МОДЕЛИ ЭТАЛОНОВ ЛИНГВИСТИЧЕСКИХ ПЕРЕМЕННЫХ ДЛЯ СИСТЕМ ВЫЯВЛЕНИЯ АТАК

Предложена модель эталонов лингвистических переменных, которая ориентирована на построение систем выявления атак, основанных на идентификации аномального состояния в информационной системе. Для выявления DDoS-атак и спуфинга используются параметры: количество одновременных подключений к серверу, скорость обработки запросов от клиентов, задержка между запросами от одного пользователя, количество пакетов с одинаковым адресом отправителя и получателя. На основе данных проведенного эксперимента построены модели эталонов параметров с использованием базовых терм-множеств и нечетких чисел

Модели эталонов лингвистических переменных для систем выявления атак

Предложена модель эталонов лингвистических переменных, которая ориентирована на построение систем выявления атак, основанных на идентификации аномального состояния в информационной системе. Для выявления DDoS-атак и спуфинга используются параметры: количество одновременных подключений к серверу, скорость обработки запросов от клиентов, задержка между запросами от одного пользователя, количество пакетов с одинаковым адресом отправителя и получателя. На основе данных проведенного эксперимента построены модели эталонов параметров с использованием базовых терм-множеств и нечетких чисел

Shuffling Based Mechanism for DDoS Prevention on Cloud Environment

Cloud Computing has evolved as a new paradigm in which users can use on-demand services, according to their needs. However, security concerns are primary obstacles to a wider adoption of clouds. Newly born concepts that clouds introduced, such as multi-tenancy, resource sharing and outsourcing, create new challenges for the security research. DDoS (Distributed Denial of service) attack is the biggest threat to the cloud since it affects the availability of services. There are a lot of techniques proposed by various researchers to prevent DDoS attacks on a cloud infrastructure. We are using a Shuffling Based approach for preventing DDoS in the cloud environment. This approach is reactive and uses the resource elasticity of the cloud. The aim of this technique is to save the maximum number of benign clients from the attack through shuffling. For assignment of clients to the replica servers, we are using a greedy algorithm. Every time we call this algorithm, we estimate the number of malicious clients using a proposed random function for that round of shuffle. We have shown that we can save a desired percentage of benign clients from the ongoing attacks after some shuffles. To detect the attack on each server, a detector is deployed that uses an entropy-based approach for detecting DDoS. A significant deviation in entropy represents the DDoS attack. We have also performed some tests to select the suitable attributes for entropy-based DDoS detection in different type of DDoS attacks. So in our work we have worked on both detection and prevention of DDoS on cloud infrastructur

Detection and Classification of DDoS Flooding Attacks on Software-Defined Networks: A Case Study for the Application of Machine Learning

Software-defined networks (SDNs) offer robust network architectures for current and future Internet of Things (IoT) applications. At the same time, SDNs constitute an attractive target for cyber attackers due to their global network view and programmability. One of the major vulnerabilities of typical SDN architectures is their susceptibility to Distributed Denial of Service (DDoS) flooding attacks. DDoS flooding attacks can render SDN controllers unavailable to their underlying infrastructure, causing service disruption or a complete outage in many cases. In this paper, machine learning-based detection and classification of DDoS flooding attacks on SDNs is investigated using popular machine learning (ML) algorithms. The ML algorithms, classifiers and methods investigated are quadratic discriminant analysis (QDA), Gaussian Naïve Bayes (GNB), k -nearest neighbor (k-NN), and classification and regression tree (CART). The general principle is illustrated through a case study, in which, experimental data (i.e. jitter, throughput, and response time metrics) from a representative SDN architecture suitable for typical mid-sized enterprise-wide networks is used to build classification models that accurately identify and classify DDoS flooding attacks. The SDN model used was emulated in Mininet and the DDoS flooding attacks (i.e. hypertext transfer protocol (HTTP), transmission control protocol (TCP), and user datagram protocol (UDP) attacks) have been launched on the SDN model using low orbit ion cannon (LOIC). Although all the ML methods investigated show very good efficacy in detecting and classifying DDoS flooding attacks, CART demonstrated the best performance on average in terms of prediction accuracy (98%), prediction speed ( 5.3×105 observations per second), training time (12.4 ms), and robustness

Design and Analysis of Anomaly Detection and Mitigation Schemes for Distributed Denial of Service Attacks in Software Defined Network. An Investigation into the Security Vulnerabilities of Software Defined Network and the Design of Efficient Detection and Mitigation Techniques for DDoS Attack using Machine Learning Techniques

Software Defined Networks (SDN) has created great potential and hope to overcome the need for secure, reliable and well managed next generation networks to drive effective service delivery on the go and meet the demand for high data rate and seamless connectivity expected by users. Thus, it is a network technology that is set to enhance our day-to-day activities. As network usage and reliance on computer technology are increasing and popular, users with bad intentions exploit the inherent weakness of this technology to render targeted services unavailable to legitimate users. Among the security weaknesses of SDN is Distributed Denial of Service (DDoS) attacks. Even though DDoS attack strategy is known, the number of successful DDoS attacks launched has seen an increment at an alarming rate over the last decade. Existing detection mechanisms depend on signatures of known attacks which has not been successful in detecting unknown or different shades of DDoS attacks. Therefore, a novel detection mechanism that relies on deviation from confidence interval obtained from the normal distribution of throughput polled without attack from the server. Furthermore, sensitivity analysis to determine which of the network metrics (jitter, throughput and response time) is more sensitive to attack by introducing white Gaussian noise and evaluating the local sensitivity using feed-forward artificial neural network is evaluated. All metrics are sensitive in detecting DDoS attacks. However, jitter appears to be the most sensitive to attack. As a result, the developed framework provides an avenue to make the SDN technology more robust and secure to DDoS attacks

Інтелектуалізовані методи захисту інформації: нейронні мережі в захисті інформації

Навчальний посібник містить матеріали для самостійної роботи здобувачів ступеня бакалавр за освітньою програмою «Системне програмування та спеціалізовані комп’ютерні системи» спеціальності 123 «Комп’ютерна інженерія» при вивченні розділу «Застосування нейронних мереж в області захисту інформації» з дисципліни «Інтелектуалізовані методи захисту інформації». Також стане у нагоді розробникам програмного забезпечення, аспірантам та студентам технічних спеціальностей.The study guide contains materials for the independent work of bachelor's degree holders in the educational program "System programming and specialized computer systems" specialty 123 "Computer engineering" when studying the section "Application of neural networks in the field of information protection" from the discipline "Intellectualized methods of information protection". It will also be useful for software developers, graduate students and students of technical specialties

Design and Analysis of Anomaly Detection and Mitigation Schemes for Distributed Denial of Service Attacks in Software Defined Network. An Investigation into the Security Vulnerabilities of Software Defined Network and the Design of Efficient Detection and Mitigation Techniques for DDoS Attack using Machine Learning Techniques

Software Defined Networks (SDN) has created great potential and hope to overcome the need for secure, reliable and well managed next generation networks to drive effective service delivery on the go and meet the demand for high data rate and seamless connectivity expected by users. Thus, it is a network technology that is set to enhance our day-to-day activities. As network usage and reliance on computer technology are increasing and popular, users with bad intentions exploit the inherent weakness of this technology to render targeted services unavailable to legitimate users. Among the security weaknesses of SDN is Distributed Denial of Service (DDoS) attacks. Even though DDoS attack strategy is known, the number of successful DDoS attacks launched has seen an increment at an alarming rate over the last decade. Existing detection mechanisms depend on signatures of known attacks which has not been successful in detecting unknown or different shades of DDoS attacks. Therefore, a novel detection mechanism that relies on deviation from confidence interval obtained from the normal distribution of throughput polled without attack from the server. Furthermore, sensitivity analysis to determine which of the network metrics (jitter, throughput and response time) is more sensitive to attack by introducing white Gaussian noise and evaluating the local sensitivity using feed-forward artificial neural network is evaluated. All metrics are sensitive in detecting DDoS attacks. However, jitter appears to be the most sensitive to attack. As a result, the developed framework provides an avenue to make the SDN technology more robust and secure to DDoS attacks

Contribuciones para la Detección de Ataques Distribuidos de Denegación de Servicio (DDoS) en la Capa de Aplicación

Se analizaron seis aspectos sobre la detección de ataques DDoS: técnicas, variables, herramientas, ubicación de implementación, punto en el tiempo y precisión de detección. Este análisis permitió realizar una contribución útil al diseño de una estrategia adecuada para neutralizar estos ataques. En los últimos años, estos ataques se han dirigido hacia la capa de aplicación. Este fenómeno se debe principalmente a la gran cantidad de herramientas para la generación de este tipo de ataque. Por ello, además, en este trabajo se propone una alternativa de detección basada en el dinamismo del usuario web. Para esto, se evaluaron las características del dinamismo del usuario extraídas de las funciones del mouse y del teclado. Finalmente, el presente trabajo propone un enfoque de detección de bajo costo que consta de dos pasos: primero, las características del usuario se extraen en tiempo real mientras se navega por la aplicación web; en segundo lugar, cada característica extraída es utilizada por un algoritmo de orden (O1) para diferenciar a un usuario real de un ataque DDoS. Los resultados de las pruebas con las herramientas de ataque LOIC, OWASP y GoldenEye muestran que el método propuesto tiene una eficacia de detección del 100% y que las características del dinamismo del usuario de la web permiten diferenciar entre un usuario real y un robot