Detection of DDoS Attack Using Optimized Machine Learning Technique

By Kalai Vani Y.S

Network   security   is   any   action   an   organization   takes   to   prevent malicious use or 
accidental damage to the network's private data, its users or their devices. The goal of network 
security is to keep the network running and safe for all legitimate users.
Security    incident    response    is    one   key   aspect    of    maintaining organizational  
security.  A  critical  task  during  security  incident  response  is detecting that an incident 
has occurred. Detection may occur through  reports from  end-users  and  other  stakeholders  in  
the  organization,  throughdetection analysis performed or it may be accomplished by using 
anintrusion detection system. Intrusion Detection (ID) is a challenging endeavor, requiring 
security practitioners to have a high level of security expertise and knowledge of their systems 
and organization
The demand for the ubiquitous personal communications is driving the development  of  new  
networking  techniques.  Information  security   has now become a very important aspect of data 
communication as people spend a large amount of time connected to a network. To improve the  
security of the data being  transmitted  various  techniques  are  employed.  This  chapter  
presents background,  problem  discussion,  research  challenges,  objectives  and  thesis
organization.
 

A  denial-of-service  attack  overwhelms  a  system's  resources  so  thatit
cannot respond to service requests. A DDoS attack is  also an attack on system's resources, but it 
is launched from a large number of other host machines that are  infected  by  malicious  software  
controlled  by  the  attacker.  There  are different types of DoS and DDoS attacks; the most common 
are TCP SYN flood attack, teardrop attack, smurf attack, ping-of-death attack and botnets.
 

• Language: English
• Publisher: MOHAMMED ABDUL SATTAR
• Release date: Aug 9, 2023
• ISBN: 9798223210108

Book preview

Detection of DDoS Attack Using Optimized Machine Learning Technique

Kalai Vani Y.S

TABLE OF CONTENTS

CHAPTER NO.

LIST OF TABLES LIST OF FIGURES LIST OF SYMBOLS

TITLE

PAGE NO.

iv v vii

LIST OF ABBREVIATIONS x

1.0  INTRODUCTION 1

1.1  Research Context 1

1.2  Cyber Threats 2

1.2.1  Denial of Service and Distributed Denial of

2

ServiceAttack

1.2.2  Man-In-the Middle Attack 2

1.2.3  Phishing and Spear Phishing Attack 2

1.2.4  Drive-by-Attack 2

1.2.5  Password Attack 3

1.2.6  SQL Injection Attack. 3

1.3  DISTRIBUTED DENIAL OF SERVICE ATTACK 3

1.3.1  Phases of DDoS Attack 4

1.3.1.1  Connection Consumption Based Attacks 4

1.3.1.2  Bandwidth Consumption Based Attacks 5

1.3.1.3  Vulnerability Exploitation Attacks 6

1.4  INTRUSION DETECTION SYSTEM 7

1.4.1  Host Based IDS (HIDS) 8

1.4.2  Network Based IDS (NIDS) 8

1.4.3  Challenges faced by IDS 9

1.5  NETWORK ANOMALY DETECTION

10

TECHNIQUE

1.5.1  Challenges of Anomaly Detection 11

1.5.2  Taxonomy of Network Anomaly Detection

12

Technique

2.1.4  Privacy Preserving and HDFS Based

25

DDOS AttackDetection System.

2.2  CLASSIFICATION BASED NETWORK

30

ANOMALY DETECTION

2.2.1  Support Vector Machine 30

2.2.2  Bayesian Network 31

2.2.3  Neural Network 31

2.2.4  Rule-Based 32

2.3  STATISTICAL BASED ANOMALY DETECTION 32

2.3.1  Mixture Model 33

2.3.2  Signal Processing Technique 33

2.3.3  Principal Component Analysis 33

2.4  CLUSTERING AND OUTLIER BASED

34

ANOMALYDETECTION

2.4.1  Regular Clustering 35

2.4.2  Co-Clustering 35

2.4.3  Information Theory Based 35

2.4.4  Correlation Analysis 35

2.5  PRIVACY PRESERVATION OF INTRUSION

35

DETECTION TECHNIQUE

2.5.1  Objectives of Cryptographic Algorithms 35

2.5.1.1  Confidentiality 36

2.5.1.2  Authentication 36

2.5.1.3  Integrity 37

2.5.1.4  Availability 37

2.5.1.5  Non-Repudiation 37

2.5.2  Types of Cryptographic Algorithm 37

2.5.2.1  Symmetric Algorithms 37

2.5.2.2  Asymmetric Algorithms 38

2.5.2.3  Hash Functions 39

2.6  RESEARCH GAP 39

2. 7 OBJECTIVES 40

3.0  MATERIALS AND METHODS 41

3.1  INTRUSION DETECTION SYSTEM MODEL 41

3.2  PROPOSED MODEL OF IDS FOR DDOS

43

ATTACKDETECTION

3.2.1  Training Phase 45

3.2.2  Preprocessing 46

3.3  CMFDA BASED WEIGHT OPTIMIZATION

47

FOR DLNN

3.4  DATA CONVERSION 48

3.5  MISSING VALUE REPLACEMENT 48

3.6  ELIMINATING ENTIRE ROWS 48

3.7  PREDICTING THE MISSING VALUES 49

3.8  ESTIMATING AND REPLACING MISSING

49

VALUES

3.9  DATA NORMALIZATION 50

3.10  CLASSIFICATION OF NORMAL AND

52

ATTACK DATAUSING ODLNN

3.10.1  Supervised Machine Learning 52

3.10.2  Unsupervised Machine Learning 52

3.10.3  Semi supervised Machine Learning 52

3.10.4  Reinforcement Learning 53

3.11  NEURAL NETWORK (NN) 53

3.11.1  Optimized Deep Learning Network 54

3.11.2  Weight optimization using CMDFA 57

3.11.3  Testing Phase 63

3.11.4  Encryption of normal data 63

3.11.5  Modified crow search algorithm 65

3.12  CRYPTOGRAPHIC ALGORITHMS 70

3.12.1  Principles of Public Key Cryptosystems 70

3.12.2  Elliptic Curve Cryptography 71

4.0 RESULTS 76

6.0 SUMMARY 102

7.0 CONCLUSION 104

8.0 FUTURE DIRECTIONS 106

9.0

REFERENCES

107

LIST OF TABLES

TABLE NO

TITLE

PAGE NO

2.1 Review using DDOS attack detection using machine 27

learning algorithms

4.1  Precision values for various number of nodes 80

4.2  Recall values obtained for various number of nodes 82

4.3  F-score values obtained for various number of nodes 83

4.4  Accuracy values obtained for varied number of nodes 85

4.5  Values obtained for the metric Encryption time (ms) 86

by the proposed and existing methods for varied Number of Nodes

4.6  Values obtained for the metric Decryption time (ms) 88

by the proposed and existing methods for variedNumber of Nodes

4.7  Memory Usage (kb) of encryption 89

4.8  Memory Usage (kb) of Decryption 91

4.9  FDR values attained by proposed and existing 92

methods

4.10  FNR attained by proposed and existing methods 94

4.11  TPR values attained by proposed and existing 96

methods

TNR values attained by proposed and existing 97

4.12  

Methods

LIST OF FIGURES

TABLE NO

TITLE

PAGE NO

1.1  SYN Flood Attack 5

1.2  Bandwidth consumption-based attack 6

1.3  Vulnerability exploitation by slow HTTP attack 7

1.4  Intrusion Detection System 8

1.5  

1.6  

Displays a generic framework for network 11

anomaly detection

Taxonomy of network anomaly detection 13

techniques

3.1  Proposed Model to detect the DDoS Attack 43

3.2  Representation of DFA 54

3.3  Representation of DLNN 58

4.1  Graphical representation of precision values 81

4.2  Graphical representation of recall values 83

4.3  Graphical representation of F-score values 84

4.4  Graphical representation of Accuracy values 85

4.5  Graphical representation of encryption time (ms) 87

4.6  Graphical representation of decryption time (ms) 89

4.7  Graphical Representation of memory used (kb) 90

by Encryption and Decryption.

4.8  Graphical Representation of FNR by proposed 92

and existing methods.

4.9  Graphical representation of FDR by proposed 93

and existing methods.

4.10  Graphical Representation of FNR by proposed 95

and existing methods.

4.11  Graphical Representation of TPR by the 96

proposed and existing methods.

4.12  Graphical Representation of TNR by the 98

proposed and existing methods.

LIST OF SYMBOLS

mx,n Memory of crow

f (.) Objective function

F Denote its algebraic closure

P ² (F ) Projective plane

E( p(s)) Encrypted plain text

T (e(s)) Time taken to encrypt each record

D(c(s)) Decrypted cipher text

T (d (s)) Time taken to decrypt each record

P1 , P2 Support vectors

C , D Integer elements

A String

LIST OF ABBREVATION

DoS Denial-of-Service

DAG  Directed Acyclic Graph DDOS  Distributed Denial of Service ECC  Elliptic Curve Cryptography

ECDLP Elliptic Curve Discrete Logarithm Problem FAR False Acceptance Rate

FARs False Alarm Rates

FNR False Negative Rate

FPR False Positive Rate

FRR False Rejection Rate

GSO- SVNN

Glowworm Swarm Optimization based Support Vector Neural Network

HCA  Heuristics Clustering Algorithm HBOS  Histogram Based Outlier Detection HIDS  Hybrid Intrusion Detection System

ISO International Organization for Standardization IOT Internet of Things

ID Intrusion Detection

IDS Intrusion Detection System