot sensit...TELKOMNIKA JOURNAL
In place of the commercial Pt electrode used in quantum sensitized solar cells, the low-cost CuS cathode is created using electrophoresis. High resolution scanning electron microscopy and X-ray diffraction were used to analyze the structure and morphology of structural cubic samples with diameters ranging from 40 nm to 200 nm. The conversion efficiency of solar cells is significantly impacted by the calcination temperatures of cathodes at 100 °C, 120 °C, 150 °C, and 180 °C under vacuum. The fluorine doped tin oxide (FTO)/CuS cathode electrode reached a maximum efficiency of 3.89% when it was calcined at 120 °C. Compared to other temperature combinations, CuS nanoparticles crystallize at 120 °C, which lowers resistance while increasing electron lifetime.
In place of the commercial Pt electrode used in quantum sensitized solar cells, the low-cost CuS cathode is created using electrophoresis. High resolution scanning electron microscopy and X-ray diffraction were used to analyze the structure and morphology of structural cubic samples with diameters ranging from 40 nm to 200 nm. The conversion efficiency of solar cells is significantly impacted by the calcination temperatures of cathodes at 100 °C, 120 °C, 150 °C, and 180 °C under vacuum. The fluorine doped tin oxide (FTO)/CuS cathode electrode reached a maximum efficiency of 3.89% when it was calcined at 120 °C. Compared to other temperature combinations, CuS nanoparticles crystallize at 120 °C, which lowers resistance while increasing electron lifetime.
A progressive learning for structural tolerance online sequential extreme lea...TELKOMNIKA JOURNAL
This article discusses the progressive learning for structural tolerance online sequential extreme learning machine (PSTOS-ELM). PSTOS-ELM can save robust accuracy while updating the new data and the new class data on the online training situation. The robustness accuracy arises from using the householder block exact QR decomposition recursive least squares (HBQRD-RLS) of the PSTOS-ELM. This method is suitable for applications that have data streaming and often have new class data. Our experiment compares the PSTOS-ELM accuracy and accuracy robustness while data is updating with the batch-extreme learning machine (ELM) and structural tolerance online sequential extreme learning machine (STOS-ELM) that both must retrain the data in a new class data case. The experimental results show that PSTOS-ELM has accuracy and robustness comparable to ELM and STOS-ELM while also can update new class data immediately.
Electroencephalography-based brain-computer interface using neural networksTELKOMNIKA JOURNAL
This study aimed to develop a brain-computer interface that can control an electric wheelchair using electroencephalography (EEG) signals. First, we used the Mind Wave Mobile 2 device to capture raw EEG signals from the surface of the scalp. The signals were transformed into the frequency domain using fast Fourier transform (FFT) and filtered to monitor changes in attention and relaxation. Next, we performed time and frequency domain analyses to identify features for five eye gestures: opened, closed, blink per second, double blink, and lookup. The base state was the opened-eyes gesture, and we compared the features of the remaining four action gestures to the base state to identify potential gestures. We then built a multilayer neural network to classify these features into five signals that control the wheelchair’s movement. Finally, we designed an experimental wheelchair system to test the effectiveness of the proposed approach. The results demonstrate that the EEG classification was highly accurate and computationally efficient. Moreover, the average performance of the brain-controlled wheelchair system was over 75% across different individuals, which suggests the feasibility of this approach.
Adaptive segmentation algorithm based on level set model in medical imagingTELKOMNIKA JOURNAL
For image segmentation, level set models are frequently employed. It offer best solution to overcome the main limitations of deformable parametric models. However, the challenge when applying those models in medical images stills deal with removing blurs in image edges which directly affects the edge indicator function, leads to not adaptively segmenting images and causes a wrong analysis of pathologies wich prevents to conclude a correct diagnosis. To overcome such issues, an effective process is suggested by simultaneously modelling and solving systems’ two-dimensional partial differential equations (PDE). The first PDE equation allows restoration using Euler’s equation similar to an anisotropic smoothing based on a regularized Perona and Malik filter that eliminates noise while preserving edge information in accordance with detected contours in the second equation that segments the image based on the first equation solutions. This approach allows developing a new algorithm which overcome the studied model drawbacks. Results of the proposed method give clear segments that can be applied to any application. Experiments on many medical images in particular blurry images with high information losses, demonstrate that the developed approach produces superior segmentation results in terms of quantity and quality compared to other models already presented in previeous works.
Automatic channel selection using shuffled frog leaping algorithm for EEG bas...TELKOMNIKA JOURNAL
Drug addiction is a complex neurobiological disorder that necessitates comprehensive treatment of both the body and mind. It is categorized as a brain disorder due to its impact on the brain. Various methods such as electroencephalography (EEG), functional magnetic resonance imaging (FMRI), and magnetoencephalography (MEG) can capture brain activities and structures. EEG signals provide valuable insights into neurological disorders, including drug addiction. Accurate classification of drug addiction from EEG signals relies on appropriate features and channel selection. Choosing the right EEG channels is essential to reduce computational costs and mitigate the risk of overfitting associated with using all available channels. To address the challenge of optimal channel selection in addiction detection from EEG signals, this work employs the shuffled frog leaping algorithm (SFLA). SFLA facilitates the selection of appropriate channels, leading to improved accuracy. Wavelet features extracted from the selected input channel signals are then analyzed using various machine learning classifiers to detect addiction. Experimental results indicate that after selecting features from the appropriate channels, classification accuracy significantly increased across all classifiers. Particularly, the multi-layer perceptron (MLP) classifier combined with SFLA demonstrated a remarkable accuracy improvement of 15.78% while reducing time complexity.
ResNet-n/DR: Automated diagnosis of diabetic retinopathy using a residual neu...TELKOMNIKA JOURNAL
Diabetic retinopathy (DR) is a progressive eye disease associated with diabetes, resulting in blindness or blurred vision. The risk of vision loss was dramatically decreased with early diagnosis and treatment. Doctors diagnose DR by examining the fundus retinal images to develop lesions associated with the disease. However, this diagnosis is a tedious and challenging task due to growing undiagnosed and untreated DR cases and the variability of retinal changes across disease stages. Manually analyzing the images has become an expensive and time-consuming task, not to mention that training new specialists takes time and requires daily practice. Our work investigates deep learning methods, particularly convolutional neural network (CNN), for DR diagnosis in the disease’s five stages. A pre-trained residual neural network (ResNet-34) was trained and tested for DR. Then, we develop computationally efficient and scalable methods after modifying a ResNet-34 with three additional residual units as a novel ResNet-n/DR. The Asia Pacific Tele-Ophthalmology Society (APTOS) 2019 dataset was used to evaluate the performance of models after applying multiple pre-processing steps to eliminate image noise and improve color contrast, thereby increasing efficiency. Our findings achieved state-of-the-art results compared to previous studies that used the same dataset. It had 90.7% sensitivity, 93.5% accuracy, 98.2% specificity, 89.5% precision, and 90.1% F1 score.
Water scarcity is the lack of fresh water resources to meet the standard water demand. There are two type of water scarcity. One is physical. The other is economic water scarcity.
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdffxintegritypublishin
Advancements in technology unveil a myriad of electrical and electronic breakthroughs geared towards efficiently harnessing limited resources to meet human energy demands. The optimization of hybrid solar PV panels and pumped hydro energy supply systems plays a pivotal role in utilizing natural resources effectively. This initiative not only benefits humanity but also fosters environmental sustainability. The study investigated the design optimization of these hybrid systems, focusing on understanding solar radiation patterns, identifying geographical influences on solar radiation, formulating a mathematical model for system optimization, and determining the optimal configuration of PV panels and pumped hydro storage. Through a comparative analysis approach and eight weeks of data collection, the study addressed key research questions related to solar radiation patterns and optimal system design. The findings highlighted regions with heightened solar radiation levels, showcasing substantial potential for power generation and emphasizing the system's efficiency. Optimizing system design significantly boosted power generation, promoted renewable energy utilization, and enhanced energy storage capacity. The study underscored the benefits of optimizing hybrid solar PV panels and pumped hydro energy supply systems for sustainable energy usage. Optimizing the design of solar PV panels and pumped hydro energy supply systems as examined across diverse climatic conditions in a developing country, not only enhances power generation but also improves the integration of renewable energy sources and boosts energy storage capacities, particularly beneficial for less economically prosperous regions. Additionally, the study provides valuable insights for advancing energy research in economically viable areas. Recommendations included conducting site-specific assessments, utilizing advanced modeling tools, implementing regular maintenance protocols, and enhancing communication among system components.
Final project report on grocery store management system..pdfKamal Acharya
In today’s fast-changing business environment, it’s extremely important to be able to respond to client needs in the most effective and timely manner. If your customers wish to see your business online and have instant access to your products or services.
Online Grocery Store is an e-commerce website, which retails various grocery products. This project allows viewing various products available enables registered users to purchase desired products instantly using Paytm, UPI payment processor (Instant Pay) and also can place order by using Cash on Delivery (Pay Later) option. This project provides an easy access to Administrators and Managers to view orders placed using Pay Later and Instant Pay options.
In order to develop an e-commerce website, a number of Technologies must be studied and understood. These include multi-tiered architecture, server and client-side scripting techniques, implementation technologies, programming language (such as PHP, HTML, CSS, JavaScript) and MySQL relational databases. This is a project with the objective to develop a basic website where a consumer is provided with a shopping cart website and also to know about the technologies used to develop such a website.
This document will discuss each of the underlying technologies to create and implement an e- commerce website.
Automobile Management System Project Report.pdfKamal Acharya
The proposed project is developed to manage the automobile in the automobile dealer company. The main module in this project is login, automobile management, customer management, sales, complaints and reports. The first module is the login. The automobile showroom owner should login to the project for usage. The username and password are verified and if it is correct, next form opens. If the username and password are not correct, it shows the error message.
When a customer search for a automobile, if the automobile is available, they will be taken to a page that shows the details of the automobile including automobile name, automobile ID, quantity, price etc. “Automobile Management System” is useful for maintaining automobiles, customers effectively and hence helps for establishing good relation between customer and automobile organization. It contains various customized modules for effectively maintaining automobiles and stock information accurately and safely.
When the automobile is sold to the customer, stock will be reduced automatically. When a new purchase is made, stock will be increased automatically. While selecting automobiles for sale, the proposed software will automatically check for total number of available stock of that particular item, if the total stock of that particular item is less than 5, software will notify the user to purchase the particular item.
Also when the user tries to sale items which are not in stock, the system will prompt the user that the stock is not enough. Customers of this system can search for a automobile; can purchase a automobile easily by selecting fast. On the other hand the stock of automobiles can be maintained perfectly by the automobile shop manager overcoming the drawbacks of existing system.
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)MdTanvirMahtab2
This presentation is about the working procedure of Shahjalal Fertilizer Company Limited (SFCL). A Govt. owned Company of Bangladesh Chemical Industries Corporation under Ministry of Industries.
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Dr.Costas Sachpazis
Terzaghi's soil bearing capacity theory, developed by Karl Terzaghi, is a fundamental principle in geotechnical engineering used to determine the bearing capacity of shallow foundations. This theory provides a method to calculate the ultimate bearing capacity of soil, which is the maximum load per unit area that the soil can support without undergoing shear failure. The Calculation HTML Code included.
Welcome to WIPAC Monthly the magazine brought to you by the LinkedIn Group Water Industry Process Automation & Control.
In this month's edition, along with this month's industry news to celebrate the 13 years since the group was created we have articles including
A case study of the used of Advanced Process Control at the Wastewater Treatment works at Lleida in Spain
A look back on an article on smart wastewater networks in order to see how the industry has measured up in the interim around the adoption of Digital Transformation in the Water Industry.
Vaccine management system project report documentation..pdfKamal Acharya
The Division of Vaccine and Immunization is facing increasing difficulty monitoring vaccines and other commodities distribution once they have been distributed from the national stores. With the introduction of new vaccines, more challenges have been anticipated with this additions posing serious threat to the already over strained vaccine supply chain system in Kenya.
Saudi Arabia stands as a titan in the global energy landscape, renowned for its abundant oil and gas resources. It's the largest exporter of petroleum and holds some of the world's most significant reserves. Let's delve into the top 10 oil and gas projects shaping Saudi Arabia's energy future in 2024.
Student information management system project report ii.pdfKamal Acharya
Our project explains about the student management. This project mainly explains the various actions related to student details. This project shows some ease in adding, editing and deleting the student details. It also provides a less time consuming process for viewing, adding, editing and deleting the marks of the students.
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSEDuvanRamosGarzon1
AIRCRAFT GENERAL
The Single Aisle is the most advanced family aircraft in service today, with fly-by-wire flight controls.
The A318, A319, A320 and A321 are twin-engine subsonic medium range aircraft.
The family offers a choice of engines
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
Deep learning approach to DDoS attack with imbalanced data at the application layer
1. TELKOMNIKA Telecommunication Computing Electronics and Control
Vol. 21, No. 5, October 2023, pp. 1060~1067
ISSN: 1693-6930, DOI: 10.12928/TELKOMNIKA.v21i5.24857 1060
Journal homepage: http://telkomnika.uad.ac.id
Deep learning approach to DDoS attack with imbalanced data
at the application layer
Rahmad Gunawan1
, Hadhrami Ab Ghani2
, Nurulaqilla Khamis3
, Januar Al Amien1
, Edi Ismanto4
1
Departement of Informatics Engineering, Faculty of Computer Sciences, Universitas Muhammadiyah Riau, Pekanbaru, Indonesia
2
Department of Data Science, Faculty of Data Science and Computing, Universiti Malaysia Kelantan, Kota Bharu, Malaysia
3
Department of Control and Mechatronic, Faculty of Electrical Engineering, Universiti Teknologi Malaysia, Skudai, Johor, Malaysia
4
Department of Informatics Education, Faculty of Teacher Training and Education, Universitas Muhammadiyah Riau, Pekanbaru,
Indonesia
Article Info ABSTRACT
Article history:
Received Nov 30, 2022
Revised Mar 08, 2023
Accepted Mar 25, 2023
A distributed denial of service (DDoS) attack is where one or more computers
attack or target a server computer, by flooding internet traffic to the server.
As a result, the server cannot be accessed by legitimate users. A result of this
attack causes enormous losses for a company because it can reduce the level
of user trust, and reduce the company’s reputation to lose customers due to
downtime. One of the services at the application layer that can be accessed by
users is a web-based lightweight directory access protocol (LDAP) service
that can provide safe and easy services to access directory applications.
We used a deep learning approach to detect DDoS attacks on the CICDDoS
2019 dataset on a complex computer network at the application layer to get
fast and accurate results for dealing with unbalanced data. Based on the results
obtained, it is observed that DDoS attack detection using a deep learning
approach on imbalanced data performs better when implemented using
synthetic minority oversampling technique (SMOTE) method for binary
classes. On the other hand, the proposed deep learning approach performs
better for detecting DDoS attacks in multiclass when implemented using the
adaptive synthetic (ADASYN) method.
Keywords:
ADASYN
Application layer
DDoS
Deep learning
LDAP
SMOTE
This is an open access article under the CC BY-SA license.
Corresponding Author:
Rahmad Gunawan
Departement of Informatics Engineering, Faculty of Computer Sciences
Universitas Muhammadiyah Riau, Jalan Tuanku Tambusai, Kota Pekanbaru, Provinsi Riau, Indonesia
Email: goengoen78@umri.ac.id
1. INTRODUCTION
More than 20% of denial-of-service attacks involve a form that utilizes a large number of devices to
overload and disrupt a targeted system or network occurs in enterprises worldwide, according to a report
published by Kaspersky in 2020 [1], the number of such attacks tripled in the second quarter of 2020 compared
to the same quarter in 2019. A distributed denial of service (DDoS) attack is an attack that involves multiple
computers that attack one main computer by flooding the internet network traffic so that legitimate users cannot
access the main computer because the computer crashes. DDoS attacks are divided into two types of categories:
attacks that occur at the network/transport layer by opening half connections on transmission control protocol
(TCP), user datagram protocol (UDP), internet control message protocol (ICMP), and domain name system
(DNS) and sending large packets or flooding the internet network traffic, and attacks that occur at the
application layer only doing very little bandwidth requests, and tends to have a hidden nature. Recently, a new
class of DDoS attacks that are referred to as application layer attacks has begun to increase in popularity. This
attack exploits vulnerabilities and vulnerabilities in protocols operating at the application layer [2]. These
2. TELKOMNIKA Telecommun Comput El Control
Deep learning approach to DDoS attack with imbalanced data at the application layer (Rahmad Gunawan)
1061
attacks will consume resources by overloading application servers, their purpose of the attack is more specific
such as attacks on lightweight directory access protocol (LDAP), hypertext transfer protocol (HTTP), and DNS
applications, by interfering with legitimate user services [3]. As a result, traditional defense systems are unable
to cope with DDoS attacks at the application layer that use asymmetric computing between clients and servers,
due to requests from protocols and computer network traffic. Attacks that flood network traffic fall into two
categories, reflection/amplification-based attacks using DNS queries with fake source IPs by triggering heavy
internet traffic resulting in server system crashes. Serengan which is HTTP-based or application-based can be
divided into four types; request flooding attacks refer to a cyber attack technique in which a large number of
requests are sent to a server or application, consuming its resources and causing it to malfunction or crash on
network traffic [3].
In this study, researchers used one type of DDoS attack, namely LDAP. LDAP attack This refers to a
DDoS attack related to the exploitation of the LDAP protocol. The attackers flood susceptible LDAP servers
with a massive volume of LDAP requests pretending to be real LDAP clients using fake internet protocol (IP)
addresses. The LDAP server becomes too busy to make a response for the attacker and becomes unable to
respond to the actual LDAP client.
In various problem domains such as genetic engineering [4], [5], text mining [5], [6], picture
recognition [7], financial fraud [8], web mining to text categorization [9], and imbalanced data classification
has been advocated by researchers [10]. Today, the performance of machine learning (ML), particularly deep
learning (DL), can evaluate large amounts of data [11], [12] to differentiate benign from malicious DDoS/DoS
assaults rapidly, precisely, and reliably. DL, which is comprised of multiple DNN designs such as recurrent
neural network (RNN), convolutional neural network (CNN), and long short-term memory (LSTM) network,
offers numerous benefits for classification and prediction issues over standard ML models [8]. RNN employing
LSTM units partially resolves the missing gradient problem [13] since LSTM units permit gradients to flow
unaffected. However, LSTM networks may still encounter the issue of gradients exploding. This LSTM was
created and utilized by several researchers.
In this research, a deep learning model is suggested to resolve data imbalances for identifying and
forecasting DDoS/DoS assaults. Using synthetic minority oversampling technique (SMOTE) and adaptive
synthetic (ADASYN) approaches, our primary contribution to this research is a novel method for identifying
DDoS assaults using imbalanced datasets. In addition, this article provides the most recent assessment of
multiclass and binary classes in the DL model for detecting DDoS assaults at the application layer of the new
framework utilizing public datasets.
2. LITERATURE REVIEW
2.1. DDoS
Based on reflection distributed a type of cyber attack that disrupts normal network traffic a technique
that allows attacks to be carried out while concealing the IP address of the computer that is attacking by making
use of another machine that is legal. This allows the IP address of the computer that is attacking to remain
confidential. Because of this, the IP address of the machine that is responsible for carrying out the assault might
stay hidden. The data packet’s transfer to the reflector server will make use of the source IP address that the
attacker has previously provided for use in that transmission. When they initiate their assaults, attackers aim
for application layer protocols like TCP and UDP, or a mix of the two at the very least, if not both. Some
examples of attacks that fall within the TCP category [14] are those that make use of Microsoft SQL (MSSQL)
hand files and simple service discovery protocol (SSDP) hand files.
Attacks such as CharGen, network time protocol (NTP), and trivial file transfer protocol (TFTP) are
all examples of those that utilize UDP. It is possible to carry out some attacks, such as those utilizing DNS,
LDAP, network basic input output system (NetBIOS), and simple network management protocol (SNMP),
using either TCP or UDP to connect with the target to carry out the attack. These assaults are not dependent on
or coordinated with one another in any way. The second variant of DDoS attack is known as an exploit-based
DDoS attack, and it is an attack that still manages to hide the IP address of the attacker by making use of a real
computer that belongs to a third party. This attack is commonly referred to as a DDoS attack that is based on
exploiting a vulnerability in a system.
2.2. Classification
Binary classification is labeling the output into two groups on a dataset. In the case of our dataset with
unbalanced data, our binary classification must have the ability to determine whether the labeling is in the form
of an attack or not. Therefore, we group the labeling into two categories: normal and attack [15]. Multiclass
classification results in three or more classes in a dataset. Multiclass is caused by data imbalance problems and
has several classes.
3. ISSN: 1693-6930
TELKOMNIKA Telecommun Comput El Control, Vol. 21, No. 5, October 2023: 1060-1067
1062
2.3. ADASYN
The over-sampling approach known as sampling ADASYN [16] is a method for achieving a balanced
distribution of classes by the random replication of examples in minority classes [17]. Because it replicates the
original occurrence in its entirety, over-sampling raises the risk of overfitting. In essence, can adaptively create
minority data samples by the data distribution. When there is there has been a rise in the production of synthetic
data that pertains to the underrepresented group, it becomes more difficult to research. Although this strategy
is unable to eliminate the learning bias caused by an unequal distribution of data, it can adaptively change the
limits of judgment in place more emphasis on samples that are more challenging to investigate.
− Step 1: determine the number, and 𝐺 of the samples for synthesis as [17].
𝐺 = (𝑛𝑏 − 𝑛𝑠)𝛽, (1)
Which is obtained from the difference between the majority sample, 𝑛𝑏 and the minority sample, 𝑛𝑠 where
𝛽 ∈ (0, 1).
− Step 2: for the current sample, 𝑖, the proportion, 𝑟𝑖 , of the current majority class sample, 𝑘𝑖, from the
current (number of) neighbors, 𝐾𝑖, is written as.
𝑟𝑖 = 𝑘𝑖/𝐾𝑖 (2)
− Step 3: hence, the number of specimens, 𝑔 to be synthesized is computed as:
𝑔 = 𝐺𝑟𝑖 (3)
And the synthesized new sample is expressed as:
𝑍𝑖 = 𝑋𝑖 + 𝑋𝑍𝑖
− 𝑋𝑖𝜆 (4)
Where 𝑋𝑖 and 𝑋𝑍𝑖
represent the instantaneous minority sample and the random sample respectively with
𝑋𝑖, 𝜆 ∈ (0, 1) [13].
2.4. SMOTE
An approach known as the SMOTE involves the insertion of a minority class to generate an additional
minority sample for achieving class balance [18] by undersampling the majority class. This method creates a
new minority sample to balance the dataset. To do this, it forms a new instance of the minority class by
combining neighboring instances. This ensures that the dataset is balanced without being overfit. The SMOTE
procedure is detailed in Algorithm 1, which may be found below. The number of minority class samples (𝑇),
the oversampling rate (𝑁%), and the number of nearest neighbours arethe three factors that determine how
many synthetic samples (𝑆) will be generated for the minority classes (𝑘).
When 𝑁 is less than 100%, randomization of the samples from the minority classes occurs. Only for
the minority classes do we compute the k-nearest neighbor distances. This is a function of 𝑁, the current sample
size from the minority class 𝐼 the integral multiples of 100 that are present in 𝑁(𝑗), and an array of random
integers (𝑛𝑛 array). 𝑍 is an array of the original samples that came from the minority class, 𝑟 is the number of
synthetic samples that were created, and 𝑉 is an array of the synthetic samples [18]. Synthetic minority
over-sampling approach is the most effective oversampling technique due to its wide handling and practice,
including applications in gender analysis, bioengineering [19], medical examination [20], and fraud
identification. And we believe that the use of The investigation of distributed SMOTE is a current and lively
research field [21].
3. METHOD
3.1. Dataset
The Canadian Institute for Cybersecurity is the origin of the dataset that will be utilized in the
CICDDoS 2019 competition [22]. The dataset includes both fake and real-time DDoS assaults; the attacks are
modeled after genuine data from the real world planar capacitor (PCAP). Also included are the findings of a
network traffic analysis performed using CICFlowMeter-V3, complete with labeled streams that are organized
according to timestamps, source and destination IP addresses, source and destination ports, protocols, and
assaults (CSV file).
One variety of DDoS assaults was utilized in this investigation by the researchers. This attack was
carried out at the application layer using LDAP, which is dependent on the TCP protocol. This massive
document contains 80 columns and 2113234 rows. The dataset includes legitimate and the most recent
4. TELKOMNIKA Telecommun Comput El Control
Deep learning approach to DDoS attack with imbalanced data at the application layer (Rahmad Gunawan)
1063
examples of frequently distributed denial of service attacks, which are analogous to real-world data PCAP.
The raw data, which includes the network traffic PCAP and event logs (both Windows event logs and Ubuntu
event logs) for each system, each of which has been recorded as a CSV file. The dataset has been arranged in
a day-by-day format. Every day, we captured the raw data, which included the machine’s network traffic PCAP
and event logs (both Windows and Ubuntu event Logs).
3.2. Data preparation
At this stage hardware and software are needed to analyze the dataset. Meanwhile, we analyzed the
dataset using virtual machine hardware with specifications Intel® Xeon ® Gold 6134 CPU 3.20 Ghz, virtual
processor 22, speed 3.19 Ghz, 32 Gb RAM with @Jupyter 6.4.12 software. Figure 1 shows the data architecture
process flow, with an explanation of the stages as:
Figure 1. Process data architecture
a) Input dataset CICDDoS2019: the first step is to obtain the required dataset on which the proposed model
will be trained, tested and validated.
b) Data cleaning: data cleansing is considered to be a crucial aspect step of data pre-processing. Data
cleaning is the process of cleaning data by removing features that have identical values and also removing
noise from irrelevant data [23], [24]. This data-cleaning process greatly affects performance because the
data to be handled will reduce noise and complexity.
c) Feature selection: the process of selecting features is among the most important phases contributing to
deep learning model results and performance. Selecting and reducing features from the data set can
increase training and testing speed, classifier accuracy, and computational modeling costs [25]. The goal
is to reduce the dimensionality of the data and improve the quality of predictive models.
d) New dataset: after preprocessing, a new dataset is obtained from the results of data cleaning and feature
selection which will be classified at a later stage. A new dataset is a data set that can be new data that has
never been used before, a subset of the original dataset, or a dataset that has undergone transformation or
preprocessing. The next step is to choose the right model or algorithm for the data analysis you want to do.
e) Apply the algorithm: we analyzed the dataset and found that the data was imbalanced, there are 3 labels
in the “LDAP.csv” file, namely Benign and LDAP, and NetBIOS. We label [0,1,1] for multiclass and
[0,1] for binary. We categorize binaries into two types: benign and LDAP. The author conducted testing
of binary classification and multiclass classification. In this study, the author will compare the two tests,
namely multiclass classification, and binary classification. Submission of ADASYN algorithm and
SMOTE algorithm to handle imbalanced data.
f) Data split: after getting the new dataset, we split the dataset for testing, namely training data and test data,
with a distribution of 80% for training data and 20% for test data. The purpose of data split is to divide
the dataset into different subsets for use in different stages of the data analysis process. Data splits are
generally performed before training a machine learning model or evaluating model performance.
g) Deep neural network: it is the framework that should be used to get knowledge from the dataset that we
entered. In most cases, it is composed of the following three primary layers: the data that are received
from the dataset are the responsibility of the input layer. In most cases, one node corresponds to a single
dimension or the total number of characteristics that are included in the dataset. The data from the input
layer is sent on to the hidden layer, which is the layer that is concealed. The information received from
the previous layer is transmitted to the output layer, which is the last layer in the chain.
h) Evaluation: using the following indications taken from the standard matrix, we can evaluate how effective
the deep learning model will be in detecting DDoS attacks: 1) correctness refers to the overall accuracy
of the model; 2) the term “precision” refers to the likelihood that the model would correctly identify the
assault; 3) the chance that the model can identify attacks out of the total number of assaults is referred to
as the recall; and 4) F-measure, also known as F1-Score, is a harmonic mean that combines recall and
accuracy. The bottom equation contains the formulae that are used to calculate the values [26].
5. ISSN: 1693-6930
TELKOMNIKA Telecommun Comput El Control, Vol. 21, No. 5, October 2023: 1060-1067
1064
𝐴𝑐𝑐𝑢𝑟𝑎𝑐𝑦 = (𝑇𝑃 + 𝑇𝑁)/(𝑇𝑃 + 𝑇𝑁 + 𝐹𝑃 + 𝐹𝑁)
𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 = 𝑇𝑃/(𝑇𝑃 + 𝐹𝑃)
𝑅𝑒𝑐𝑎𝑙𝑙 = 𝑇𝑃/(𝑇𝑃 + 𝐹𝑁)
𝐹1 − 𝑆𝑐𝑜𝑟𝑒 = 2((𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 × 𝑅𝑒𝑐𝑎𝑙𝑙)/(𝑃𝑟𝑒𝑐𝑖𝑠𝑖𝑜𝑛 + 𝑅𝑒𝑐𝑎𝑙𝑙))
Where 𝑇𝑃, 𝑇𝑁, 𝐹𝑃, and 𝐹𝑁 represent true positives, true negatives, false positives, and false negatives, respectively.
− 𝑇𝑃 = true positive
− 𝑇𝑁 = true negative
− 𝐹𝑃 = false positive
− 𝐹𝑁 = false negative
4. RESULTS AND DISCUSSION
During the course of this experiment, the performance of the suggested network was assessed by the
utilization of normal, LDAP, and NetBIOS probes, in that specific sequence, for the binary and
multiclassification trials, respectively. The findings of the experiment revealed that the majority of the samples
could be appropriately categorized in their respective categories. Because of this, the samples were able to be
placed on the diagonal, which demonstrates that the classification performance was enhanced.
The effectiveness of the suggested model, on the other hand, was significantly diminished when it was
subjected to multiclassification trials as opposed to binary classification experiments, as can be seen by
comparing the two figures. This was the case when the model was tested with both types of classifications.
The fact that the suggested model showed poor performance in the studies that incorporated multiclassification
is evidence that this is the case.
By comparing the ADASYN algorithm and the SMOTE algorithm. Figure 2 and Figure 3 show the
results of the binary class comparison experiment between ADASYN and SMOTE in the confusion matrix
binary model. Experiments show how to correctly classify numbers diagonally with good performance for
SMOTE. Table 1 describes the results of the comparison between ADASYN and SMOTE, where the F1 value
for benign is 0.9983 and for attack is 0.9983, while SMOTE shows F1 benign 0.9997 and attack is 0.9997. This
shows that the SMOTE technique has better performance than ADASYN for the binary class.
Figure 2. ADASYN binary Figure 3. SMOTE binary
Table 1. Binary data comparison
Type/c
ADASYN SMOTE
Benign (0) Attack (1) Benign (0) Attack (1)
Acc 0.9983 0.9983 0.9997 0.9997
Pre 0.9966 1.0 0.9997 0.9997
Rec 1.0 0.9966 0.9997 0.9997
F1 0.9983 0.9983 0.9997 0.9997
6. TELKOMNIKA Telecommun Comput El Control
Deep learning approach to DDoS attack with imbalanced data at the application layer (Rahmad Gunawan)
1065
Figure 4 and Figure 5 show show the results of a multiclass comparison experiment between
ADASYN and SMOTE in the model multiclassification confusion matrix. The experiment shows correctly
multiclassification diagonally with good performance for ADASYN. Table 2 describes the results of the
comparison of ADASYN and SMOTE, where the F1 value for benign is 1.0, LDAP is 0.9999 and NetBIOS is
0.9999, on SMOTE it shows F1 benign 0.9999, LDAP is 0.9999 and netbois is 0.9998, this shows that the
ADASYN technique has better performance than SMOTE for multiclassification.
Figure 4. ADASYN Figure 5. SMOTE
Table 2. Multiclass data comparison
Type/classes
ADASYN SMOTE
Benign (0) LDAP (1) NetBIOS (2) Benign (0) LDAP (1) NetBIOS (2)
Acc 1.0 0.9999 0.9999 0.9999 1.0 0.9999
Pre 1.0 1.0 0.9998 0.9999 1.0 0.9997
Rec 1.0 0.9998 1.0 0.9998 0.9999 1.0
F1 1.0 0.9999 0.9999 0.9999 0.9999 0.9998
5. CONCLUSION
From the stages of work that have been carried out in the research above, the results obtained can be
concluded. The results of the performance comparison on the two algorithms, namely the ADASYN and
SMOTE algorithms, show high accuracy performance in overcoming the problem of data imbalance, both in
the binary category, namely benign and abnormal, and for multiclass into three classes, namely benign, LDAP
and Netbois. The experimental results that we conducted show that SMOTE is better than ADASYN for
binaries and ADASYN is better than SMOTE for multiclass in overcoming the problem of unbalanced data.
REFERENCES
[1] www.kaspersky.com, “The Kaspersky Q2 2020 DDoS attacks report,” 2020. [Online]. Available:
https://www.kaspersky.com/about/press-releases/2020_no-summer-vacation-ddos-attacks-tripled-year-on-year-in-q2-2020
[2] N. Tripathi and N. Hubballi, “Application layer denial-of-service attacks and defense mechanisms: A survey,” ACM Computing
Surveys, vol. 54, no. 4, pp. 1-33, 2021, doi: 10.1145/3448291.
[3] I. Sreeram and V. P. K. Vuppala, “HTTP flood attack detection in application layer using machine learning metrics and bio inspired
bat algorithm,” Applied Computing and Informatics, vol. 15, no. 1, pp. 59–66, 2019, doi: 10.1016/j.aci.2017.10.003.
[4] Y. Liu, Z. Yu, C. Chen, Y. Han, and B. Yu, “Prediction of protein crotonylation sites through LightGBM classifier based on SMOTE
and elastic net,” Analytical Biochemistry, vol. 609, 2020, doi: 10.1016/j.ab.2020.113903.
[5] Y. Li, H. Guo, Q. Zhang, M. Gu, and J. Yang, “Imbalanced text sentiment classification using universal and domain-specific
knowledge,” Knowledge-Based Systems, vol. 160, pp. 1–15, 2018, doi: 10.1016/j.knosys.2018.06.019.
[6] R. Panigrahi and S. Borah, “Dual-stage intrusion detection for class imbalance scenarios,” Computer Fraud & Security, vol. 2019,
no. 12, pp. 12–19, 2021, doi: 10.1016/S1361-3723(19)30128-9.
[7] L. Wang and C. Wu, “Dynamic imbalanced business credit evaluation based on Learn++ with sliding time window and weight
sampling and FCM with multiple kernels,” Information Sciences, vol. 520, pp. 305–323, 2020, doi: 10.1016/j.ins.2020.02.011.
[8] M. E. El-Telbany, “Prediction of the Electrical Load for Egyptian Energy Management Systems: Deep Learning Approach,” The
International Conference on Artificial Intelligence and Computer Vision (AICV2020), 2020, vol. 1153, doi: 10.1007/978-3-030-
44289-7_23.
[9] G. Wang, J. Chen, and L. T. Yang, “Security, Privacy, and Anonymity in Computation, Communication, and Storage,”
11th International Conference and Satellite Workshops, SpaCCS 2018, 2018, doi: 10.1007/978-3-319-72395-2.
7. ISSN: 1693-6930
TELKOMNIKA Telecommun Comput El Control, Vol. 21, No. 5, October 2023: 1060-1067
1066
[10] Y. Sun, A. K. C. Wong, and M. S. Kamel, “Classification of imbalanced data: A review,” International Journal of Pattern
Recognition and Artificial Intelligence, vol. 23, no. 4, pp. 687–719, 2009, doi: 10.1142/S0218001409007326.
[11] K. Kambatla, G. Kollias, V. Kumar, and A. Grama, “Trends in big data analytics,” Journal of Parallel and Distributed Computing,
vol. 74, no. 7, pp. 2561–2573, 2014, doi: 10.1016/j.jpdc.2014.01.003.
[12] Sowmya R. and Suneetha K. R., “Data Mining with Big Data,” 2017 11th International Conference on Intelligent Systems and
Control (ISCO), 2017, pp. 246-250, doi: 10.1109/ISCO.2017.7855990.
[13] T. Khempetch and P. Wuttidittachotti, “Ddos attack detection using deep learning,” IAES International Journal of Artificial
Intelligence (IJ-AI), vol. 10, no. 2, pp. 382–388, 2021, doi: 10.11591/ijai.v10.i2.pp382-388.
[14] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing Realistic Distributed Denial of Service (DDoS) Attack
Dataset and Taxonomy,” 2019 International Carnahan Conference on Security Technology (ICCST), 2019, pp. 1-8,
doi: 10.1109/CCST.2019.8888419.
[15] F. E. Laghrissi, S. Douzi, K. Douzi, and B. Hssina, “Intrusion detection systems using long short-term memory (LSTM),” Journal
of Big Data, vol. 8, no. 65, 2021, doi: 10.1186/s40537-021-00448-4.
[16] H. He, Y. Bai, E. A. Garcia, and S. Li, “ADASYN: Adaptive synthetic sampling approach for imbalanced learning,” 2008 IEEE
International Joint Conference on Neural Networks (IEEE World Congress on Computational Intelligence), 2008, pp. 1322-1328,
doi: 10.1109/IJCNN.2008.4633969.
[17] Y. Fu, Y. Du, Z. Cao, Q. Li, and W. Xiang, “A Deep Learning Model for Network Intrusion Detection with Imbalanced Data,”
Electronics., vol. 11, no. 6, 2022, doi: 10.3390/electronics11060898.
[18] S. I. Popoola, B. Adebisi, R. Ande, M. Hammoudeh, K. Anoh, and A. A. Atayero, “SMOTE-drnn: A deep learning algorithm for
botnet detection in the internet-of-things networks,” Sensors, vol. 21, no. 9, 2021, doi: 10.3390/s21092985.
[19] C. Liu, J. Wu, L. Mirador, Y. Song, and W. Hou, “Classifying DNA Methylation Imbalance Data in Cancer Risk Prediction Using
SMOTE and Tomek Link Methods,” International Conference of Pioneering Computer Scientists, Engineers and Educators, 2018,
vol. 902, pp. 1-9, doi: 10.1007/978-981-13-2206-8_1.
[20] M. Nakamura, Y. Kajiwara, A. Otsuka, and H. Kimura, “LVQ-SMOTE - Learning Vector Quantization based Synthetic Minority
Over-sampling Technique for biomedical data,” BioData Mining, vol. 6, no. 16, 2013, doi: 10.1186/1756-0381-6-16.
[21] S. Hooda and S. Mann, “Distributed synthetic minority oversampling technique,” International Journal of Computational
Intelligence Systems, vol. 12, no. 2, pp. 929–936, 2019, doi: 10.2991/ijcis.d.190719.001.
[22] University of New Brunswick (UNB), DDoS Evaluation Dataset (CIC-DDoS2019), Canadian Institute for Cybersecurity, 2019.
[Online]. Available: https://www.unb.ca/cic/datasets/ddos-2019.html
[23] H. Xiong, G. Pandey, M. Steinbach, and V. Kumar, “Enhancing data analysis with noise removal,” in IEEE Transactions on
Knowledge and Data Engineering, vol. 18, no. 3, pp. 304-319, 2006, doi: 10.1109/TKDE.2006.46.
[24] M. Jupri and R. Sarno, “Data mining, fuzzy AHP and TOPSIS for optimizing taxpayer supervision,” Indonesian Journal of
Electrical Engineering and Computer Science (IJEECS), vol. 18, no. 1, pp. 75–87, 2020, doi: 10.11591/ijeecs.v18.i1.pp75-87.
[25] O. Thorat, N. Parekh, and R. Mangrulkar, “TaxoDaCML: Taxonomy based Divide and Conquer using machine learning approach
for DDoS attack classification,” International Journal of Information Management Data Insights, vol. 1, no. 2, 2021,
doi: 10.1016/j.jjimei.2021.100048.
[26] M. S. Rana, C. Gudla, and A. H. Sung, “Evaluating machine learning models for android malware detection: A comparison study,”
ICNCC ‘18: Proceedings of the 2018 VII International Conference on Network, Communication and Computing, 2018, pp. 17–21,
doi: 10.1145/3301326.3301390.
BIOGRAPHIES OF AUTHORS
Rahmad Gunawan graduated with a bachelor’s degree at Gunadarma University
with a major in Information Management, a master’s degree with Gunadarma University
majoring in Electrical Telecommunication. And now works as a lecturer at the Faculty of
Computer Science, University of Muhammadiyah Riau. With research interests in the field of
Machine learning algorithms and AI. He can be contacted at email: goengoen78@umri.ac.id.
Hadhrami Ab Ghani received his bachelor degree in electronics engineering
from Multimedia University Malaysia (MMU) in 2002. In 2004, he completed his masters
degree in Telecommunication Engineering at The University of Melbourne. He then pursued
his Ph.D. at Imperial College London in intelligent network systems and completed his Ph.D.
in 2011. He can be contacted at email: hadhrami.ag@umk.edu.my.
8. TELKOMNIKA Telecommun Comput El Control
Deep learning approach to DDoS attack with imbalanced data at the application layer (Rahmad Gunawan)
1067
Nurulaqilla Khamis received her bachelor degree in electrical and electronics
engineering from Universiti Tenaga Nasional in 2012. In 2015, she completed her masters
degree in Artificial Intelligence at Universiti Teknologi Malaysia. She then pursued her Ph.D
at Universiti Teknologi Malaysia in Artificial Intelligence and completed her Ph.D in 2020.
Her current research work focuses on Machine Learning, Deep Learning and Swarm
Intelligence Optimization. She can be contacted at email: nurulaqilla@utm.my.
Januar Al Amien completed education bachelor’s degree in the Informatics
Engineering Department, STMIK-AMIK Riau. And master’s degree in Master of Information
Technology at Putra Indonesia University Padang. Now working as a lecturer in the
Department of Computer Science, University Muhammadiyah of Riau. With research
interests in the field of Machine learning algorithms and AI. He can be contacted at email:
januaralamien@umri.ac.id.
Edi Ismanto completed education bachelor’s degree in the Informatics
Engineering Department, State Islamic University of Sultan Syarif Kasim Riau. And master’s
degree in Master of Computer Science at Putra Indonesia University Padang. Now working
as a lecturer in the Department of Informatics, University Muhammadiyah of Riau. With
research interests in the field of Machine learning algorithms and AI. He can be contacted at
email: edi.ismanto@umri.ac.id.