Review of Detection Denial of Service Attacks using Machine Learning through Ensemble Learning

Today's network hacking is more resource-intensive because the goal is to prohibit the user from using the network's resources when the target is either offensive or for financial gain, especially in businesses and organizations. That relies on the Internet like Amazon Due to this, several techniques, such as artificial intelligence algorithms like machine learning (ML) and deep learning (DL), have been developed to identify intrusion and network infiltration and discriminate between legitimate and unauthorized users. Application of machine learning and ensemble learning algorithms to various datasets, consideration of homogeneous ensembles using a single algorithm type or heterogeneous ensembles using several algorithm types, and evaluation of the discovery outcomes in terms of accuracy or discovery error for detecting attacks. The survey literature provides an overview of the many approaches and approaches of one or more machine-learning algorithms used in various datasets to identify denial of service attacks. It has also been shown that employing the hybrid approach is the most common and produces better attack detection outcomes than using the sole approaches. Numerous machine learning techniques, including support vector machines (SVM), K-Nearest Neighbors (KNN), and ensemble learning like random forest (RF), bagging, and boosting, are illustrated in this work (DT). That is employed in several articles to identify different denial of service (DoS) assaults, including the trojan horse, teardrop, land, smurf, flooding, and worm. That attacks network traffic and resources to deny users access to the resources or to steal confidential information from the company without damaging the system and employs several algorithms to obtain high attack detection accuracy and low false alarm rates

An SDN-based Approach For Defending Against Reflective DDoS Attacks

Distributed Reflective Denial of Service (DRDoS) attacks are an immanent threat to Internet services. The potential scale of such attacks became apparent in March 2018 when a memcached-based attack peaked at 1.7 Tbps. Novel services built upon UDP increase the need for automated mitigation mechanisms that react to attacks without prior knowledge of the actual application protocols used. With the flexibility that software-defined networks offer, we developed a new approach for defending against DRDoS attacks; it not only protects against arbitrary DRDoS attacks but is also transparent for the attack target and can be used without assistance of the target host operator. The approach provides a robust mitigation system which is protocol-agnostic and effective in the defense against DRDoS attacks

Automating Mitigation of Amplification Attacks in NFV Services

The combination of virtualization techniques with capillary computing and storage resources allows the instantiation of Virtual Network Functions throughout the network infrastructure, which brings more agility in the development and operation of network services. Beside forwarding and routing, this can be also used for additional functions, e.g., for security purposes. In this paper, we present a framework to systematically create security analytics for virtualized network services, specifically targeting the detection of cyber-attacks. Our framework largely automates the deployment of security sidecars into existing service templates and their interconnection to an external analytics platform. Notably, it leverages code augmentation techniques to dynamically inject and remove inspection probes without affecting service operation. We describe the implementation of a use case for the detection of DNS amplification attacks in virtualized 5G networks, and provide extensive evaluation of our innovative inspection and detection mechanisms. Our results demonstrate better efficiency with respect to existing network monitoring tools in terms of CPU usage, as well as good accuracy in detecting attacks even with variable traffic patterns

Fingerprinting Internet DNS Amplification DDoS Activities

This work proposes a novel approach to infer and characterize Internet-scale DNS amplification DDoS attacks by leveraging the darknet space. Complementary to the pioneer work on inferring Distributed Denial of Service (DDoS) activities using darknet, this work shows that we can extract DDoS activities without relying on backscattered analysis. The aim of this work is to extract cyber security intelligence related to DNS Amplification DDoS activities such as detection period, attack duration, intensity, packet size, rate and geo-location in addition to various network-layer and flow-based insights. To achieve this task, the proposed approach exploits certain DDoS parameters to detect the attacks. We empirically evaluate the proposed approach using 720 GB of real darknet data collected from a /13 address space during a recent three months period. Our analysis reveals that the approach was successful in inferring significant DNS amplification DDoS activities including the recent prominent attack that targeted one of the largest anti-spam organizations. Moreover, the analysis disclosed the mechanism of such DNS amplification DDoS attacks. Further, the results uncover high-speed and stealthy attempts that were never previously documented. The case study of the largest DDoS attack in history lead to a better understanding of the nature and scale of this threat and can generate inferences that could contribute in detecting, preventing, assessing, mitigating and even attributing of DNS amplification DDoS activities.Comment: 5 pages, 2 figure