Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior the...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2021-02, Vol.186, p.107792, Article 107792
Hauptverfasser: Rios, Vinícius de Miranda, Inácio, Pedro R.M., Magoni, Damien, Freire, Mário M.
Format: Artikel
Sprache:eng
Schlagworte:
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page
container_issue
container_start_page 107792
container_title Computer networks (Amsterdam, Netherlands : 1999)
container_volume 186
creator Rios, Vinícius de Miranda
Inácio, Pedro R.M.
Magoni, Damien
Freire, Mário M.
description Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.
doi_str_mv 10.1016/j.comnet.2020.107792
format Article
fullrecord <record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_03182934v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128620313633</els_id><sourcerecordid>2516871795</sourcerecordid><originalsourceid>FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</originalsourceid><addsrcrecordid>eNp9kLFOwzAQhiMEEqXwBgyWmBhSbMdJ7AUJUUqRKjEAs3HtS-uSxmA7ldqnJyGIkcnn03e_7r4kuSR4QjApbjYT7bYNxAnFtG-VpaBHyYjwkqYlLsRxV2dcpITy4jQ5C2GDMWaM8lHyPoUIOlrXIFchD6b9-aSuSr9aVdu4R9Ope0EqRqU_AmqDbVZo1h4Oe7RwK6uRagzaKr22DaAalG96QNUr521cb8N5clKpOsDF7ztO3mYPr_fzdPH8-HR_t0g1IyympiTAQCz50mBtjCAgVM6qPAcw1ZIttTB5QYQWBdYVx7rIqeBlRvOswowSmo2T6yF3rWr56e1W-b10ysr53UL2PZwRTkXGdqRjrwb207uvFkKUG9f6pltP0pwUvCSlyDuKDZT2LgQP1V8swbL3Ljdy8C5773Lw3o3dDmPQXbuz4GXQFhoNxvrOtDTO_h_wDY61jV4</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2516871795</pqid></control><display><type>article</type><title>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</title><source>Elsevier ScienceDirect Journals</source><creator>Rios, Vinícius de Miranda ; Inácio, Pedro R.M. ; Magoni, Damien ; Freire, Mário M.</creator><creatorcontrib>Rios, Vinícius de Miranda ; Inácio, Pedro R.M. ; Magoni, Damien ; Freire, Mário M.</creatorcontrib><description>Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2020.107792</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Algorithms ; Artificial Intelligence ; Back propagation ; Back propagation networks ; Classification ; Communications traffic ; Computer Science ; Cryptography and Security ; Datasets ; DDoS attack ; Denial of service attacks ; Euclidean geometry ; Fuzzy logic ; Low level ; Low-rate DDoS attack ; Machine learning ; Machine learning algorithms ; Multilayers ; Networking and Internet Architecture ; Neural networks ; Reduction-of-Quality DDoS attack ; Security management ; Support vector machines</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2021-02, Vol.186, p.107792, Article 107792</ispartof><rights>2021 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Feb 26, 2021</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</citedby><cites>FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</cites><orcidid>0000-0001-7829-9805 ; 0000-0003-2578-1803 ; 0000-0001-8221-0666 ; 0000-0002-9017-5001</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S1389128620313633$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,776,780,881,3537,27903,27904,65309</link.rule.ids><backlink>$$Uhttps://hal.science/hal-03182934$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Rios, Vinícius de Miranda</creatorcontrib><creatorcontrib>Inácio, Pedro R.M.</creatorcontrib><creatorcontrib>Magoni, Damien</creatorcontrib><creatorcontrib>Freire, Mário M.</creatorcontrib><title>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.</description><subject>Algorithms</subject><subject>Artificial Intelligence</subject><subject>Back propagation</subject><subject>Back propagation networks</subject><subject>Classification</subject><subject>Communications traffic</subject><subject>Computer Science</subject><subject>Cryptography and Security</subject><subject>Datasets</subject><subject>DDoS attack</subject><subject>Denial of service attacks</subject><subject>Euclidean geometry</subject><subject>Fuzzy logic</subject><subject>Low level</subject><subject>Low-rate DDoS attack</subject><subject>Machine learning</subject><subject>Machine learning algorithms</subject><subject>Multilayers</subject><subject>Networking and Internet Architecture</subject><subject>Neural networks</subject><subject>Reduction-of-Quality DDoS attack</subject><subject>Security management</subject><subject>Support vector machines</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><recordid>eNp9kLFOwzAQhiMEEqXwBgyWmBhSbMdJ7AUJUUqRKjEAs3HtS-uSxmA7ldqnJyGIkcnn03e_7r4kuSR4QjApbjYT7bYNxAnFtG-VpaBHyYjwkqYlLsRxV2dcpITy4jQ5C2GDMWaM8lHyPoUIOlrXIFchD6b9-aSuSr9aVdu4R9Ope0EqRqU_AmqDbVZo1h4Oe7RwK6uRagzaKr22DaAalG96QNUr521cb8N5clKpOsDF7ztO3mYPr_fzdPH8-HR_t0g1IyympiTAQCz50mBtjCAgVM6qPAcw1ZIttTB5QYQWBdYVx7rIqeBlRvOswowSmo2T6yF3rWr56e1W-b10ysr53UL2PZwRTkXGdqRjrwb207uvFkKUG9f6pltP0pwUvCSlyDuKDZT2LgQP1V8swbL3Ljdy8C5773Lw3o3dDmPQXbuz4GXQFhoNxvrOtDTO_h_wDY61jV4</recordid><startdate>20210226</startdate><enddate>20210226</enddate><creator>Rios, Vinícius de Miranda</creator><creator>Inácio, Pedro R.M.</creator><creator>Magoni, Damien</creator><creator>Freire, Mário M.</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0001-7829-9805</orcidid><orcidid>https://orcid.org/0000-0003-2578-1803</orcidid><orcidid>https://orcid.org/0000-0001-8221-0666</orcidid><orcidid>https://orcid.org/0000-0002-9017-5001</orcidid></search><sort><creationdate>20210226</creationdate><title>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</title><author>Rios, Vinícius de Miranda ; Inácio, Pedro R.M. ; Magoni, Damien ; Freire, Mário M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Artificial Intelligence</topic><topic>Back propagation</topic><topic>Back propagation networks</topic><topic>Classification</topic><topic>Communications traffic</topic><topic>Computer Science</topic><topic>Cryptography and Security</topic><topic>Datasets</topic><topic>DDoS attack</topic><topic>Denial of service attacks</topic><topic>Euclidean geometry</topic><topic>Fuzzy logic</topic><topic>Low level</topic><topic>Low-rate DDoS attack</topic><topic>Machine learning</topic><topic>Machine learning algorithms</topic><topic>Multilayers</topic><topic>Networking and Internet Architecture</topic><topic>Neural networks</topic><topic>Reduction-of-Quality DDoS attack</topic><topic>Security management</topic><topic>Support vector machines</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Rios, Vinícius de Miranda</creatorcontrib><creatorcontrib>Inácio, Pedro R.M.</creatorcontrib><creatorcontrib>Magoni, Damien</creatorcontrib><creatorcontrib>Freire, Mário M.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library &amp; Information Sciences Abstracts (LISA)</collection><collection>Library &amp; Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Rios, Vinícius de Miranda</au><au>Inácio, Pedro R.M.</au><au>Magoni, Damien</au><au>Freire, Mário M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2021-02-26</date><risdate>2021</risdate><volume>186</volume><spage>107792</spage><pages>107792-</pages><artnum>107792</artnum><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2020.107792</doi><orcidid>https://orcid.org/0000-0001-7829-9805</orcidid><orcidid>https://orcid.org/0000-0003-2578-1803</orcidid><orcidid>https://orcid.org/0000-0001-8221-0666</orcidid><orcidid>https://orcid.org/0000-0002-9017-5001</orcidid><oa>free_for_read</oa></addata></record>
fulltext fulltext
identifier ISSN: 1389-1286
ispartof Computer networks (Amsterdam, Netherlands : 1999), 2021-02, Vol.186, p.107792, Article 107792
issn 1389-1286
1872-7069
language eng
recordid cdi_hal_primary_oai_HAL_hal_03182934v1
source Elsevier ScienceDirect Journals
subjects Algorithms
Artificial Intelligence
Back propagation
Back propagation networks
Classification
Communications traffic
Computer Science
Cryptography and Security
Datasets
DDoS attack
Denial of service attacks
Euclidean geometry
Fuzzy logic
Low level
Low-rate DDoS attack
Machine learning
Machine learning algorithms
Multilayers
Networking and Internet Architecture
Neural networks
Reduction-of-Quality DDoS attack
Security management
Support vector machines
title Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T00%3A28%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Detection%20of%20reduction-of-quality%20DDoS%20attacks%20using%20Fuzzy%20Logic%20and%20machine%20learning%20algorithms&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Rios,%20Vin%C3%ADcius%20de%20Miranda&rft.date=2021-02-26&rft.volume=186&rft.spage=107792&rft.pages=107792-&rft.artnum=107792&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2020.107792&rft_dat=%3Cproquest_hal_p%3E2516871795%3C/proquest_hal_p%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2516871795&rft_id=info:pmid/&rft_els_id=S1389128620313633&rfr_iscdi=true