Detection and classification of DDoS flooding attacks by machine learning method

• URL: http://arxiv.org/abs/2412.18990v2
• Date: Thu, 02 Jan 2025 09:34:09 GMT
• Title: Detection and classification of DDoS flooding attacks by machine learning method
• Authors: Dmytro Tymoshchuk, Oleh Yasniy, Mykola Mytnyk, Nataliya Zagorodna, Vitaliy Tymoshchuk,
• Abstract summary: This study focuses on a method for detecting and classifying distributed denial of service (DDoS) attacks using neural networks. A dataset containing normal traffic and various DDoS attacks was used to train a neural network model with a 24-106-5 architecture. The model achieved high Accuracy (99.35%), Precision (99.32%), Recall (99.54%), and F-score (0.99) in the classification task.
• Score: 0.0
• License:
• Abstract: This study focuses on a method for detecting and classifying distributed denial of service (DDoS) attacks, such as SYN Flooding, ACK Flooding, HTTP Flooding, and UDP Flooding, using neural networks. Machine learning, particularly neural networks, is highly effective in detecting malicious traffic. A dataset containing normal traffic and various DDoS attacks was used to train a neural network model with a 24-106-5 architecture. The model achieved high Accuracy (99.35%), Precision (99.32%), Recall (99.54%), and F-score (0.99) in the classification task. All major attack types were correctly identified. The model was also further tested in the lab using virtual infrastructures to generate normal and DDoS traffic. The results showed that the model can accurately classify attacks under near-real-world conditions, demonstrating 95.05% accuracy and balanced F-score scores for all attack types. This confirms that neural networks are an effective tool for detecting DDoS attacks in modern information security systems.

Related papers

• Detecting Distributed Denial of Service Attacks Using Logistic Regression and SVM Methods [0.0]
  The goal of this paper is to detect DDoS attacks from all service requests and classify them according to DDoS classes. Two (2) different machine learning approaches, SVM and Logistic Regression, are implemented in the dataset for detecting and classifying DDoS attacks. Logistic Regression and SVM both achieve 98.65% classification accuracy which is the highest achieved accuracy among other previous experiments with the same dataset.
  arXiv  Detail & Related papers  (2024-11-21T13:15:26Z)
• UNIT: Backdoor Mitigation via Automated Neural Distribution Tightening [43.09750187130803]
  Deep neural networks (DNNs) have demonstrated effectiveness in various fields. DNNs are vulnerable to backdoor attacks, which inject a unique pattern, called trigger, into the input to cause misclassification to an attack-chosen target label. In this paper, we introduce a novel post-training defense technique that can effectively eliminate backdoor effects for a variety of attacks.
  arXiv  Detail & Related papers  (2024-07-16T04:33:05Z)
• An incremental hybrid adaptive network-based IDS in Software Defined Networks to detect stealth attacks [0.0]
  Advanced Persistent Threats (APTs) are a type of attack that implement a wide range of strategies to evade detection. Machine Learning (ML) techniques in Intrusion Detection Systems (IDSs) is widely used to detect such attacks but has a challenge when the data distribution changes. An incremental hybrid adaptive Network Intrusion Detection System (NIDS) is proposed to tackle the issue of concept drift in SDN.
  arXiv  Detail & Related papers  (2024-04-01T13:33:40Z)
• Predict And Prevent DDOS Attacks Using Machine Learning and Statistical Algorithms [0.0]
  This study uses several machine learning and statistical models to detect DDoS attacks from traces of traffic flow. The XGboost machine learning model provided the best detection accuracy of (99.9999%) after applying the SMOTE approach to the target class.
  arXiv  Detail & Related papers  (2023-08-30T00:03:32Z)
• Early Detection of Network Attacks Using Deep Learning [0.0]
  A network intrusion detection system (IDS) is a tool used for identifying unauthorized and malicious behavior by observing the network traffic. We propose an end-to-end early intrusion detection system to prevent network attacks before they could cause any more damage to the system under attack.
  arXiv  Detail & Related papers  (2022-01-27T16:35:37Z)
• TANTRA: Timing-Based Adversarial Network Traffic Reshaping Attack [46.79557381882643]
  We present TANTRA, a novel end-to-end Timing-based Adversarial Network Traffic Reshaping Attack. Our evasion attack utilizes a long short-term memory (LSTM) deep neural network (DNN) which is trained to learn the time differences between the target network's benign packets. TANTRA achieves an average success rate of 99.99% in network intrusion detection system evasion.
  arXiv  Detail & Related papers  (2021-03-10T19:03:38Z)
• How Robust are Randomized Smoothing based Defenses to Data Poisoning? [66.80663779176979]
  We present a previously unrecognized threat to robust machine learning models that highlights the importance of training-data quality. We propose a novel bilevel optimization-based data poisoning attack that degrades the robustness guarantees of certifiably robust classifiers. Our attack is effective even when the victim trains the models from scratch using state-of-the-art robust training methods.
  arXiv  Detail & Related papers  (2020-12-02T15:30:21Z)
• Witches' Brew: Industrial Scale Data Poisoning via Gradient Matching [56.280018325419896]
  Data Poisoning attacks modify training data to maliciously control a model trained on such data. We analyze a particularly malicious poisoning attack that is both "from scratch" and "clean label" We show that it is the first poisoning method to cause targeted misclassification in modern deep networks trained from scratch on a full-sized, poisoned ImageNet dataset.
  arXiv  Detail & Related papers  (2020-09-04T16:17:54Z)
• Cassandra: Detecting Trojaned Networks from Adversarial Perturbations [92.43879594465422]
  In many cases, pre-trained models are sourced from vendors who may have disrupted the training pipeline to insert Trojan behaviors into the models. We propose a method to verify if a pre-trained model is Trojaned or benign. Our method captures fingerprints of neural networks in the form of adversarial perturbations learned from the network gradients.
  arXiv  Detail & Related papers  (2020-07-28T19:00:40Z)
• Anomaly Detection-Based Unknown Face Presentation Attack Detection [74.4918294453537]
  Anomaly detection-based spoof attack detection is a recent development in face Presentation Attack Detection. In this paper, we present a deep-learning solution for anomaly detection-based spoof attack detection. The proposed approach benefits from the representation learning power of the CNNs and learns better features for fPAD task.
  arXiv  Detail & Related papers  (2020-07-11T21:20:55Z)
• Detecting Network Anomalies using Rule-based machine learning within SNMP-MIB dataset [0.5156484100374059]
  This paper developed a network traffic system that relies on adopted dataset to differentiate the DOS attacks from normal traffic. The detection model is built with five Rule-based machine learning classifiers (DecisionTable, JRip, OneR, PART and ZeroR)
  arXiv  Detail & Related papers  (2020-01-18T13:05:41Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.