Multi-layer Perceptron Model for Mitigating Distributed Denial of Service Flood Attack in Internet Kiosk Based Electronic Voting

Distributed Denial-of-Service (DDoS) flood attack targeting an Internet Kiosk voting environment can deprive voters from casting their ballots in a timely manner. The goal of the DDoS flood attack is to make voting server unavailable to voters during election process. In this paper, we present a Multilayer Perceptron (MLP) algorithm to mitigate DDoS flood attack in an e-voting environment and prevent such attack from disrupting availability of the vulnerable voting server. The developed intelligent DDoS flood mitigation model based on MLP Technique was simulated in MATLAB R2017a. The mitigation model was evaluated using server utilization performance metrics in e-voting. The results after the introduction of the developed mitigation model into the DDoS attack model reduced the server utilization from 1 to 0.4 indicating normal traffic. MLP showed an accuracy of 95% in mitigating DDoS flood attacks providing availability of voting server resources for convenient and timely casting of ballots as well as provide for credible delivery of electronic democratic decision making

Enhanced detection algorithms to detect http ddos

A web application utilizes Hypertext Transfer Protocol (HTTP) to surf client requests. This protocol is used widely, especially in business areas such as in online transactions and websites, including in government websites. A client delivers information to a server carried by a client web browser. An HTTP distributed denial of service (DDoS) attack occurs when the attacker is able to mimic client information, which makes a DDoS attack at the application layer difficult to distinguish as the traffic pattern is similar to a genuine request. Furthermore, it is not compulsory for the client to present the GET headers component to a web server during the GET request transaction. Existing detection of HTTP DDoS attacks still faces challenges in differentiating between authentic and bogus GET requests in real time. In this paper, a fast algorithm (FARGO) method to detect HTTP DDoS attacks is introduced. FARGO consists of three detection algorithms to recognize HTTP DDoS categories as request flooding attacks. The assessment of the proposed detection system was conducted in real experimental conditions with real attack scripts. The proposed detection method provided expected outcomes with improvements of 11.30% for true positive rates and 8.9% for false-positive rates

An adaptive protection of flooding attacks model for complex network environments

Currently, online organizational resources and assets are potential targets of several types of attack, the most common being flooding attacks. We consider the Distributed Denial of Service (DDoS) as the most dangerous type of flooding attack that could target those resources. The DDoS attack consumes network available resources such as bandwidth, processing power, and memory, thereby limiting or withholding accessibility to users. The Flash Crowd (FC) is quite similar to the DDoS attack whereby many legitimate users concurrently access a particular service, the number of which results in the denial of service. Researchers have proposed many different models to eliminate the risk of DDoS attacks, but only few efforts have been made to differentiate it from FC flooding as FC flooding also causes the denial of service and usually misleads the detection of the DDoS attacks. In this paper, an adaptive agent-based model, known as an Adaptive Protection of Flooding Attacks (APFA) model, is proposed to protect the Network Application Layer (NAL) against DDoS flooding attacks and FC flooding traffics. The APFA model, with the aid of an adaptive analyst agent, distinguishes between DDoS and FC abnormal traffics. It then separates DDoS botnet from Demons and Zombies to apply suitable attack handling methodology. There are three parameters on which the agent relies, normal traffic intensity, traffic attack behavior, and IP address history log, to decide on the operation of two traffic filters. We test and evaluate the APFA model via a simulation system using CIDDS as a standard dataset. The model successfully adapts to the simulated attack scenarios' changes and determines 303,024 request conditions for the tested 135,583 IP addresses. It achieves an accuracy of 0.9964, a precision of 0.9962, and a sensitivity of 0.9996, and outperforms three tested similar models. In addition, the APFA model contributes to identifying and handling the actual trigger of DDoS attack and differentiates it from FC flooding, which is rarely implemented in one model