Adaptive Butterfly Optimization Algorithm(ABOA)Based Feature Selection and Deep Neural Network(DNN)for Detection of Distributed Denial-of-Service(DDoS)Attacks in Cloud

Cloud computing technology provides flexible,on-demand,and completely controlled computing resources and services are highly desirable.Despite this,with its distributed and dynamic nature and shortcomings in virtualization deployment,the cloud environment is exposed to a wide variety of cyber-attacks and security difficulties.The Intrusion Detection System(IDS)is a specialized security tool that network professionals use for the safety and security of the networks against attacks launched from various sources.DDoS attacks are becoming more frequent and powerful,and their attack pathways are continually changing,which requiring the development of new detection methods.Here the purpose of the study is to improve detection accuracy.Feature Selection(FS)is critical.At the same time,the IDS’s computational problem is limited by focusing on the most relevant elements,and its performance and accuracy increase.In this research work,the suggested Adaptive butterfly optimization algorithm(ABOA)framework is used to assess the effectiveness of a reduced feature subset during the feature selection phase,that was motivated by this motive Candidates.Accurate classification is not compromised by using an ABOA technique.The design of Deep Neural Networks(DNN)has simplified the categorization of network traffic into normal and DDoS threat traffic.DNN’s parameters can be finetuned to detect DDoS attacks better using specially built algorithms.Reduced reconstruction error,no exploding or vanishing gradients,and reduced network are all benefits of the changes outlined in this paper.When it comes to performance criteria like accuracy,precision,recall,and F1-Score are the performance measures that show the suggested architecture outperforms the other existing approaches.Hence the proposed ABOA+DNN is an excellent method for obtaining accurate predictions,with an improved accuracy rate of 99.05%compared to other existing approaches.

A Machine Learning-Based Distributed Denial of Service Detection Approach for Early Warning in Internet Exchange Points

The Internet service provider(ISP)is the heart of any country’s Internet infrastructure and plays an important role in connecting to theWorld WideWeb.Internet exchange point(IXP)allows the interconnection of two or more separate network infrastructures.All Internet traffic entering a country should pass through its IXP.Thus,it is an ideal location for performing malicious traffic analysis.Distributed denial of service(DDoS)attacks are becoming a more serious daily threat.Malicious actors in DDoS attacks control numerous infected machines known as botnets.Botnets are used to send numerous fake requests to overwhelm the resources of victims and make them unavailable for some periods.To date,such attacks present a major devastating security threat on the Internet.This paper proposes an effective and efficient machine learning(ML)-based DDoS detection approach for the early warning and protection of the Saudi Arabia Internet exchange point(SAIXP)platform.The effectiveness and efficiency of the proposed approach are verified by selecting an accurate ML method with a small number of input features.A chi-square method is used for feature selection because it is easier to compute than other methods,and it does not require any assumption about feature distribution values.Several ML methods are assessed using holdout and 10-fold tests on a public large-size dataset.The experiments showed that the performance of the decision tree(DT)classifier achieved a high accuracy result(99.98%)with a small number of features(10 features).The experimental results confirmthe applicability of using DT and chi-square for DDoS detection and early warning in SAIXP.

The History, Trend, Types, and Mitigation of Distributed Denial of Service Attacks

Over time, the world has transformed digitally and there is total dependence on the internet. Many more gadgets are continuously interconnected in the internet ecosystem. This fact has made the Internet a global information source for every being. Despite all this, attacker knowledge by cybercriminals has advanced and resulted in different attack methodologies on the internet and its data stores. This paper will discuss the origin and significance of Denial of Service (DoS) and Distributed Denial of Service (DDoS). These kinds of attacks remain the most effective methods used by the bad guys to cause substantial damage in terms of operational, reputational, and financial damage to organizations globally. These kinds of attacks have hindered network performance and availability. The victim’s network is flooded with massive illegal traffic hence, denying genuine traffic from passing through for authorized users. The paper will explore detection mechanisms, and mitigation techniques for this network threat.

基于合约熵判决算法的区块链网络DDoS防御优化

为针对多域协同联合防御分布式拒绝服务(DDoS)更有效发挥区块链网络优势,该文提出智能合约熵检测(SCED)算法。基于Hyperledger Fabric区块链架构,首先,通过智能合约技术构建多域协作机制,建立智能合约协作子算法;然后,针对受害域内非法流量IP生成IP黑名单,并通知所有协作域,协同防御DDoS;其次,在各单域内部署由监测、比对、分类及防御模块组成的熵判决防御子算法,检测处理域内非法流量;最后,结合多域智能合约协作和单域熵判决防御,实现区块链网络中受害域、中间域及攻击域协同防御DDoS。仿真结果表明,对比ChainSecure等算法,SCED算法在精度和效率方面有较好的表现。

Formalized Description of Distributed Denial of Service Attack

The distributed denial of service (DDoS) attack is one of the dangers in intrusion modes. It's difficult to defense and can cause serious damage to the system. Based on a careful study of the attack principles and characteristics, an object-oriented formalized description is presented, which contains a three-level framework and offers full specifications of all kinds of DDoS modes and their features and the relations between one another. Its greatest merit lies in that it contributes to analyzing, checking and judging DDoS. Now this formalized description has been used in a special IDS and it works very effectively.(

面向网络靶场的DDoS攻击缓解方法研究

本文提出一种面向不平衡数据的DDoS攻击检测模型,提升对DDoS洪泛攻击的检测效果。以OpenStack为核心技术设计网络靶场,并使用Ceph分布式存储替换OpenStack原生存储系统,提出一种OpenStack与Ceph的超融合网络靶场方案,可以实现对计算、存储、网络资源的统一管理。首先,针对Ceph集群在存储时的数据分布不均情况对平台存储性能的影响,提出一种基于好感度的数据存储优化算法,利用好感度因子约束数据的存储位置,有效提高集群中所有OSD节点存储数据的均衡性。同时,设计了一种基于软件定义网络(Software Defined Network,SDN)的DDoS洪泛攻击检测与缓解方法,有效降低了对物理设备性能的要求,最后结合Ryu控制器的可编程性,实现DDoS洪泛攻击缓解方法。

面向边缘计算的TCA1C DDoS检测模型

边缘计算弥补了传统云计算数据传输开销大的不足,但边缘网络中存储和计算资源受限的特殊性限制了其部署复杂安全算法的能力,更易受到分布式拒绝服务(DDoS)攻击。针对目前边缘网络中DDoS攻击检测方法性能不高、未对卸载任务分类处理、对多属性的流量处理能力弱的问题,提出一种基于任务分类的Attention-1D-CNN DDoS检测模型TCA1C,对通信链路中的流量按不同的卸载任务进行分类,使单个任务受到攻击时不会影响整个链路中计算任务卸载的安全性,再对同一任务下的流量提取属性值并进行归一化处理。处理后的数据输入到Attention-1D-CNN,通道Attention和空间Attention学习数据特征对DDoS检测的贡献度,利用筛选函数剔除低于特征阈值的冗余信息,降低模型学习过程的复杂度,使模型快速收敛。仿真结果表明:TCA1C模型在缩短DDoS检测所用时间的情况下,检测准确率高达99.73%,检测性能优于DT、ELM、LSTM和CNN;当多个卸载任务在面临特定攻击概率时,卸载任务分类能有效降低不同任务的相互影响,使终端设备的计算任务在卸载过程中保持较高的安全性。

融合稀疏注意力机制在DDoS攻击检测中的应用

针对现有的DDoS(distributed denial of service)攻击检测模型面临大量数据时,呈现出检测效率低的问题。为适应当前网络环境,通过研究DDoS攻击检测模型、提取流量特征、计算攻击密度,提出一种基于融合稀疏注意力机制的DDoS攻击检测模型GVBNet(global variable block net),使用攻击密度自适应计算稀疏注意力。利用信息熵以及信息增益分析提取攻击流量的连续字节作为特征向量,通过构建基于GVBNet的网络模型在两种数据集上进行训练。实验结果表明,该方法具有良好的识别效果、检测速度以及抗干扰能力,在不同的环境下具有应用价值。

Optimization of Stealthwatch Network Security System for the Detection and Mitigation of Distributed Denial of Service (DDoS) Attack: Application to Smart Grid System

The Smart Grid is an enhancement of the traditional grid system and employs new technologies and sophisticated communication techniques for electrical power transmission and distribution. The Smart Grid’s communication network shares information about status of its several integrated IEDs (Intelligent Electronic Devices). However, the IEDs connected throughout the Smart Grid, open opportunities for attackers to interfere with the communications and utilities resources or take clients’ private data. This development has introduced new cyber-security challenges for the Smart Grid and is a very concerning issue because of emerging cyber-threats and security incidents that have occurred recently all over the world. The purpose of this research is to detect and mitigate Distributed Denial of Service [DDoS] with application to the Electrical Smart Grid System by deploying an optimized Stealthwatch Secure Network analytics tool. In this paper, the DDoS attack in the Smart Grid communication networks was modeled using Stealthwatch tool. The simulated network consisted of Secure Network Analytic tools virtual machines (VMs), electrical Grid network communication topology, attackers and Target VMs. Finally, the experiments and simulations were performed, and the research results showed that Stealthwatch analytic tool is very effective in detecting and mitigating DDoS attacks in the Smart Grid System without causing any blackout or shutdown of any internal systems as compared to other tools such as GNS3, NeSSi2, NISST Framework, OMNeT++, INET Framework, ReaSE, NS2, NS3, M5 Simulator, OPNET, PLC & TIA Portal management Software which do not have the capability to do so. Also, using Stealthwatch tool to create a security baseline for Smart Grid environment, contributes to risk mitigation and sound security hygiene.

基于深度森林的多类型DDoS攻击检测方法

分布式拒绝服务攻击(DDoS)是网络安全的主要威胁之一。近年来,基于多种不同DDoS攻击方式的混合攻击数量大幅增长,如何在保证精度的前提下同时检测多种类型的DDoS攻击成为亟待解决的问题。为此,提出一种基于深度森林的多类型DDoS攻击检测方法。该方法首先使用基于平均不纯度的特征选择算法对多类型异常流量数据集进行特征排序与特征筛选;然后使用多粒度扫描对DDoS训练集进行特征提取,并使用级联森林分层训练模型,最终生成可用于DDoS恶意流量检测与分类的深度森林模型。实验结果表明,与6种主流树类集成学习模型相比,基于改进深度森林的DDoS攻击检测方法训练得到的分类器准确率最低提升了0.8%,召回率最低提升了0.9%;与改进前相比,改进后模型准确率提升了1.3%,加权召回率提高了1.3%,训练时间减少了29.7%。模型整体性能有明显提升。

SDN中基于信息熵与机器学习的DDoS攻击检测模型构建

软件定义网络(Software-Defined Network,SDN)的集中控制特征使得网络管理更加灵活高效,但同时也成为网络攻击的主要对象,其中分布式拒绝服务攻击DDoS是SDN面临的主要威胁之一。结合统计学习和机器学习这2种SDN中常用的检测方法,文章分析了基于信息熵与机器学习算法的DDoS攻击检测模型,并利用信息熵的阈值判断检测出疑似异常流量,再用决策树算法构建的检测模型检测出DDoS攻击。分类检测模型构建了6个特征属性,并通过计算信息增益值筛选出最优特征子集。通过与其他分类算法模型的比较,该模型提高了检测准确性,减少了检测时间。

Game-theoretical Model for Dynamic Defense Resource Allocation in Cyber-physical Power Systems Under Distributed Denial of Service Attacks

Electric power grids are evolving into complex cyber-physical power systems(CPPSs)that integrate advanced information and communication technologies(ICTs)but face increasing cyberspace threats and attacks.This study considers CPPS cyberspace security under distributed denial of service(DDoS)attacks and proposes a nonzero-sum game-theoretical model with incomplete information for appropriate allocation of defense resources based on the availability of limited resources.Task time delay is applied to quantify the expected utility as CPPSs have high time requirements and incur massive damage DDoS attacks.Different resource allocation strategies are adopted by attackers and defenders under the three cases of attack-free,failed attack,and successful attack,which lead to a corresponding consumption of resources.A multidimensional node value analysis is designed to introduce physical and cybersecurity indices.Simulation experiments and numerical results demonstrate the effectiveness of the proposed model for the appropriate allocation of defense resources in CPPSs under limited resource availability.

基于机器学习的无线网络DDoS攻击检测方法

为提高分布式拒绝服务(Distributed Denial of Service,DDoS)攻击检出率,设计基于机器学习的无线网络DDoS攻击检测方法。首先,结合攻击时间序列构建无线网络DDoS攻击检测模型,利用深度学习设计无线网络DDoS攻击检测机制;其次,通过异常流量判断,对照相应的流表特征信息完成分类检测;最后,进行实验分析。实验结果表明,该方法的DDoS攻击检出率较低,优于对照组。

SDN环境中基于Bi-LSTM的DDoS攻击检测方案

针对5G物联网环境中海量接入设备带来的DDoS攻击威胁,同时考虑到软件定义网络SDN对5G物联网的适用性,提出了一种在SDN环境中利用长短期记忆LSTM网络检测DDoS攻击的方案,以提高对DDoS攻击检测的准确性。并采用分治算法思想,提出了一种轻量级分布式边缘计算架构OCM,在物联网中的空闲边缘节点部署基于Bi-LSTM的轻量级神经网络完成检测任务,在保证准确性的同时,增加了检测的灵活性。在ISCX2012数据集上评估了所提方案的有效性和可行性。实验结果表明,所提方案能够准确检测DDoS攻击并有效缓解DDoS攻击。

SDN中基于条件熵和决策树的DDoS攻击检测方法

软件定义网络(software defined network,SDN)作为一种新型网络架构,其转控分离及集中控制的架构思想为网络带来了显著的灵活性,同时为感知全局网络状态提供了便利。分布式拒绝服务攻击(distributed denial of service,DDoS)是一种典型的网络攻击方式。针对SDN网络中进行DDoS攻击检测的问题,提出了一种基于条件熵和决策树的DDoS攻击检测方法,利用条件熵判断当前网络状态,通过分析SDN中DDoS攻击特点,提取用于流量检测的6项重要特征,使用C4.5决策树算法进行网络流量分类,实现对SDN中的DDoS攻击的检测。实验表明,相比于其它研究方法,文中提出的方法不仅具有较高检测精确率和召回率,而且明显缩短了检测时间。

边缘计算环境下基于深度学习的DDos检测

边缘计算作为一种用于降低中心节点计算压力,更靠近终端设备和数据源头的新计算范式,满足了计算业务下沉的需求,也带来了安全问题;其中,对边缘计算安全威胁最大、造成过巨大经济损失和安全事故的当属分布式拒绝服务攻击(DDos);边缘计算环境下由于算力受限、存储空间有限等原因,传统的防御手段难以应用;因此,提出了一种适用于边缘计算环境下的基于深度学习的轻量级DDos检测框架;采用CIC-DDos-2019数据集来模拟边缘计算环境下的遭受DDos攻击的网络流量,针对数据集进行了适应性强的预处理技术和相似性标签融合,运用SMOTE算法解决了数据集类别不平衡问题,采用一维卷积技术和BiLSTM技术搭建了模型并进行了模型剪枝,构建了一个轻量级模型;结果表明,其针对DDos攻击类别的八分类实验准确率达到了96.8%,二分类实验准确率达到了99.8%。

V2G网络中基于联邦学习和CNN-BiLSTM的DDoS攻击检测

DDoS攻击是V2G网络的重要威胁之一,它可以在短时间内耗尽服务器的通信资源。此前方法以集中式模型为主,将数据从边缘设备传输到中央服务器进行训练可能会将数据暴露给各种攻击。研究了一种基于联邦学习的入侵检测系统,首先,考虑到V2G网络数据的高维性和数据间的时间依赖性,将采集的数据通过改进的特征选择算法进行降维,减少冗余特征,再将处理后的数据传入到融合了卷积神经网络和双向长短时记忆网络的混合模型中,捕获数据中的时间依赖性,并引入批标准化防止神经网络训练过程中出现梯度消失问题;其次,为了防止隐私泄露,结合联邦学习的固有特性,允许数据留在本地用于神经网络模型的训练;为了解决联邦学习通信造成网络负载压力过大的问题,设计了一种通过设置动态通信阈值筛选参与更新最优边缘设备的方案以减轻网络负载压力。实验结果表明,该方法的准确率可以高达99.95%,单轮通信时间减少了1.7 s。

融合特征选择的随机森林DDoS攻击检测

现有基于机器学习的分布式拒绝服务(DDoS)攻击检测方法在面对愈发复杂的网络流量、不断升维的数据结构时,检测难度和成本不断上升。针对这些问题,提出一种融合特征选择的随机森林DDoS攻击检测方法。该方法选用基于基尼系数的平均不纯度算法作为特征选择算法,对DDoS异常流量样本进行降维,以降低训练成本、提高训练精度;同时将特征选择算法嵌入随机森林的单个基学习器,将特征子集搜索范围由全部特征缩小到单个基学习器对应特征,在提高两种算法耦合性的同时提高了模型精度。实验结果表明,融合特征选择的随机森林DDoS攻击检测方法训练所得到的模型,在限制决策树棵数和训练样本数量的前提下,召回率相较于改进前提升21.8个百分点,F1-score值提升12.0个百分点,均优于传统的随机森林检测方案。

SDN环境下DDoS攻击检测和缓解系统

分布式拒绝服务攻击(distributed denial of service,DDoS)是网络安全领域的一大威胁.作为新型网络架构,软件定义网络(software defined networking,SDN)的逻辑集中和可编程性为抵御DDoS攻击提供了新的思路.本文设计并实现了一个轻量级的SDN环境下的DDoS攻击检测和缓解系统.该系统使用熵值检测方法,并通过动态阈值进行异常判断.若异常,系统将使用更精确的决策树模型进行检测.最后,控制器通过计算流的包对称率确定攻击源,并下发阻塞流表项.实验结果表明,该系统能够及时响应DDoS攻击,具有较高的检测成功率,并能够有效遏制攻击.

基于网络安全芯片的DDoS攻击识别IP核设计

分布式拒绝攻击(distributed denial of service,DDoS)作为一种传统的网络攻击方式,依旧对网络安全存在着较大的威胁.本文研究基于高性能网络安全芯片SoC+IP的构建模式,针对网络层DDoS攻击,提出了一种从硬件层面实现的DDoS攻击识别方法.根据硬件协议栈设计原理,利用逻辑电路门处理网络数据包进行拆解分析,随后对拆解后的信息进行攻击判定,将认定为攻击的数据包信息记录在攻击池中,等待主机随时读取.并通过硬件逻辑电路实现了基于该方法的DDoS攻击识别IP核(intellectual property core),IP核采用AHB总线配置寄存器的方式进行控制.在基于SV/UVM的仿真验证平台进行综合和功能性测试.实验表明,IP核满足设计要求,可实时进行DDoS攻击识别检测,有效提高高性能网络安全芯片的安全防护功能.