Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources available to a network, application or service so that authorize users cannot gain access or the network service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks. In the Network Forensic, a crime that occurs in the system network services can be sued in the court and the attackers will be punished in accordance with law. This research has the goal to develop a new approach to detect DDoS attacks based on network traffic activity were statistically analyzed using Naive Bayes method. Data were taken from the training and testing of network traffic in a core router in Master of Information Technology Research Laboratory University of Ahmad Dahlan Yogyakarta. The new approach in detecting DDoS attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS attacks.
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines DDoS attacks as attempts to make an online service unavailable by overwhelming it with traffic from multiple compromised sources. The document then covers the basics of DDoS attacks, common symptoms, how they work by exploiting vulnerabilities in systems to create botnets for launching attacks, and various methods like ICMP floods and SYN floods. It also discusses ways to handle DDoS attacks through defenses like firewalls, switches, and routers. The document concludes with preventative and reactive defense mechanisms to detect and respond to attacks.
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based ApproachIJLT EMAS
A Mobile ad hoc network (MANET) is self-organizing,
decentralized and infrastructure-less wireless network. The
successful transmission of the data packet depends on the
complete cooperation of each node in the network. These types of
network don’t have permanent base station, so each node in the
network acts as a router. Due to openness, decentralized, selforganizing
nature of MANET, it is vulnerable to various attacks.
So security is the main concern in MANET.
In this project, we have considered 2 attacks; Vampire
attack and DDoS attacks. Vampire attack drains the energy of
the nodes. DDoS attack exhausts the resources available to a
network, such that the node cannot provide any services. Here,
we discuss methods 2 methods as a solution to our problem; one
is to prevent the attack from happening and other to detect and
recover from the attacks.
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
The single largest threat your organization faces today is network breach. Spear-phishing, poisoned search results, drive-by downloads, and legitimate sites being compromised to push malware are all part of our current reality. The most successful and common attacks vectors stem from targeted attacks on your employees. Organizations need to utilize solutions that protect their network from user error and support requirements for continuous monitoring, real-time situational awareness and providing actionable threat intelligence for their security teams.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
Denial of Service attacks – Definitions, related surveys
Traceback of DDoS Attacks – Proposed method, advantages, future work
Detection methods with Shannon and Renyi cross entropy – Previous works, proposed method, dataset and results
The added value of entropy detection methods
References
Preventing Distributed Denial of Service Attacks in Cloud Environments IJITCA Journal
Distributed-Denial of Service (DDoS) is a key intimidation to network security. Network is a group of
nodes that interrelate with each other for switch over the information. This information is necessary for
that node is reserved confidentially. Attacker in the system may capture this private information and
distorted. So security is the major issue. There are several security attacks in network. One of the major
intimidations to internet examine is DDoS attack. It is a malevolent effort to suspending or suspends
services to destination node. DDoS or DoS is an effort to create network resource or the machine is busy to
its intentional user. Numerous thoughts are developed for avoid the DDoS or DoS. DDoS occur in two
different behaviors they may happen obviously or it may due to some attackers .Various schemes are
developed defense against to this attack. The Main focus of paper is present basis of DDoS attack, DDoS
attack types, and DDoS attack components, intrusion prevention system for DDoS.
This document discusses distributed denial of service (DDoS) attacks. It begins with an introduction that defines DDoS attacks as attempts to make an online service unavailable by overwhelming it with traffic from multiple compromised sources. The document then covers the basics of DDoS attacks, common symptoms, how they work by exploiting vulnerabilities in systems to create botnets for launching attacks, and various methods like ICMP floods and SYN floods. It also discusses ways to handle DDoS attacks through defenses like firewalls, switches, and routers. The document concludes with preventative and reactive defense mechanisms to detect and respond to attacks.
Mitigating Various Attacks in Mobile Ad-hoc Networks Using Trust Based ApproachIJLT EMAS
A Mobile ad hoc network (MANET) is self-organizing,
decentralized and infrastructure-less wireless network. The
successful transmission of the data packet depends on the
complete cooperation of each node in the network. These types of
network don’t have permanent base station, so each node in the
network acts as a router. Due to openness, decentralized, selforganizing
nature of MANET, it is vulnerable to various attacks.
So security is the main concern in MANET.
In this project, we have considered 2 attacks; Vampire
attack and DDoS attacks. Vampire attack drains the energy of
the nodes. DDoS attack exhausts the resources available to a
network, such that the node cannot provide any services. Here,
we discuss methods 2 methods as a solution to our problem; one
is to prevent the attack from happening and other to detect and
recover from the attacks.
White Paper :- Spear-phishing, watering hole and drive-by attacks :- The New ...Invincea, Inc.
The single largest threat your organization faces today is network breach. Spear-phishing, poisoned search results, drive-by downloads, and legitimate sites being compromised to push malware are all part of our current reality. The most successful and common attacks vectors stem from targeted attacks on your employees. Organizations need to utilize solutions that protect their network from user error and support requirements for continuous monitoring, real-time situational awareness and providing actionable threat intelligence for their security teams.
A ROBUST MECHANISM FOR DEFENDING DISTRIBUTED DENIAL OF SERVICE ATTACKS ON WEB...IJNSA Journal
Distributed Denial of Service (DDoS) attacks have emerged as a popular means of causing mass targeted service disruptions, often for extended periods of time. The relative ease and low costs of launching such attacks, supplemented by the current inadequate sate of any viable defense mechanism, have made them one of the top threats to the Internet community today. Since the increasing popularity of web-based applications has led to several critical services being provided over the Internet, it is imperative to monitor the network traffic so as to prevent malicious attackers from depleting the resources of the network and denying services to legitimate users. This paper first presents a brief discussion on some of the important types of DDoS attacks that currently exist and some existing mechanisms to combat these attacks. It then points out the major drawbacks of the currently existing defense mechanisms and proposes a new mechanism for protecting a web-server against a DDoS attack. In the proposed mechanism, incoming traffic to the server is continuously monitored and any abnormal rise in the inbound traffic is immediately detected. The detection algorithm is based on a statistical analysis of the inbound traffic on the server and a robust hypothesis testing framework. While the detection process is on, the sessions from the legitimate sources are not disrupted and the load on the server is restored to the normal level by blocking the traffic from the attacking sources. To cater to different scenarios, the detection algorithm has various modules with varying level of computational and memory overheads for
their execution. While the approximate modules are fast in detection and involve less overhead, they provide lower level of detection accuracy. The accurate modules employ complex detection logic and hence involve more overhead for their execution. However, they have very high detection accuracy. Simulations carried out on the proposed mechanism have produced results that demonstrate effectiveness of the proposed defense mechanism against DDoS attacks.
Implementation of user authentication as a service for cloud networkSalam Shah
There are so many security risks for the users of cloud computing, but still the organizations are switching towards the cloud. The cloud provides data protection and a huge amount of memory usage remotely or virtually. The organization has not adopted the cloud computing completely due to some security issues. The research in cloud computing has more focus on privacy and security in the new categorization attack surface. User authentication is the additional overhead for the companies besides the management of availability of cloud services. This paper is based on the proposed model to provide central authentication technique so that secured access of resources can be provided to users instead of adopting some unordered user authentication techniques. The model is also implemented as a prototype.
Denial of Service attacks – Definitions, related surveys
Traceback of DDoS Attacks – Proposed method, advantages, future work
Detection methods with Shannon and Renyi cross entropy – Previous works, proposed method, dataset and results
The added value of entropy detection methods
References
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
1. The document proposes a framework to improve web services security called Robust Encryption and Decryption (RED). RED includes a common set of encryption algorithms deployed in browsers and web servers.
2. The framework also defines a Standard Encryption Syntax (SES) to allow web applications to communicate with RED for encrypting and decrypting content. Developers can select algorithms from RED and reference them using SES tags.
3. The framework aims to provide stronger encryption than SSL/TLS but with less complexity, cost, and performance impact. It could help secure communication against various network attacks.
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
The development of Internet protocols are greatly
needed as the network security becomes one of the most
important issues. This brings the need to develop IPv4 into
IPv6 in order to proceed towards increasing the network
capacity.
Now Intruders are considered as one of the most serious
threats to the internet security. Data mining techniques have
been successfully utilized in many applications. Many
research projects have applied data mining techniques to
intrusion detection. Furthermore different types of data
mining algorithms are very much useful to intrusion detection
such as Classification, Link Analysis and Sequence Analysis.
Moreover, one of the major challenges in securing fast
networks is the online detection of suspicious anomalies in
network traffic pattern. Most of the current security solutions
failed to perform the security task in online mode because of
the time needed to capture the packets and making decision
about it.
Practically, this study provides alliterative survey for the
enhancement associated with IPv6 in terms of its security
related functions. It is worthy mentioned that this study is
concurred with the data mining approaches that have been
used to detect intrusions.
Detection of the botnets’ low-rate DDoS attacks based on self-similarity IJECEIAES
An article presents the approach for the botnets’ low-rate a DDoS-attacks detection based on the botnet’s behavior in the network. Detection process involves the analysis of the network traffic, generated by the botnets’ low-rate DDoS attack. Proposed technique is the part of botnets detection system–BotGRABBER system. The novelty of the paper is that the low-rate DDoS-attacks detection involves not only the network features, inherent to the botnets, but also network traffic self-similarity analysis, which is defined with the use of Hurst coefficient. Detection process consists of the knowledge formation based on the features that may indicate low-rate DDoS attack performed by a botnet; network monitoring, which analyzes information obtained from the network and making conclusion about possible DDoS attack in the network; and the appliance of the security scenario for the corporate area network’s infrastructure in the situation of low-rate attacks.
For more course tutorials visit
www.tutorialrank.com
SEC 572 Week 1 iLab Denial of Service Attacks
In this lab, you will discover and analyze one of two different real network attacks. This will give you insight into the motivation, vulnerabilities, threats, and countermeasures associated with your selected network attack.
This document proposes a methodology for forensic investigation of criminal activity on multitenant cloud web hosting platforms. It presents challenges of investigating crimes in such an environment due to lack of access to physical servers and scattered data across multiple virtual machines and data centers. The proposed architecture uses a MAC Address Derivation Algorithm (MADA) to trace the physical network location of criminals by identifying their IP and MAC addresses from DHCP and firewall logs. When illegal access is detected, the process generates an investigation report by applying MADA to obtain location details based on the user ID of the unauthorized access. This helps law enforcement agencies further investigate cybercrimes on multitenant cloud systems.
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
A System state in HTTP botnet uses HTTP protocol
for the creation of chain of Botnets thereby compromising
other systems. By using HTTP protocol and port number 80,
attacks can not only be hidden but also pass through the
firewall without being detected. The DPR based detection
leads to better analysis of botnet attacks [3]. However, it
provides only probabilistic detection of the attacker and also
time consuming and error prone. This paper proposes a Genetic
algorithm based layered approach for detecting as well as
preventing botnet attacks. The paper reviews p2p firewall
implementation which forms the basis of filtering.
Performance evaluation is done based on precision, F-value
and probability. Layered approach reduces the computation
and overall time requirement [7]. Genetic algorithm promises
a low false positive rate.
Improving Firewall Performance by Eliminating Redundancies In Access Control ...CSCJournals
A firewall is a network security device that works to protect an organization's internal network from both unauthorized and malicious users. It functions by examining all packets that enter any one of its incoming interfaces and comparing the structure of the packet against a set of predefined rules. Each rule specifies if a packet corresponding to the rule is to be permitted or denied. This set of rules is called an access control list (ACL) and it forms the basis of a firewall's policy. Incorrect configuration of the firewall can lead to redundant rules which cause performance degradation. We propose an algorithm to identify and eliminate redundant rules in an access control list during the configuration phase. The proposed work defines an access control list as a linked list data structure. A comparison of the proposed work and the conventional approach is also presented.
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...cscpconf
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently,
there are an increasing number of DDoS attacks against online services and Web applications.
These attacks are targeting the application level. Detecting application layer DDOS attack is
not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow
from the legitimate ones. This paper proposes a detection scheme based on the information
theory based metrics. The proposed scheme has two phases: Behaviour monitoring and
Detection. In the first phase, the Web user browsing behaviour (HTTP request rate, page
viewing time and sequence of the requested objects) is captured from the system log during nonattack
cases. Based on the observation, Entropy of requests per session and the trust score for
each user is calculated. In the detection phase, the suspicious requests are identified based on
the variation in entropy and a rate limiter is introduced to downgrade services to malicious
users. In addition, a scheduler is included to schedule the session based on the trust score of the
user and the system workload.
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET Journal
This document describes NetReconner, an intrusion detection system that uses regular expressions to detect network attacks. It works by capturing network packets using tcpdump and storing them in a file. A detection engine then compares each line of the captured packets to a set of regular expressions that represent known attacks. If a match is found, an alert is generated. The system also allows administrators to add new regular expressions to detect newly discovered attacks. It was developed to provide continuous monitoring of the network to identify malicious traffic in real-time.
This document discusses network session security and prevention mechanisms. It proposes using stochastic fingerprints instead of SSL to securely encrypt network traffic. This approach implements intrusion prevention at the server side and is more efficient than SSL. It also uses machine learning to further improve intrusion detection by analyzing prevention strategy parameters. Session keys play an important role in authentication and secure communication between clients and servers. The proposed method provides faster authentication using tickets and more security than other approaches like ticket granting servers.
Implementation of public key cryptography in kerberos with prevention 2IAEME Publication
This document summarizes a research paper that proposes implementing public key cryptography in Kerberos to prevent security attacks like replay attacks and password attacks. The paper describes how Kerberos currently uses symmetric key cryptography, which is vulnerable to such attacks. It then outlines a new method using both RSA and Diffie-Hellman public key algorithms. The proposed method has authentication and ticket granting servers maintain databases containing users' public keys and passwords. When a client authenticates, tickets are encrypted using the client's public key instead of a symmetric key. This integration of public key cryptography is designed to strengthen Kerberos authentication against replay and password attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
This document summarizes research on using various data mining classification techniques to handle false alerts in intrusion detection systems. The researchers tested many data mining procedures on the KDD Cup 99 dataset, including multilayer perceptron neural networks, rule-based models, support vector machines, naive Bayes, and association rule mining. The best accuracy was 92% for multilayer perceptrons, but rule-based models had the fastest training time at 4 seconds. The researchers concluded that different techniques should be used together to handle different types of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
This document proposes using a linear prediction model to detect a wide range of flooding distributed denial of service (DDoS) attacks. It models the entropy of incoming network traffic over time using a linear prediction technique commonly applied to financial time series. The model is tested on simulated network data containing normal traffic and introduced attacks of varying rates. Results show the linear prediction model can successfully detect attacks with low rates and delays by identifying anomalies in the modeled entropy time series compared to normal traffic patterns. This approach aims to provide a fast and effective method for detecting different types of flooding DDoS attacks.
The document discusses feature selection and classification methods for detecting denial-of-service (DoS) attacks in intrusion detection systems. It proposes using Random Forests for feature selection and k-Nearest Neighbors for classification on the KDD99 dataset. Experimental results show that the proposed approach of using Random Forests to select important features before classifying with k-Nearest Neighbors increases detection accuracy while decreasing false positives compared to other algorithms.
This document proposes and evaluates a hybrid intrusion detection system that uses Random Forests for feature selection and k-Nearest Neighbors for classification. It aims to detect Denial of Service (DoS) attacks, which are among the most common and threatening cyberattacks. The system is evaluated on the well-known KDD Cup 99 intrusion detection dataset. Experimental results show that the proposed approach of using Random Forests for feature selection followed by k-Nearest Neighbors classification increases the average detection rate and decreases the average false positive rate compared to other algorithms. This helps build an intrusion detection system that is both computationally efficient and effective at detecting known and unknown DoS attacks.
Constructing a predictive model for an intelligent network intrusion detectionAlebachew Chiche
This document presents a study that constructs a predictive model for network intrusion detection using data mining techniques. The study uses the KDD Cup 99 intrusion detection dataset to build classification models using J48 decision tree, JRip rule induction, Naive Bayes, and multilayer perceptron algorithms. The J48 decision tree algorithm achieved the highest accuracy of 99.91% and was selected to build the predictive model. This model was then integrated with a knowledge-based system to build an intelligent network intrusion detection system capable of automatically detecting network attacks, mapping detections to attack categories, and updating the training data over time. Experimental evaluation found the integrated system achieved 91.43% accuracy and 83% user acceptance in detecting network intrusions
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
Detection of ICMPv6-based DDoS attacks using anomaly based intrusion detectio...IJECEIAES
Security network systems have been an increasingly important discipline since the implementation of preliminary stages of Internet Protocol version 6 (IPv6) for exploiting by attackers. IPv6 has an improved protocol in terms of security as it brought new functionalities, procedures, i.e., Internet Control Message Protocol version 6 (ICMPv6). The ICMPv6 protocol is considered to be very important and represents the backbone of the IPv6, which is also responsible to send and receive messages in IPv6. However, IPv6 Inherited many attacks from the previous internet protocol version 4 (IPv4) such as distributed denial of service (DDoS) attacks. DDoS is a thorny problem on the internet, being one of the most prominent attacks affecting a network result in tremendous economic damage to individuals as well as organizations. In this paper, an exhaustive evaluation and analysis are conducted anomaly detection DDoS attacks against ICMPv6 messages, in addition, explained anomaly detection types to ICMPv6 DDoS flooding attacks in IPv6 networks. Proposed using feature selection technique based on bio-inspired algorithms for selecting an optimal solution which selects subset to have a positive impact of the detection accuracy ICMPv6 DDoS attack. The review outlines the features and protection constraints of IPv6 intrusion detection systems focusing mainly on DDoS attacks.
Study of flooding based d do s attacks and their effect using deter testbedeSAT Publishing House
IJRET : International Journal of Research in Engineering and Technology is an international peer reviewed, online journal published by eSAT Publishing House for the enhancement of research in various disciplines of Engineering and Technology. The aim and scope of the journal is to provide an academic medium and an important reference for the advancement and dissemination of research results that support high-level learning, teaching and research in the fields of Engineering and Technology. We bring together Scientists, Academician, Field Engineers, Scholars and Students of related fields of Engineering and Technology.
Welcome to International Journal of Engineering Research and Development (IJERD)IJERD Editor
1. The document proposes a framework to improve web services security called Robust Encryption and Decryption (RED). RED includes a common set of encryption algorithms deployed in browsers and web servers.
2. The framework also defines a Standard Encryption Syntax (SES) to allow web applications to communicate with RED for encrypting and decrypting content. Developers can select algorithms from RED and reference them using SES tags.
3. The framework aims to provide stronger encryption than SSL/TLS but with less complexity, cost, and performance impact. It could help secure communication against various network attacks.
Utilizing Data Mining Approches in the Detection of Intrusion in IPv6 Network...IDES Editor
The development of Internet protocols are greatly
needed as the network security becomes one of the most
important issues. This brings the need to develop IPv4 into
IPv6 in order to proceed towards increasing the network
capacity.
Now Intruders are considered as one of the most serious
threats to the internet security. Data mining techniques have
been successfully utilized in many applications. Many
research projects have applied data mining techniques to
intrusion detection. Furthermore different types of data
mining algorithms are very much useful to intrusion detection
such as Classification, Link Analysis and Sequence Analysis.
Moreover, one of the major challenges in securing fast
networks is the online detection of suspicious anomalies in
network traffic pattern. Most of the current security solutions
failed to perform the security task in online mode because of
the time needed to capture the packets and making decision
about it.
Practically, this study provides alliterative survey for the
enhancement associated with IPv6 in terms of its security
related functions. It is worthy mentioned that this study is
concurred with the data mining approaches that have been
used to detect intrusions.
Detection of the botnets’ low-rate DDoS attacks based on self-similarity IJECEIAES
An article presents the approach for the botnets’ low-rate a DDoS-attacks detection based on the botnet’s behavior in the network. Detection process involves the analysis of the network traffic, generated by the botnets’ low-rate DDoS attack. Proposed technique is the part of botnets detection system–BotGRABBER system. The novelty of the paper is that the low-rate DDoS-attacks detection involves not only the network features, inherent to the botnets, but also network traffic self-similarity analysis, which is defined with the use of Hurst coefficient. Detection process consists of the knowledge formation based on the features that may indicate low-rate DDoS attack performed by a botnet; network monitoring, which analyzes information obtained from the network and making conclusion about possible DDoS attack in the network; and the appliance of the security scenario for the corporate area network’s infrastructure in the situation of low-rate attacks.
For more course tutorials visit
www.tutorialrank.com
SEC 572 Week 1 iLab Denial of Service Attacks
In this lab, you will discover and analyze one of two different real network attacks. This will give you insight into the motivation, vulnerabilities, threats, and countermeasures associated with your selected network attack.
This document proposes a methodology for forensic investigation of criminal activity on multitenant cloud web hosting platforms. It presents challenges of investigating crimes in such an environment due to lack of access to physical servers and scattered data across multiple virtual machines and data centers. The proposed architecture uses a MAC Address Derivation Algorithm (MADA) to trace the physical network location of criminals by identifying their IP and MAC addresses from DHCP and firewall logs. When illegal access is detected, the process generates an investigation report by applying MADA to obtain location details based on the user ID of the unauthorized access. This helps law enforcement agencies further investigate cybercrimes on multitenant cloud systems.
Genetic Algorithm based Layered Detection and Defense of HTTP BotnetIDES Editor
A System state in HTTP botnet uses HTTP protocol
for the creation of chain of Botnets thereby compromising
other systems. By using HTTP protocol and port number 80,
attacks can not only be hidden but also pass through the
firewall without being detected. The DPR based detection
leads to better analysis of botnet attacks [3]. However, it
provides only probabilistic detection of the attacker and also
time consuming and error prone. This paper proposes a Genetic
algorithm based layered approach for detecting as well as
preventing botnet attacks. The paper reviews p2p firewall
implementation which forms the basis of filtering.
Performance evaluation is done based on precision, F-value
and probability. Layered approach reduces the computation
and overall time requirement [7]. Genetic algorithm promises
a low false positive rate.
Improving Firewall Performance by Eliminating Redundancies In Access Control ...CSCJournals
A firewall is a network security device that works to protect an organization's internal network from both unauthorized and malicious users. It functions by examining all packets that enter any one of its incoming interfaces and comparing the structure of the packet against a set of predefined rules. Each rule specifies if a packet corresponding to the rule is to be permitted or denied. This set of rules is called an access control list (ACL) and it forms the basis of a firewall's policy. Incorrect configuration of the firewall can lead to redundant rules which cause performance degradation. We propose an algorithm to identify and eliminate redundant rules in an access control list during the configuration phase. The proposed work defines an access control list as a linked list data structure. A comparison of the proposed work and the conventional approach is also presented.
DETECTION OF APPLICATION LAYER DDOS ATTACKS USING INFORMATION THEORY BASED ME...cscpconf
Distributed Denial-of-Service (DDoS) attacks are a critical threat to the Internet. Recently,
there are an increasing number of DDoS attacks against online services and Web applications.
These attacks are targeting the application level. Detecting application layer DDOS attack is
not an easy task. A more sophisticated mechanism is required to distinguish the malicious flow
from the legitimate ones. This paper proposes a detection scheme based on the information
theory based metrics. The proposed scheme has two phases: Behaviour monitoring and
Detection. In the first phase, the Web user browsing behaviour (HTTP request rate, page
viewing time and sequence of the requested objects) is captured from the system log during nonattack
cases. Based on the observation, Entropy of requests per session and the trust score for
each user is calculated. In the detection phase, the suspicious requests are identified based on
the variation in entropy and a rate limiter is introduced to downgrade services to malicious
users. In addition, a scheduler is included to schedule the session based on the trust score of the
user and the system workload.
Review Paper on Predicting Network Attack Patterns in SDN using MLijtsrd
Software Defined Networking SDN provides several advantages like manageability, scaling, and improved performance. SDN has some security problems, especially if its controller is defense less over Distributed Denial of Service attacks. The mechanism and communication extent of the SDN controller is overloaded when DDoS attacks are performed against the SDN controller. So, as results of the useless flow built by the controller for the attack packets, the extent of the switch flow table becomes full, leading the network performance to decline to a critical threshold. The challenge lies in defining the set of rules on the SDN controller to dam malicious network connections. Historical network attack data are often wont to automatically identify and block the malicious connections. In this review paper, we are going to propose using ML algorithms, tested on collected network attack data, to get the potential malicious connections and potential attack destinations. We use four machine learning algorithms C4.5, Bayesian Network BayesNet , multidimensional language DT , and Naive Bayes to predict the host which will be attacked to support the historical data. DDoS attacks in Software Defined Network were detected by using ML based models. Some key features were obtained from SDN for the dataset in normal conditions and under DDoS attack traffic. Dr. C. Umarani | Gopalshree Kushwaha "Review Paper on Predicting Network Attack Patterns in SDN using ML" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-4 | Issue-6 , October 2020, URL: https://www.ijtsrd.com/papers/ijtsrd35732.pdf Paper Url: https://www.ijtsrd.com/computer-science/computer-network/35732/review-paper-on-predicting-network-attack-patterns-in-sdn-using-ml/dr-c-umarani
IRJET- Netreconner: An Innovative Method to Intrusion Detection using Regular...IRJET Journal
This document describes NetReconner, an intrusion detection system that uses regular expressions to detect network attacks. It works by capturing network packets using tcpdump and storing them in a file. A detection engine then compares each line of the captured packets to a set of regular expressions that represent known attacks. If a match is found, an alert is generated. The system also allows administrators to add new regular expressions to detect newly discovered attacks. It was developed to provide continuous monitoring of the network to identify malicious traffic in real-time.
This document discusses network session security and prevention mechanisms. It proposes using stochastic fingerprints instead of SSL to securely encrypt network traffic. This approach implements intrusion prevention at the server side and is more efficient than SSL. It also uses machine learning to further improve intrusion detection by analyzing prevention strategy parameters. Session keys play an important role in authentication and secure communication between clients and servers. The proposed method provides faster authentication using tickets and more security than other approaches like ticket granting servers.
Implementation of public key cryptography in kerberos with prevention 2IAEME Publication
This document summarizes a research paper that proposes implementing public key cryptography in Kerberos to prevent security attacks like replay attacks and password attacks. The paper describes how Kerberos currently uses symmetric key cryptography, which is vulnerable to such attacks. It then outlines a new method using both RSA and Diffie-Hellman public key algorithms. The proposed method has authentication and ticket granting servers maintain databases containing users' public keys and passwords. When a client authenticates, tickets are encrypted using the client's public key instead of a symmetric key. This integration of public key cryptography is designed to strengthen Kerberos authentication against replay and password attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
This document summarizes research on using various data mining classification techniques to handle false alerts in intrusion detection systems. The researchers tested many data mining procedures on the KDD Cup 99 dataset, including multilayer perceptron neural networks, rule-based models, support vector machines, naive Bayes, and association rule mining. The best accuracy was 92% for multilayer perceptrons, but rule-based models had the fastest training time at 4 seconds. The researchers concluded that different techniques should be used together to handle different types of network attacks.
CLASSIFICATION PROCEDURES FOR INTRUSION DETECTION BASED ON KDD CUP 99 DATA SETIJNSA Journal
In network security framework, intrusion detection is one of a benchmark part and is a fundamental way to protect PC from many threads. The huge issue in intrusion detection is presented as a huge number of false alerts; this issue motivates several experts to discover the solution for minifying false alerts according to data mining that is a consideration as analysis procedure utilized in a large data e.g. KDD CUP 99. This paper presented various data mining classification for handling false alerts in intrusion detection as reviewed. According to the result of testing many procedure of data mining on KDD CUP 99 that is no individual procedure can reveal all attack class, with high accuracy and without false alerts. The best accuracy in Multilayer Perceptron is 92%; however, the best Training Time in Rule based model is 4 seconds . It is concluded that ,various procedures should be utilized to handle several of network attacks.
This document proposes using a linear prediction model to detect a wide range of flooding distributed denial of service (DDoS) attacks. It models the entropy of incoming network traffic over time using a linear prediction technique commonly applied to financial time series. The model is tested on simulated network data containing normal traffic and introduced attacks of varying rates. Results show the linear prediction model can successfully detect attacks with low rates and delays by identifying anomalies in the modeled entropy time series compared to normal traffic patterns. This approach aims to provide a fast and effective method for detecting different types of flooding DDoS attacks.
The document discusses feature selection and classification methods for detecting denial-of-service (DoS) attacks in intrusion detection systems. It proposes using Random Forests for feature selection and k-Nearest Neighbors for classification on the KDD99 dataset. Experimental results show that the proposed approach of using Random Forests to select important features before classifying with k-Nearest Neighbors increases detection accuracy while decreasing false positives compared to other algorithms.
This document proposes and evaluates a hybrid intrusion detection system that uses Random Forests for feature selection and k-Nearest Neighbors for classification. It aims to detect Denial of Service (DoS) attacks, which are among the most common and threatening cyberattacks. The system is evaluated on the well-known KDD Cup 99 intrusion detection dataset. Experimental results show that the proposed approach of using Random Forests for feature selection followed by k-Nearest Neighbors classification increases the average detection rate and decreases the average false positive rate compared to other algorithms. This helps build an intrusion detection system that is both computationally efficient and effective at detecting known and unknown DoS attacks.
Constructing a predictive model for an intelligent network intrusion detectionAlebachew Chiche
This document presents a study that constructs a predictive model for network intrusion detection using data mining techniques. The study uses the KDD Cup 99 intrusion detection dataset to build classification models using J48 decision tree, JRip rule induction, Naive Bayes, and multilayer perceptron algorithms. The J48 decision tree algorithm achieved the highest accuracy of 99.91% and was selected to build the predictive model. This model was then integrated with a knowledge-based system to build an intelligent network intrusion detection system capable of automatically detecting network attacks, mapping detections to attack categories, and updating the training data over time. Experimental evaluation found the integrated system achieved 91.43% accuracy and 83% user acceptance in detecting network intrusions
IRJET- Review on Network Intrusion Detection using Recurrent Neural Network A...IRJET Journal
This document presents a review of using recurrent neural networks for network intrusion detection. It begins with an introduction to intrusion detection systems and the types of attacks they aim to detect. It then discusses previous research on machine learning approaches for intrusion detection, including the use of autoencoders, support vector machines, and other classifiers. The proposed approach uses a recurrent neural network for feature selection and classification of network data. The framework involves data collection, preprocessing including feature selection, training the recurrent neural network classifier, and then using the trained model to detect attacks in new data. Experimental results on benchmark intrusion detection datasets are presented and compared to other machine learning methods.
International Journal of Engineering Research and Applications (IJERA) is an open access online peer reviewed international journal that publishes research and review articles in the fields of Computer Science, Neural Networks, Electrical Engineering, Software Engineering, Information Technology, Mechanical Engineering, Chemical Engineering, Plastic Engineering, Food Technology, Textile Engineering, Nano Technology & science, Power Electronics, Electronics & Communication Engineering, Computational mathematics, Image processing, Civil Engineering, Structural Engineering, Environmental Engineering, VLSI Testing & Low Power VLSI Design etc.
This document presents a proposed hybrid intrusion detection system that combines k-means clustering, k-nearest neighbor classification, and decision table majority rule-based approaches. The system is evaluated on the KDD-99 dataset to detect intrusions and classify them into four categories: R2L, DoS, Probe, and U2R. The goal is to decrease the false alarm rate and increase accuracy and detection rate compared to existing intrusion detection systems. The proposed system applies k-means clustering first, then k-nearest neighbor classification, and finally decision table majority rules. Results show the proposed hybrid approach improves performance metrics compared to existing techniques.
RTL-DL: A HYBRID DEEP LEARNING FRAMEWORK FOR DDOS ATTACK DETECTION IN A BIG D...IJCNCJournal
The document presents a new framework called RTL-DL for detecting DDoS attacks using a hybrid deep learning approach. It aims to address issues with existing datasets like class imbalance and irrelevant features. The proposed model uses random oversampling and TomekLinks under-sampling (RTL) to handle class imbalance in the CICIDS2017 dataset. It also uses an information gain feature selection technique to select important features. The model achieves high performance metrics in detecting DDoS attacks compared to other approaches. It is more computationally efficient due to reduced processing time from using the RTL algorithm. The framework makes an important contribution to addressing DDoS detection challenges in big data environments.
RTL-DL: A Hybrid Deep Learning Framework for DDoS Attack Detection in a Big D...IJCNCJournal
A distributed denial of service (DDoS) attack is one of the most common cyber threats to the Internet of Things (IoT). Several deep learning (DL) techniques have been utilized in intrusion detection systems to prevent DDoS attacks. However, their performance is greatly affected by a large class mbalance nature of the training datasets as well as the presence of redundant and irrelevant features in them. This study proposes RTL-DL, a new framework for an effective intrusion detection model based on the random oversampling technique and the Tomek-Links sampling technique (RTL), to minimize the effects of data imbalance in the CICIDS2017 dataset used to evaluate the proposed model. This study achieved 98.3% accuracy, 98.8% precision, 98.3% recall, 97.8% f-score, and 4.6% hamming loss. In comparison to current approaches, the uggested model has demonstrated romising results in identifying network threats in imbalanced data sets.
Evaluation of network intrusion detection using markov chainIJCI JOURNAL
Day today life internet threat has been increased significantly. There is a need to develop model in order to
maintain security of system. The most effective techniques are Intrusion Detection System (IDS).The
purpose of intrusion system through the security devices detect and deal with it. In this paper, a
mathematical approach is used effectively to predict and detect intrusion in the network. Here we discuss
about two algorithms ‘K-Means + Apriori’, a method which classify normal and abnormal activities in
computer network. In K-Means process, it partitions the training set into K-clusters using Euclidean
distance and introduce an outlier factor, then it build Apriori Algorithm to prune the data by removing
infrequent data in the database. Based on defined state the degree of incoming data is evaluated through
the experiment using sample DARPA2000 dataset, and achieves high detection performance in level of
attack in stages.
Machine Learning Techniques Used for the Detection and Analysis of Modern Typ...IRJET Journal
This document summarizes research on using machine learning techniques to detect distributed denial-of-service (DDoS) attacks. It discusses how DDoS attacks have become more sophisticated over time. The document examines using naïve Bayes, multilayer perceptron, and other machine learning classifiers on a new dataset containing modern DDoS attack types like HTTP floods and SQL injection DDoS. According to the experimental results, multilayer perceptron achieved the highest accuracy for detecting these modern DDoS attacks.
DDoS Attack Detection and Botnet Prevention using Machine LearningIRJET Journal
This document discusses using machine learning to detect distributed denial of service (DDoS) attacks and prevent botnets. It proposes using classifiers like logistic regression, support vector machines, K-nearest neighbors, decision trees, and AdaBoost to detect DDoS attacks based on the NSL KDD dataset, achieving accuracies from 82.28% to 90.4%. It also plans to add botnet prevention features to reduce the creation of botnets and the intensity of future DDoS attacks, which could help individual users. The document reviews several related works applying machine learning for DDoS detection and phishing URL classification.
Machine learning-based intrusion detection system for detecting web attacksIAESIJAI
The increasing use of smart devices results in a huge amount of data, which raises concerns about personal data, including health data and financial data. This data circulates on the network and can encounter network traffic at any time. This traffic can either be normal traffic or an intrusion created by hackers with the aim of injecting abnormal traffic into the network. Firewalls and traditional intrusion detection systems detect attacks based on signature patterns. However, this is not sufficient to detect advanced or unknown attacks. To detect different types of unknown attacks, the use of intelligent techniques is essential. In this paper, we analyse some machine learning techniques proposed in recent years. In this study, several classifications were made to detect anomalous behaviour in network traffic. The models were built and evaluated based on the Canadian Institute for Cybersecurity-intrusion detection systems dataset released in 2017 (CIC-IDS-2017), which includes both current and historical attacks. The experiments were conducted using decision tree, random forest, logistic regression, gaussian naïve bayes, adaptive boosting, and their ensemble approach. The models were evaluated using various evaluation metrics such as accuracy, precision, recall, F1-score, false positive rate, receiver operating characteristic curve, and calibration curve.
Trust Metric-Based Anomaly Detection Via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
Trust Metric-Based Anomaly Detection via Deep Deterministic Policy Gradient R...IJCNCJournal
Addressing real-time network security issues is paramount due to the rapidly expanding IoT jargon. The erratic rise in usage of inadequately secured IoT- based sensory devices like wearables of mobile users, autonomous vehicles, smartphones and appliances by a larger user community is fuelling the need for a trustable, super-performant security framework. An efficient anomaly detection system would aim to address the anomaly detection problem by devising a competent attack detection model. This paper delves into the Deep Deterministic Policy Gradient (DDPG) approach, a promising Reinforcement Learning platform to combat noisy sensor samples which are instigated by alarming network attacks. The authors propose an enhanced DDPG approach based on trust metrics and belief networks, referred to as Deep Deterministic Policy Gradient Belief Network (DDPG-BN). This deep-learning-based approach is projected as an algorithm to provide “Deep-Defense” to the plethora of network attacks. Confidence interval is chosen as the trust metric to decide on the termination of sensor sample collection. Once an enlisted attack is detected, the collection of samples from the particular sensor will automatically cease. The evaluations and results of the experiments highlight a better detection accuracy of 98.37% compared to its counterpart conventional DDPG implementation of 97.46%. The paper also covers the work based on a contemporary Deep Reinforcement Learning (DRL) algorithm, the Actor Critic (AC). The proposed deep learning binary classification model is validated using the NSL-KDD dataset and the performance is compared to a few deep learning implementations as well.
This document evaluates the performance of three machine learning algorithms - Naive Bayes, Random Forest, and Stochastic Gradient Boosting - for detecting DDoS attacks. The algorithms were tested on a dataset from the Canadian Institute for Cybersecurity containing normal and attack network traffic. Stochastic Gradient Boosting achieved 100% accuracy, precision, recall and F1 score, outperforming the other algorithms. However, it had the longest execution time of 5.87 seconds compared to 1.55 seconds for Random Forest and 0.037 seconds for Naive Bayes. In conclusion, Stochastic Gradient Boosting was the most accurate for classifying DDoS attacks, but took significantly longer to run than the other models.
An intrusion detection system for packet and flow based networks using deep n...IJECEIAES
Study on deep neural networks and big data is merging now by several aspects to enhance the capabilities of intrusion detection system (IDS). Many IDS models has been introduced to provide security over big data. This study focuses on the intrusion detection in computer networks using big datasets. The advent of big data has agitated the comprehensive assistance in cyber security by forwarding a brunch of affluent algorithms to classify and analysis patterns and making a better prediction more efficiently. In this study, to detect intrusion a detection model has been propounded applying deep neural networks. We applied the suggested model on the latest dataset available at online, formatted with packet based, flow based data and some additional metadata. The dataset is labeled and imbalanced with 79 attributes and some classes having much less training samples compared to other classes. The proposed model is build using Keras and Google Tensorflow deep learning environment. Experimental result shows that intrusions are detected with the accuracy over 99% for both binary and multiclass classification with selected best features. Receiver operating characteristics (ROC) and precision-recall curve average score is also 1. The outcome implies that Deep Neural Networks offers a novel research model with great accuracy for intrusion detection model, better than some models presented in the literature.
A new proactive feature selection model based on the enhanced optimization a...IJECEIAES
This document presents a new proactive feature selection (PFS) model to detect distributed reflection denial of service (DRDoS) attacks using an optimized feature selection approach. The PFS model uses swarm optimization and evolutionary algorithms like particle swarm optimization, bat algorithm, and differential evolution to select optimal features. It then evaluates selected features using machine learning classifiers like k-nearest neighbors, support vector machine, and random forest. The model was tested on the CICDDoS2019 dataset and achieved a high DRDoS detection accuracy of 89.59% while reducing the number of features. Evaluation metrics like accuracy, precision, recall and F1-score were also improved compared to previous models. The PFS model provides an effective approach
Similar to Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics (20)
Square transposition: an approach to the transposition process in block cipherjournalBEEI
The transposition process is needed in cryptography to create a diffusion effect on data encryption standard (DES) and advanced encryption standard (AES) algorithms as standard information security algorithms by the National Institute of Standards and Technology. The problem with DES and AES algorithms is that their transposition index values form patterns and do not form random values. This condition will certainly make it easier for a cryptanalyst to look for a relationship between ciphertexts because some processes are predictable. This research designs a transposition algorithm called square transposition. Each process uses square 8 × 8 as a place to insert and retrieve 64-bits. The determination of the pairing of the input scheme and the retrieval scheme that have unequal flow is an important factor in producing a good transposition. The square transposition can generate random and non-pattern indices so that transposition can be done better than DES and AES.
Hyper-parameter optimization of convolutional neural network based on particl...journalBEEI
The document proposes using a particle swarm optimization (PSO) algorithm to optimize the hyperparameters of a convolutional neural network (CNN) for image classification. The PSO algorithm is used to find optimal values for CNN hyperparameters like the number and size of convolutional filters. In experiments on the MNIST handwritten digit dataset, the optimized CNN achieved a testing error rate of 0.87%, which is competitive with state-of-the-art models. The proposed approach finds optimized CNN architectures automatically without requiring manual design or encoding strategies during training.
Supervised machine learning based liver disease prediction approach with LASS...journalBEEI
In this contemporary era, the uses of machine learning techniques are increasing rapidly in the field of medical science for detecting various diseases such as liver disease (LD). Around the globe, a large number of people die because of this deadly disease. By diagnosing the disease in a primary stage, early treatment can be helpful to cure the patient. In this research paper, a method is proposed to diagnose the LD using supervised machine learning classification algorithms, namely logistic regression, decision tree, random forest, AdaBoost, KNN, linear discriminant analysis, gradient boosting and support vector machine (SVM). We also deployed a least absolute shrinkage and selection operator (LASSO) feature selection technique on our taken dataset to suggest the most highly correlated attributes of LD. The predictions with 10 fold cross-validation (CV) made by the algorithms are tested in terms of accuracy, sensitivity, precision and f1-score values to forecast the disease. It is observed that the decision tree algorithm has the best performance score where accuracy, precision, sensitivity and f1-score values are 94.295%, 92%, 99% and 96% respectively with the inclusion of LASSO. Furthermore, a comparison with recent studies is shown to prove the significance of the proposed system.
A secure and energy saving protocol for wireless sensor networksjournalBEEI
The research domain for wireless sensor networks (WSN) has been extensively conducted due to innovative technologies and research directions that have come up addressing the usability of WSN under various schemes. This domain permits dependable tracking of a diversity of environments for both military and civil applications. The key management mechanism is a primary protocol for keeping the privacy and confidentiality of the data transmitted among different sensor nodes in WSNs. Since node's size is small; they are intrinsically limited by inadequate resources such as battery life-time and memory capacity. The proposed secure and energy saving protocol (SESP) for wireless sensor networks) has a significant impact on the overall network life-time and energy dissipation. To encrypt sent messsages, the SESP uses the public-key cryptography’s concept. It depends on sensor nodes' identities (IDs) to prevent the messages repeated; making security goals- authentication, confidentiality, integrity, availability, and freshness to be achieved. Finally, simulation results show that the proposed approach produced better energy consumption and network life-time compared to LEACH protocol; sensors are dead after 900 rounds in the proposed SESP protocol. While, in the low-energy adaptive clustering hierarchy (LEACH) scheme, the sensors are dead after 750 rounds.
Plant leaf identification system using convolutional neural networkjournalBEEI
This paper proposes a leaf identification system using convolutional neural network (CNN). This proposed system can identify five types of local Malaysia leaf which were acacia, papaya, cherry, mango and rambutan. By using CNN from deep learning, the network is trained from the database that acquired from leaf images captured by mobile phone for image classification. ResNet-50 was the architecture has been used for neural networks image classification and training the network for leaf identification. The recognition of photographs leaves requested several numbers of steps, starting with image pre-processing, feature extraction, plant identification, matching and testing, and finally extracting the results achieved in MATLAB. Testing sets of the system consists of 3 types of images which were white background, and noise added and random background images. Finally, interfaces for the leaf identification system have developed as the end software product using MATLAB app designer. As a result, the accuracy achieved for each training sets on five leaf classes are recorded above 98%, thus recognition process was successfully implemented.
Customized moodle-based learning management system for socially disadvantaged...journalBEEI
This study aims to develop Moodle-based LMS with customized learning content and modified user interface to facilitate pedagogical processes during covid-19 pandemic and investigate how teachers of socially disadvantaged schools perceived usability and technology acceptance. Co-design process was conducted with two activities: 1) need assessment phase using an online survey and interview session with the teachers and 2) the development phase of the LMS. The system was evaluated by 30 teachers from socially disadvantaged schools for relevance to their distance learning activities. We employed computer software usability questionnaire (CSUQ) to measure perceived usability and the technology acceptance model (TAM) with insertion of 3 original variables (i.e., perceived usefulness, perceived ease of use, and intention to use) and 5 external variables (i.e., attitude toward the system, perceived interaction, self-efficacy, user interface design, and course design). The average CSUQ rating exceeded 5.0 of 7 point-scale, indicated that teachers agreed that the information quality, interaction quality, and user interface quality were clear and easy to understand. TAM results concluded that the LMS design was judged to be usable, interactive, and well-developed. Teachers reported an effective user interface that allows effective teaching operations and lead to the system adoption in immediate time.
Understanding the role of individual learner in adaptive and personalized e-l...journalBEEI
Dynamic learning environment has emerged as a powerful platform in a modern e-learning system. The learning situation that constantly changing has forced the learning platform to adapt and personalize its learning resources for students. Evidence suggested that adaptation and personalization of e-learning systems (APLS) can be achieved by utilizing learner modeling, domain modeling, and instructional modeling. In the literature of APLS, questions have been raised about the role of individual characteristics that are relevant for adaptation. With several options, a new problem has been raised where the attributes of students in APLS often overlap and are not related between studies. Therefore, this study proposed a list of learner model attributes in dynamic learning to support adaptation and personalization. The study was conducted by exploring concepts from the literature selected based on the best criteria. Then, we described the results of important concepts in student modeling and provided definitions and examples of data values that researchers have used. Besides, we also discussed the implementation of the selected learner model in providing adaptation in dynamic learning.
Prototype mobile contactless transaction system in traditional markets to sup...journalBEEI
1) Researchers developed a prototype contactless transaction system using QR codes and digital payments to support physical distancing during the COVID-19 pandemic in traditional markets.
2) The system allows sellers and buyers in traditional markets to conduct fast, secure transactions via smartphones without direct cash exchange. Buyers scan sellers' QR codes to view product details and make e-wallet payments.
3) Testing showed the system's functions worked properly and users found it easy to use and useful for supporting contactless transactions and digital transformation of traditional markets. However, further development is needed to increase trust in digital payments for users unfamiliar with the technology.
Wireless HART stack using multiprocessor technique with laxity algorithmjournalBEEI
The use of a real-time operating system is required for the demarcation of industrial wireless sensor network (IWSN) stacks (RTOS). In the industrial world, a vast number of sensors are utilised to gather various types of data. The data gathered by the sensors cannot be prioritised ahead of time. Because all of the information is equally essential. As a result, a protocol stack is employed to guarantee that data is acquired and processed fairly. In IWSN, the protocol stack is implemented using RTOS. The data collected from IWSN sensor nodes is processed using non-preemptive scheduling and the protocol stack, and then sent in parallel to the IWSN's central controller. The real-time operating system (RTOS) is a process that occurs between hardware and software. Packets must be sent at a certain time. It's possible that some packets may collide during transmission. We're going to undertake this project to get around this collision. As a prototype, this project is divided into two parts. The first uses RTOS and the LPC2148 as a master node, while the second serves as a standard data collection node to which sensors are attached. Any controller may be used in the second part, depending on the situation. Wireless HART allows two nodes to communicate with each other.
Implementation of double-layer loaded on octagon microstrip yagi antennajournalBEEI
This document describes the implementation of a double-layer structure on an octagon microstrip yagi antenna (OMYA) to improve its performance at 5.8 GHz. The double-layer consists of two double positive (DPS) substrates placed above the OMYA. Simulation and experimental results show that the double-layer configuration increases the gain of the OMYA by 2.5 dB compared to without the double-layer. The measured bandwidth of the OMYA with double-layer is 14.6%, indicating the double-layer can increase both the gain and bandwidth of the OMYA.
The calculation of the field of an antenna located near the human headjournalBEEI
In this work, a numerical calculation was carried out in one of the universal programs for automatic electro-dynamic design. The calculation is aimed at obtaining numerical values for specific absorbed power (SAR). It is the SAR value that can be used to determine the effect of the antenna of a wireless device on biological objects; the dipole parameters will be selected for GSM1800. Investigation of the influence of distance to a cell phone on radiation shows that absorbed in the head of a person the effect of electromagnetic radiation on the brain decreases by three times this is a very important result the SAR value has decreased by almost three times it is acceptable results.
Exact secure outage probability performance of uplinkdownlink multiple access...journalBEEI
In this paper, we study uplink-downlink non-orthogonal multiple access (NOMA) systems by considering the secure performance at the physical layer. In the considered system model, the base station acts a relay to allow two users at the left side communicate with two users at the right side. By considering imperfect channel state information (CSI), the secure performance need be studied since an eavesdropper wants to overhear signals processed at the downlink. To provide secure performance metric, we derive exact expressions of secrecy outage probability (SOP) and and evaluating the impacts of main parameters on SOP metric. The important finding is that we can achieve the higher secrecy performance at high signal to noise ratio (SNR). Moreover, the numerical results demonstrate that the SOP tends to a constant at high SNR. Finally, our results show that the power allocation factors, target rates are main factors affecting to the secrecy performance of considered uplink-downlink NOMA systems.
Design of a dual-band antenna for energy harvesting applicationjournalBEEI
This report presents an investigation on how to improve the current dual-band antenna to enhance the better result of the antenna parameters for energy harvesting application. Besides that, to develop a new design and validate the antenna frequencies that will operate at 2.4 GHz and 5.4 GHz. At 5.4 GHz, more data can be transmitted compare to 2.4 GHz. However, 2.4 GHz has long distance of radiation, so it can be used when far away from the antenna module compare to 5 GHz that has short distance in radiation. The development of this project includes the scope of designing and testing of antenna using computer simulation technology (CST) 2018 software and vector network analyzer (VNA) equipment. In the process of designing, fundamental parameters of antenna are being measured and validated, in purpose to identify the better antenna performance.
Transforming data-centric eXtensible markup language into relational database...journalBEEI
eXtensible markup language (XML) appeared internationally as the format for data representation over the web. Yet, most organizations are still utilising relational databases as their database solutions. As such, it is crucial to provide seamless integration via effective transformation between these database infrastructures. In this paper, we propose XML-REG to bridge these two technologies based on node-based and path-based approaches. The node-based approach is good to annotate each positional node uniquely, while the path-based approach provides summarised path information to join the nodes. On top of that, a new range labelling is also proposed to annotate nodes uniquely by ensuring the structural relationships are maintained between nodes. If a new node is to be added to the document, re-labelling is not required as the new label will be assigned to the node via the new proposed labelling scheme. Experimental evaluations indicated that the performance of XML-REG exceeded XMap, XRecursive, XAncestor and Mini-XML concerning storing time, query retrieval time and scalability. This research produces a core framework for XML to relational databases (RDB) mapping, which could be adopted in various industries.
Key performance requirement of future next wireless networks (6G)journalBEEI
The document provides an overview of the key performance indicators (KPIs) for 6G wireless networks compared to 5G networks. Some of the major KPIs discussed for 6G include: achieving data rates of up to 1 Tbps and individual user data rates up to 100 Gbps; reducing latency below 10 milliseconds; supporting up to 10 million connected devices per square kilometer; improving spectral efficiency by up to 100 times through technologies like terahertz communications and smart surfaces; and achieving an energy efficiency of 1 pico-joule per bit transmitted through techniques like wireless power transmission and energy harvesting. The document outlines how 6G aims to integrate terrestrial, aerial and maritime communications into a single network to provide ubiquitous connectivity with higher
Noise resistance territorial intensity-based optical flow using inverse confi...journalBEEI
This paper presents the use of the inverse confidential technique on bilateral function with the territorial intensity-based optical flow to prove the effectiveness in noise resistance environment. In general, the image’s motion vector is coded by the technique called optical flow where the sequences of the image are used to determine the motion vector. But, the accuracy rate of the motion vector is reduced when the source of image sequences is interfered by noises. This work proved that the inverse confidential technique on bilateral function can increase the percentage of accuracy in the motion vector determination by the territorial intensity-based optical flow under the noisy environment. We performed the testing with several kinds of non-Gaussian noises at several patterns of standard image sequences by analyzing the result of the motion vector in a form of the error vector magnitude (EVM) and compared it with several noise resistance techniques in territorial intensity-based optical flow method.
Modeling climate phenomenon with software grids analysis and display system i...journalBEEI
This study aims to model climate change based on rainfall, air temperature, pressure, humidity and wind with grADS software and create a global warming module. This research uses 3D model, define, design, and develop. The results of the modeling of the five climate elements consist of the annual average temperature in Indonesia in 2009-2015 which is between 29oC to 30.1oC, the horizontal distribution of the annual average pressure in Indonesia in 2009-2018 is between 800 mBar to 1000 mBar, the horizontal distribution the average annual humidity in Indonesia in 2009 and 2011 ranged between 27-57, in 2012-2015, 2017 and 2018 it ranged between 30-60, during the East Monsoon, the wind circulation moved from northern Indonesia to the southern region Indonesia. During the west monsoon, the wind circulation moves from the southern part of Indonesia to the northern part of Indonesia. The global warming module for SMA/MA produced is feasible to use, this is in accordance with the value given by the validate of 69 which is in the appropriate category and the response of teachers and students through a 91% questionnaire.
An approach of re-organizing input dataset to enhance the quality of emotion ...journalBEEI
The purpose of this paper is to propose an approach of re-organizing input data to recognize emotion based on short signal segments and increase the quality of emotional recognition using physiological signals. MIT's long physiological signal set was divided into two new datasets, with shorter and overlapped segments. Three different classification methods (support vector machine, random forest, and multilayer perceptron) were implemented to identify eight emotional states based on statistical features of each segment in these two datasets. By re-organizing the input dataset, the quality of recognition results was enhanced. The random forest shows the best classification result among three implemented classification methods, with an accuracy of 97.72% for eight emotional states, on the overlapped dataset. This approach shows that, by re-organizing the input dataset, the high accuracy of recognition results can be achieved without the use of EEG and ECG signals.
Parking detection system using background subtraction and HSV color segmentationjournalBEEI
Manual system vehicle parking makes finding vacant parking lots difficult, so it has to check directly to the vacant space. If many people do parking, then the time needed for it is very much or requires many people to handle it. This research develops a real-time parking system to detect parking. The system is designed using the HSV color segmentation method in determining the background image. In addition, the detection process uses the background subtraction method. Applying these two methods requires image preprocessing using several methods such as grayscaling, blurring (low-pass filter). In addition, it is followed by a thresholding and filtering process to get the best image in the detection process. In the process, there is a determination of the ROI to determine the focus area of the object identified as empty parking. The parking detection process produces the best average accuracy of 95.76%. The minimum threshold value of 255 pixels is 0.4. This value is the best value from 33 test data in several criteria, such as the time of capture, composition and color of the vehicle, the shape of the shadow of the object’s environment, and the intensity of light. This parking detection system can be implemented in real-time to determine the position of an empty place.
Quality of service performances of video and voice transmission in universal ...journalBEEI
The universal mobile telecommunications system (UMTS) has distinct benefits in that it supports a wide range of quality of service (QoS) criteria that users require in order to fulfill their requirements. The transmission of video and audio in real-time applications places a high demand on the cellular network, therefore QoS is a major problem in these applications. The ability to provide QoS in the UMTS backbone network necessitates an active QoS mechanism in order to maintain the necessary level of convenience on UMTS networks. For UMTS networks, investigation models for end-to-end QoS, total transmitted and received data, packet loss, and throughput providing techniques are run and assessed and the simulation results are examined. According to the results, appropriate QoS adaption allows for specific voice and video transmission. Finally, by analyzing existing QoS parameters, the QoS performance of 4G/UMTS networks may be improved.
Accident detection system project report.pdfKamal Acharya
The Rapid growth of technology and infrastructure has made our lives easier. The
advent of technology has also increased the traffic hazards and the road accidents take place
frequently which causes huge loss of life and property because of the poor emergency facilities.
Many lives could have been saved if emergency service could get accident information and
reach in time. Our project will provide an optimum solution to this draw back. A piezo electric
sensor can be used as a crash or rollover detector of the vehicle during and after a crash. With
signals from a piezo electric sensor, a severe accident can be recognized. According to this
project when a vehicle meets with an accident immediately piezo electric sensor will detect the
signal or if a car rolls over. Then with the help of GSM module and GPS module, the location
will be sent to the emergency contact. Then after conforming the location necessary action will
be taken. If the person meets with a small accident or if there is no serious threat to anyone’s
life, then the alert message can be terminated by the driver by a switch provided in order to
avoid wasting the valuable time of the medical rescue team.
Home security is of paramount importance in today's world, where we rely more on technology, home
security is crucial. Using technology to make homes safer and easier to control from anywhere is
important. Home security is important for the occupant’s safety. In this paper, we came up with a low cost,
AI based model home security system. The system has a user-friendly interface, allowing users to start
model training and face detection with simple keyboard commands. Our goal is to introduce an innovative
home security system using facial recognition technology. Unlike traditional systems, this system trains
and saves images of friends and family members. The system scans this folder to recognize familiar faces
and provides real-time monitoring. If an unfamiliar face is detected, it promptly sends an email alert,
ensuring a proactive response to potential security threats.
Build the Next Generation of Apps with the Einstein 1 Platform.
Rejoignez Philippe Ozil pour une session de workshops qui vous guidera à travers les détails de la plateforme Einstein 1, l'importance des données pour la création d'applications d'intelligence artificielle et les différents outils et technologies que Salesforce propose pour vous apporter tous les bénéfices de l'IA.
Tools & Techniques for Commissioning and Maintaining PV Systems W-Animations ...Transcat
Join us for this solutions-based webinar on the tools and techniques for commissioning and maintaining PV Systems. In this session, we'll review the process of building and maintaining a solar array, starting with installation and commissioning, then reviewing operations and maintenance of the system. This course will review insulation resistance testing, I-V curve testing, earth-bond continuity, ground resistance testing, performance tests, visual inspections, ground and arc fault testing procedures, and power quality analysis.
Fluke Solar Application Specialist Will White is presenting on this engaging topic:
Will has worked in the renewable energy industry since 2005, first as an installer for a small east coast solar integrator before adding sales, design, and project management to his skillset. In 2022, Will joined Fluke as a solar application specialist, where he supports their renewable energy testing equipment like IV-curve tracers, electrical meters, and thermal imaging cameras. Experienced in wind power, solar thermal, energy storage, and all scales of PV, Will has primarily focused on residential and small commercial systems. He is passionate about implementing high-quality, code-compliant installation techniques.
Open Channel Flow: fluid flow with a free surfaceIndrajeet sahu
Open Channel Flow: This topic focuses on fluid flow with a free surface, such as in rivers, canals, and drainage ditches. Key concepts include the classification of flow types (steady vs. unsteady, uniform vs. non-uniform), hydraulic radius, flow resistance, Manning's equation, critical flow conditions, and energy and momentum principles. It also covers flow measurement techniques, gradually varied flow analysis, and the design of open channels. Understanding these principles is vital for effective water resource management and engineering applications.
Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics
1. Bulletin of Electrical Engineering and Informatics
ISSN: 2302-9285
Vol. 6, No. 2, June 2017, pp. 140~148, DOI: 10.11591/eei.v6i2.605 140
Received March 3, 2017; Revised May 4, 2017; Accepted May 18, 2017
Review of Detection DDOS Attack Detection Using
Naive Bayes Classifier for Network Forensics
Abdul Fadil
1
, Imam Riadi
2
, Sukma Aji*
3
1
Department of Electrical Engineering Ahmad Dahlan University, Yogyakarta, Indonesia
2
Department of Information System Ahmad Dahlan University, Yogyakarta, Indonesia
3
Master Program of Information Technology Ahmad Dahlan University, Yogyakarta, Indonesia
*Corresponding author, e-mail: fadlil@mti.uad.ac.id
1
, imam.riadi@is.uad.ac.id
2
, sukma.aji@staff.uad.ac.id
3
Abstract
Distributed Denial of Service (DDoS) is a type of attack using the volume, intensity, and more
costs mitigation to increase in this era. Attackers used many zombie computers to exhaust the resources
available to a network, application or service so that authorized users cannot gain access or the network
service is down, and it is a great loss for Internet users in computer networks affected by DDoS attacks.
This research proposed to develop a new approach to detect DDoS attacks based on network traffic
activity were statistically analyzed using Gaussian Naive Bayes method. Data will be extracted from
training and testing of network traffic in a core router at Master of Information Technology Research
Laboratory Ahmad Dahlan University Yogyakarta (MITRLADUY). The new approach in detecting DDoS
attacks is expected to be a relation with Intrusion Detection System (IDS) to predict the existence of DDoS
attacks based on average and standard deviation of network packets in accordance with the Gaussian
method.
Keywords: DDoS, Gaussian, Naive Bayes, average, standard deviation
1. Introduction
Cisco 2016 Annual Security Report [1] showed DoS attacks still top the External
Challenges Faced. Respondent does not Consider any of these to be challenges in the
organization with 3 %, Zero-Day Attacks and Brute Force with 35 %. Whereas DoS leads the
chart of the External Challenges Faced with 38 %, ahead Advanced Persistent Threats 43 %,
Phishing 54 %, and Malware 68 %. It shows that DDoS attacks are still interesting to
investigate. Figure 1 shows the Cisco statistic about External Challenges Faced.
Figure 1. External challenges faced
Jasreena Kaur Bains et al [2] propound model used Naive Bayes Classifier with K2
Learning process on reduced NSL KDD data set for each attack class. In this method, every
layer is individually trained to detect a single type of attack category and the outcome of one
layer to increase the detection rate and for better categorization of both the majority and
minority attacks.
2. Bulletin of EEI ISSN: 2302-9285
Review of Detection DDOS Attack Detection Using Naive Bayes… (Abdul Fadil)
141
Mangesh D. Salunke and Ruhi Kabra [3] used Naive Bayes Classifier and Artificial
Neural Network to detect the DDoS attack. They are proposed system is divided into two
modules. First Training Set Generation, create a database for future use. All incoming packets
are going through each level of training set generation and create dynamic data set and mark
the incoming packet as “OK packet” or “Attack”. And then the second module is Real-Time
Layered Intrusion Detection System, applying K-means clustering and Naive Bayes algorithm
for data mining and classification algorithm to classify the attack as SYN flood, PING flood,
UDP flood.
Kanagalakshmi R. and Naveenantony Raj [4] used Hidden Naive Bayes Multiclass
Classifier Model on network Intrusion Detection System for struggling progressively
sophisticated network attacks. Bharti Nagpal et al [5] comparing many software DDoS attacks
that showing complete information of the software DDoS attacks. V. Hema and C. Emily Shin [6]
used Naive Bayes to calculate DoS attacks comparing Detection Rate and rate False Positive
with the achievements by the proposed and existing systems. Mangesh Salunke at al [7] used
K-means Clustering and Naive Bayes to classifying DDoS attacks with number of the malicious
packets correctly classified as malicious in True Positive (TP), number of normal traffic falsely
classified as malicious in False Positive (FP), when the malicious traffic is classified as normal
traffic in False Negative (FN), and number of benign packets correctly classified as benign in
True Negative (TN),
Gnanapriya N. And Karthik R. [8] showed superiority Naive Bayes detection method
compared with Information Gain and Gain Ratio. Niharika Sharma et al [9] used K-Means
Clustering, Naive Bayes, Neural Network, Fuzzy Logic, and Genetic Algorithm to review
anomaly DoS attacks to IDS by language Machine Learning. Mohammed Alkasassbeh et al [10]
incorporates three well-known classification techniques: Multi-Layer Perceptron (MLP), Bayes,
and Random Forest. That show MLP achieved is the highest accuracy. S.H.C. Haris et al [11]
had been observed and analyzed in IP header for the first experiment. There are five main fields
that are important in order to detect threats. The experiment is focusing on Internet Protocol
Version 4 (IPV4), so the IPV must be 4 and IP header length must be equal or above than 20
bytes and equal or below than 60 bytes.
Nikhil S. Mangrulkar et al [12] proposed Intrusion Detection System and Intrusion
Prevention System using Naive Bayes Classifier. Preprocessing part, Classification part, and
Protection part became part of the principal. Majed Tabash and Tawfiq Bathroom [13] compared
many methods to detecting and preventing the network from DoS attacks. The methods are K-
NN with K=3, Decision Tree, SVM, and Naive Bayes. Navdeep Singh et al [14] compared
Analysis of different DDoS detection Technique with Statistical Method, IDS, IDS based
Dempster-Shafer Theory, Packet information Gathering and Preprocessing, Network Detection,
and Real-time Detection System. Primula Is Armani and Imam Radi [15] used K-Means
Clustering to classify DoS attacks in three danger levels Low, Medium, and High.
Previous papers describe different techniques to detect DoS/DDoS attacks. We
proposed to conduct further research on network testing, network processing, and analytical
methods to achieve better detection accuracy with different network traffic and make the
detection systems based on average and standard deviation according to the Gaussian method.
2. Basic Theory
2.1. Three-way Handshake
Communication between computers requires a standard protocol called a three-way
handshake as seen in Figure 2. The communication contains a protocol exchange between the
server and the attacker [16].
Three-way handshake from a normal TCP connection initiates transmission from an
attacker by sending SYN to the server, and the server will allocate a buffer to the user and reply
with SYN and ACK packet. This stage, the connection is in a half-open state, waiting for an ACK
response from the attacker to complete the connection settings. When the connection is
completed, this is called three-way handshake. But TCP SYN Flood attacks manipulate this
three-way handshake by making server busy with a SYN request. TCP SYN Flood is a common
form of Denial of Service attack. TCP SYN Flood can be observed with a Packet Capture
application by using a spanned link to observe a copy of server activity. TCP SYN Flood
features are often the emergence of the incoming IP Address to the server. IP Address that
3. ISSN: 2302-9285
Bulletin of EEI Vol. 6, No. 2, June 2017 : 140 – 148
142
always appear to the server is calculated within a certain time range and used as feature
extraction as a DDoS attack [11].
Figure 2. Three way handshake
2.2. Gaussian Distribution
The Gaussian distribution is one of the common and important methods in probability
calculation and statistics, introduced by Gauss in his study of error theory [17]. Gauss uses it to
describe errors. Experience shows that many random variables, the height of adult males, and
reaction time in psychological experiments, all of which can be solved by the Gaussian
distribution [18]. The Gaussian distribution is:
( )
√
( )
(1)
where, µ is average and δ is standard deviation, to calculate µ and δ values for numerical
attributes using formula
∑
(2)
∑ ( )
(3)
2.3. Naive Bayes Algorithm
Bayes theorem is stated mathematically as the following equation [2]
( )
( ) ( )
( )
(4)
where: A and B are events
P (A) and P (B) are the probabilities of A and B independent of each other
P (A|B), a conditional probability, is the probability of A given that B is true
P (B|A), is the probability of B given that A is true
Based on Gaussian distribution and Naive Bayes algorithm, we proposed to calculate
incoming IP Address and packet length using packet capture application as numerical input to
be displayed in the 2-dimensional graph. After obtaining numerical input, the data is processed
using Gaussian Naive Bayes method based on a calculation of average and standard deviation.
4. Bulletin of EEI ISSN: 2302-9285
Review of Detection DDOS Attack Detection Using Naive Bayes… (Abdul Fadil)
143
3. Proposed Methodology
3.1. Architecture Diagram
Figure 3 Architecture Diagram, where the client is a router in MITRLADUY and
connected to an investigator with a spanned link.
a. Capture IP Packets
Network traffics is collected using packet capture application. The input packets traffic is
resized for further operation.
b. Analyzing the IP/Data Packet
IP packets are processed and analyzed to find out the normal network traffic and in
case of under attack
c. Features Extraction
In the stage where implemented data processing which originally shaped log file into a
form that can be processed further, so that the data can be retrieved from the important
information.
d. Training Set Formation
Training set formation is a stage where the training implemented with naive Bayes
method of log data file result processing to recognize the pattern of attacks
e. Apply Gaussian Naive Bayes (Classify)
Classify is the stage where the results of the training, tested with data test to know the
success of introduction of DDoS attacks
f. Classification Predictor
The system provides output in the form of a normal traffic or under attack. The system
will produce the output of an attacker’s IP address
Figure 3. Architecture diagram of proposed research on MITRLADUY
3.2. Topology
Figure 4 shows the distribution of Computer network in MITRLADUY, that router serves
8 users to access the internet. In this proposed research, DDoS attacks will be captured by the
investigator as data input through the spanned link. Simulations were done by 6 attackers from
outside the laboratory to the victim IP Address 172.10.64.250 using DDoS application Low Orbit
Ion Cannon (LOIC) and Wireshark packet capture application to observe network traffic activity.
5. ISSN: 2302-9285
Bulletin of EEI Vol. 6, No. 2, June 2017 : 140 – 148
144
Figure 4. Network topology
3.3. Classification
Numerical data input will be processed by Gaussian Naive Bayes Classifier and give
decision result in the form of normal access or attack. Figure 5 shows the proposed
classification process using the Gaussian Naive Bayes method.
Figure 5. Classification process
4. Result and Discussion
Attack scenario is done in accordance with the topology in Figure 4, namely IP address
172.10.64.199, 172.10.85.151, 172.10.71.29, 172.10.71.49, 172.10.201.5, and 172.10.201.19
perform DDoS attacks using LOIC application to the victim with IP address 172.10.64.250.
Attacks are performed within 3 minutes and captured using packet capture application.
4.1. Input Parameters
Packet capture determines network traffic activity data in form of time range, incoming
IP address packet length, and so on. We observe network traffic within 3 minutes caused by
storage limit and calculate the incoming IP address and packet length to serve as input
parameters of numerical data that can be visualized in the classification process. Figure 6
shows the capture result for the input parameter.
6. Bulletin of EEI ISSN: 2302-9285
Review of Detection DDOS Attack Detection Using Naive Bayes… (Abdul Fadil)
145
Figure 6. Input parameters
Packet capture determines network traffic activity data in form of time range, incoming
IP address packet length, and so on. We observe network traffic within 3 minutes caused by
storage limit and calculate the incoming IP address and packet length to serve as input
parameters of numerical data that can be visualized in the classification process. Figure 6
shows the capture result for the input parameter.
Table 1 shows the results of calculating incoming IP addresses and packet lengths to
be the coordinate point values on the x-axis and y-axis in 3 minutes time range.
Table 1. MITRLADUY Network Traffic 3 minutes Time Range
IP address
Incoming IP (IIP) in
time range (x-axis)
Packet length (PL) in
time range (y-axis)
Access
Time Range
(minutes)
192.168.10.2 36 10048 Normal 3
192.168.10.3 2449 384809 Normal 3
192.168.10.4 786 111132 Normal 3
192.168.10.5 1003 140340 Normal 3
192.168.10.6 1174 160075 Normal 3
192.168.10.7 1118 148707 Normal 3
192.168.10.8 1200 161525 Normal 3
192.168.10.9 1606 226306 Normal 3
172.10.64.199 4515 1527368 Attack 3
172.10.85.151 14320 2522499 Attack 3
172.10.201.5 9811 2044024 Attack 3
172.10.201.19 4407 1014119 Attack 3
172.10.71.29 8338 2356408 Attack 3
172.10.71.49 11206 1694624 Attack 3
4.2. Current Classification with Naive Bayes in Matlab
We use Matlab software for classification process because this software is very familiar
for users and also very good for displaying the graph.
Matlab provides Naive Bayes classification facility for data processing. Network traffic
can also use this facility to know the class. In the process of classification, using K, L, Q, and
also function f. It will make difficult for many people to understand. Figure 7 shows the Matlab
code of Naive Bayes classification with many coefficients.
7. ISSN: 2302-9285
Bulletin of EEI Vol. 6, No. 2, June 2017 : 140 – 148
146
Figure 7. Naive Bayes code in Matlab
The result of network traffic classification is shown in Figure 8, the normal class set is
limited by the quadratic curve on the blue line with the green circle set member. The other is the
attack class with a red square set member.
Figure 8. Result of classification in Matlab facility
4.3. Proposed Classification with Gaussian Naive Bayes in Matlab
Based on table 1, the formulas (2), and (3), we can calculate the average and standard
deviation of the normal class and attack class. The average and standard deviation are:
- Incoming IP’s average of normal class =1172
- Incoming IP’s average of attack class =8766
- Packet length’s average of normal class =167868
- Packet length’s average of attack class =1859840
- Incoming IP’s standard deviation of normal class =686
- Incoming IP’s standard deviation of attack class =3877
- Packet length’s standard deviation of normal class =106791
- Packet length’s standard deviation of attack class =560838
8. Bulletin of EEI ISSN: 2302-9285
Review of Detection DDOS Attack Detection Using Naive Bayes… (Abdul Fadil)
147
The set of each class is based on the average and match standard deviation µ+(xδ) to
get the best accuracy, so the set can shelter its members. Average of each class to be the
center of the set and coupled with the match standard deviation that states the extent of the set
of each class. We have calculated the match standard deviation to get the best accuracy with
the set area µ+(3δ) for the normal class and µ+(2,5δ) for the attack class. Figure 9 shows the
set of normal classes and set of attack classes based on average and standard deviation.
Figure 9. Gaussian Naive Bayes classification based on the average and standard deviation
Finally, formula (1) and formula (4) are used to predict network traffic activity so that it
can be known IP address that attacks to the victim. Table 2 shows the IP addresses that
perform normal activities and IP addresses that perform attacks.
Table 2 also shows the IP addresses that perform normal activities are 192.168.10.2,
192.168.10.3, 192.168.10.4, 192.168.10.5, 192.168.10.6, 192.168.10.7. 192.168.10.8, and
192.168.10.9. IP addresses that perform the attack activities are 172.10.64.199, 172.10.85.151,
172.10.201.5, 172.10.201.19, 172.10.71.29, and 172.10.71.49.
Table 2. Network Traffic Prediction of MITRLADUY Activities
No IP Address
Incoming
IP (IIP) in
time range
(x axis)
Packet
length (PL)
in time range
(y axis)
Access P(normal|IP) >< P(attack|IP) CLASS
1 192.168.10.2 36 10048 NORMAL 1.4688E-09 > 1.96172E-11 NORMAL
2 192.168.10.3 2449 384809 NORMAL 1.2666E-09 > 3.26734E-11 NORMAL
3 192.168.10.4 786 111132 NORMAL 1.8679E-09 > 2.3003E-11 NORMAL
4 192.168.10.5 1003 140340 NORMAL 1.9175E-09 > 2.40365E-11 NORMAL
5 192.168.10.6 1174 160075 NORMAL 1.9305E-09 > 2.47967E-11 NORMAL
6 192.168.10.7 1118 148707 NORMAL 1.927E-09 > 2.4442E-11 NORMAL
7 192.168.10.8 1200 161525 NORMAL 1.9306E-09 > 2.48799E-11 NORMAL
8 192.168.10.9 1606 226306 NORMAL 1.8575E-09 > 2.71337E-11 NORMAL
9 172.10.64.199 4515 1527368 ATTACK 6.3477E-14 < 6.20552E-11 ATTACK
10 172.10.85.151 14320 2522499 ATTACK 4.9321E-30 < 5.33277E-11 ATTACK
11 172.10.201.5 9811 2044024 ATTACK 1.029E-20 < 6.92607E-11 ATTACK
12 172.10.201.19 4407 1014119 ATTACK 1.7146E-11 < 5.29461E-11 ATTACK
13 172.10.71.29 8338 2356408 ATTACK 3.309E-22 < 6.59322E-11 ATTACK
14 172.10.71.49 11206 1694624 ATTACK 1.5572E-19 < 6.76054E-11 ATTACK
9. ISSN: 2302-9285
Bulletin of EEI Vol. 6, No. 2, June 2017 : 140 – 148
148
5. Conclusion and Future Work
The average and standard deviation can be used as a reference to create a set of
classes using Gaussian Naive Bayes method. The average indicates the center of the class set,
whereas the standard deviation shows the extent of the class set. The width of the set of each
class is more specific to all members of the set. The Gaussian Naive Bayes method can also
predict accurately and precisely. Further research is expected to process more data so that it
can test the accuracy of the Gaussian Naive Bayes method.
References
[1] Cisco, Cisco 2016 Annual Security Report, 2016.
[2] JK Bains. Intrusion Detection System with Multi-Layer using Bayesian Networks. International Journal
of Computer Applications. 2013; 67(5): 1–4.
[3] MD Salunke, R Kabra. Denial-of-Service Attack Detection. International Journal of Innovative
Research in Advanced Engineering. 2014; 1(11): 16–20.
[4] R Kanagalakshmi, VN Raj. Network Intrusion Detection Using Hidden Naive Bayes Multiclass
Classifier Model. International Journal of Science, Technology & Management. 2014; 3(12): 76–84.
[5] B Nagpal, P Sharma, N Chauhan, A Panesar. DDoS Tools : Classification, Analysis, and
Comparison. Proceeding of the 2nd International Conference on Computing for Sustainable Global.
2015: 2–6.
[6] V Hema, CE Shin. DoS Attack Detection Based on Naive Bayes Classifier. Middle-East Journal of
Scientific Research. 2015; 23: 398–405.
[7] M Salunke, R Kabra, A Kumar. Layered architecture for DoS attack detection system by combined
approach of Naive Bayes and Improved K-means Clustering Algorithm. International Research
Journal of Engineering and Technology. 2015; 2(3): 372–377.
[8] Gnanapriya, KR. Denial of Service Attack by Feature Reduction Using Naive Bayes Classification.
International Journal of Science and Engineering Research. 2016; 4(1).
[9] N Sharma, A Mahajan, V Malhotra. Machine Learning Techniques Used in Detection of DOS
Attacks : A Literature Review. International Journal of Advance Research in Computer Science and
Software Engineering. 2016; 6(3): 100–105.
[10] M Alkasassbeh, ABA Hassan, G Al-any mat. Detecting Distributed Denial of Service Attacks Using
Data Mining Techniques. International Journal of Advanced Computer Science and Applications.
2016; 7(1): 436–445.
[11] SHC Haris. Anomaly Detection of IP Header Threats. International Journal of Computer Science and
Security. 2011; 4(5): 497–504.
[12] NS Mangrulkar. Network Attacks and Their Detection Mechanisms : A Review. International Journal
of Computer Applications. 2014; 90(9): 36–39.
[13] M Tabash, T Barhoom. An Approach for Detecting and Preventing DoS Attacks in LAN. International
Journal of Computer Trends and Technology. 2014; 18(6): 265–271.
[14] N Singh, A Hans, K Kumar, M Pal, S Bird. Comprehensive Study of Various Techniques for Detecting
DDoS Attacks in Cloud Environment. International Journal of Grid Distribution Computing. 2015; 8(3):
119–126.
[15] A Iswardani, I Riadi. Denial of Service Log Analysis Using Density K-Means Method. Journal of
Theoretical Applied Information Technology. 2016; 83(2): 299-302.
[16] AS. Tanennbaum, Computer Networks, 5th ed. Pearson, 2011.
[17] J Yang, X Yu, Z Xie, J Zhang. A Novel Virtual Sample Generation Method Based on Gaussian
Distribution. Knowledge-Based Syst. 2011; 24(6): 740–748.
[18] E Balkanli. Supervised Learning to Detect DDoS Attacks. IEEE Int. Conf. Comput. Commun.
Informatics, 2014.