Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms
Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior the...
Gespeichert in:
Veröffentlicht in: | Computer networks (Amsterdam, Netherlands : 1999) Netherlands : 1999), 2021-02, Vol.186, p.107792, Article 107792 |
---|---|
Hauptverfasser: | , , , |
Format: | Artikel |
Sprache: | eng |
Schlagworte: | |
Online-Zugang: | Volltext |
Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
container_end_page | |
---|---|
container_issue | |
container_start_page | 107792 |
container_title | Computer networks (Amsterdam, Netherlands : 1999) |
container_volume | 186 |
creator | Rios, Vinícius de Miranda Inácio, Pedro R.M. Magoni, Damien Freire, Mário M. |
description | Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively. |
doi_str_mv | 10.1016/j.comnet.2020.107792 |
format | Article |
fullrecord | <record><control><sourceid>proquest_hal_p</sourceid><recordid>TN_cdi_hal_primary_oai_HAL_hal_03182934v1</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><els_id>S1389128620313633</els_id><sourcerecordid>2516871795</sourcerecordid><originalsourceid>FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</originalsourceid><addsrcrecordid>eNp9kLFOwzAQhiMEEqXwBgyWmBhSbMdJ7AUJUUqRKjEAs3HtS-uSxmA7ldqnJyGIkcnn03e_7r4kuSR4QjApbjYT7bYNxAnFtG-VpaBHyYjwkqYlLsRxV2dcpITy4jQ5C2GDMWaM8lHyPoUIOlrXIFchD6b9-aSuSr9aVdu4R9Ope0EqRqU_AmqDbVZo1h4Oe7RwK6uRagzaKr22DaAalG96QNUr521cb8N5clKpOsDF7ztO3mYPr_fzdPH8-HR_t0g1IyympiTAQCz50mBtjCAgVM6qPAcw1ZIttTB5QYQWBdYVx7rIqeBlRvOswowSmo2T6yF3rWr56e1W-b10ysr53UL2PZwRTkXGdqRjrwb207uvFkKUG9f6pltP0pwUvCSlyDuKDZT2LgQP1V8swbL3Ljdy8C5773Lw3o3dDmPQXbuz4GXQFhoNxvrOtDTO_h_wDY61jV4</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2516871795</pqid></control><display><type>article</type><title>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</title><source>Elsevier ScienceDirect Journals</source><creator>Rios, Vinícius de Miranda ; Inácio, Pedro R.M. ; Magoni, Damien ; Freire, Mário M.</creator><creatorcontrib>Rios, Vinícius de Miranda ; Inácio, Pedro R.M. ; Magoni, Damien ; Freire, Mário M.</creatorcontrib><description>Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.</description><identifier>ISSN: 1389-1286</identifier><identifier>EISSN: 1872-7069</identifier><identifier>DOI: 10.1016/j.comnet.2020.107792</identifier><language>eng</language><publisher>Amsterdam: Elsevier B.V</publisher><subject>Algorithms ; Artificial Intelligence ; Back propagation ; Back propagation networks ; Classification ; Communications traffic ; Computer Science ; Cryptography and Security ; Datasets ; DDoS attack ; Denial of service attacks ; Euclidean geometry ; Fuzzy logic ; Low level ; Low-rate DDoS attack ; Machine learning ; Machine learning algorithms ; Multilayers ; Networking and Internet Architecture ; Neural networks ; Reduction-of-Quality DDoS attack ; Security management ; Support vector machines</subject><ispartof>Computer networks (Amsterdam, Netherlands : 1999), 2021-02, Vol.186, p.107792, Article 107792</ispartof><rights>2021 Elsevier B.V.</rights><rights>Copyright Elsevier Sequoia S.A. Feb 26, 2021</rights><rights>Distributed under a Creative Commons Attribution 4.0 International License</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</citedby><cites>FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</cites><orcidid>0000-0001-7829-9805 ; 0000-0003-2578-1803 ; 0000-0001-8221-0666 ; 0000-0002-9017-5001</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktohtml>$$Uhttps://www.sciencedirect.com/science/article/pii/S1389128620313633$$EHTML$$P50$$Gelsevier$$H</linktohtml><link.rule.ids>230,314,776,780,881,3537,27903,27904,65309</link.rule.ids><backlink>$$Uhttps://hal.science/hal-03182934$$DView record in HAL$$Hfree_for_read</backlink></links><search><creatorcontrib>Rios, Vinícius de Miranda</creatorcontrib><creatorcontrib>Inácio, Pedro R.M.</creatorcontrib><creatorcontrib>Magoni, Damien</creatorcontrib><creatorcontrib>Freire, Mário M.</creatorcontrib><title>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</title><title>Computer networks (Amsterdam, Netherlands : 1999)</title><description>Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.</description><subject>Algorithms</subject><subject>Artificial Intelligence</subject><subject>Back propagation</subject><subject>Back propagation networks</subject><subject>Classification</subject><subject>Communications traffic</subject><subject>Computer Science</subject><subject>Cryptography and Security</subject><subject>Datasets</subject><subject>DDoS attack</subject><subject>Denial of service attacks</subject><subject>Euclidean geometry</subject><subject>Fuzzy logic</subject><subject>Low level</subject><subject>Low-rate DDoS attack</subject><subject>Machine learning</subject><subject>Machine learning algorithms</subject><subject>Multilayers</subject><subject>Networking and Internet Architecture</subject><subject>Neural networks</subject><subject>Reduction-of-Quality DDoS attack</subject><subject>Security management</subject><subject>Support vector machines</subject><issn>1389-1286</issn><issn>1872-7069</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2021</creationdate><recordtype>article</recordtype><recordid>eNp9kLFOwzAQhiMEEqXwBgyWmBhSbMdJ7AUJUUqRKjEAs3HtS-uSxmA7ldqnJyGIkcnn03e_7r4kuSR4QjApbjYT7bYNxAnFtG-VpaBHyYjwkqYlLsRxV2dcpITy4jQ5C2GDMWaM8lHyPoUIOlrXIFchD6b9-aSuSr9aVdu4R9Ope0EqRqU_AmqDbVZo1h4Oe7RwK6uRagzaKr22DaAalG96QNUr521cb8N5clKpOsDF7ztO3mYPr_fzdPH8-HR_t0g1IyympiTAQCz50mBtjCAgVM6qPAcw1ZIttTB5QYQWBdYVx7rIqeBlRvOswowSmo2T6yF3rWr56e1W-b10ysr53UL2PZwRTkXGdqRjrwb207uvFkKUG9f6pltP0pwUvCSlyDuKDZT2LgQP1V8swbL3Ljdy8C5773Lw3o3dDmPQXbuz4GXQFhoNxvrOtDTO_h_wDY61jV4</recordid><startdate>20210226</startdate><enddate>20210226</enddate><creator>Rios, Vinícius de Miranda</creator><creator>Inácio, Pedro R.M.</creator><creator>Magoni, Damien</creator><creator>Freire, Mário M.</creator><general>Elsevier B.V</general><general>Elsevier Sequoia S.A</general><general>Elsevier</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SC</scope><scope>8FD</scope><scope>E3H</scope><scope>F2A</scope><scope>JQ2</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>1XC</scope><scope>VOOES</scope><orcidid>https://orcid.org/0000-0001-7829-9805</orcidid><orcidid>https://orcid.org/0000-0003-2578-1803</orcidid><orcidid>https://orcid.org/0000-0001-8221-0666</orcidid><orcidid>https://orcid.org/0000-0002-9017-5001</orcidid></search><sort><creationdate>20210226</creationdate><title>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</title><author>Rios, Vinícius de Miranda ; Inácio, Pedro R.M. ; Magoni, Damien ; Freire, Mário M.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c414t-d71e4e9b8bd0cdd91e9a54f55eedfb4bc9d5619c960cf80c6529873253f042123</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2021</creationdate><topic>Algorithms</topic><topic>Artificial Intelligence</topic><topic>Back propagation</topic><topic>Back propagation networks</topic><topic>Classification</topic><topic>Communications traffic</topic><topic>Computer Science</topic><topic>Cryptography and Security</topic><topic>Datasets</topic><topic>DDoS attack</topic><topic>Denial of service attacks</topic><topic>Euclidean geometry</topic><topic>Fuzzy logic</topic><topic>Low level</topic><topic>Low-rate DDoS attack</topic><topic>Machine learning</topic><topic>Machine learning algorithms</topic><topic>Multilayers</topic><topic>Networking and Internet Architecture</topic><topic>Neural networks</topic><topic>Reduction-of-Quality DDoS attack</topic><topic>Security management</topic><topic>Support vector machines</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Rios, Vinícius de Miranda</creatorcontrib><creatorcontrib>Inácio, Pedro R.M.</creatorcontrib><creatorcontrib>Magoni, Damien</creatorcontrib><creatorcontrib>Freire, Mário M.</creatorcontrib><collection>CrossRef</collection><collection>Computer and Information Systems Abstracts</collection><collection>Technology Research Database</collection><collection>Library & Information Sciences Abstracts (LISA)</collection><collection>Library & Information Science Abstracts (LISA)</collection><collection>ProQuest Computer Science Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>Hyper Article en Ligne (HAL)</collection><collection>Hyper Article en Ligne (HAL) (Open Access)</collection><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Rios, Vinícius de Miranda</au><au>Inácio, Pedro R.M.</au><au>Magoni, Damien</au><au>Freire, Mário M.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms</atitle><jtitle>Computer networks (Amsterdam, Netherlands : 1999)</jtitle><date>2021-02-26</date><risdate>2021</risdate><volume>186</volume><spage>107792</spage><pages>107792-</pages><artnum>107792</artnum><issn>1389-1286</issn><eissn>1872-7069</eissn><abstract>Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behavior therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called low-rate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87 ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11’46” and 46’48” to classify the emulated and real traffic datasets, respectively.</abstract><cop>Amsterdam</cop><pub>Elsevier B.V</pub><doi>10.1016/j.comnet.2020.107792</doi><orcidid>https://orcid.org/0000-0001-7829-9805</orcidid><orcidid>https://orcid.org/0000-0003-2578-1803</orcidid><orcidid>https://orcid.org/0000-0001-8221-0666</orcidid><orcidid>https://orcid.org/0000-0002-9017-5001</orcidid><oa>free_for_read</oa></addata></record> |
fulltext | fulltext |
identifier | ISSN: 1389-1286 |
ispartof | Computer networks (Amsterdam, Netherlands : 1999), 2021-02, Vol.186, p.107792, Article 107792 |
issn | 1389-1286 1872-7069 |
language | eng |
recordid | cdi_hal_primary_oai_HAL_hal_03182934v1 |
source | Elsevier ScienceDirect Journals |
subjects | Algorithms Artificial Intelligence Back propagation Back propagation networks Classification Communications traffic Computer Science Cryptography and Security Datasets DDoS attack Denial of service attacks Euclidean geometry Fuzzy logic Low level Low-rate DDoS attack Machine learning Machine learning algorithms Multilayers Networking and Internet Architecture Neural networks Reduction-of-Quality DDoS attack Security management Support vector machines |
title | Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms |
url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-28T00%3A28%3A04IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_hal_p&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Detection%20of%20reduction-of-quality%20DDoS%20attacks%20using%20Fuzzy%20Logic%20and%20machine%20learning%20algorithms&rft.jtitle=Computer%20networks%20(Amsterdam,%20Netherlands%20:%201999)&rft.au=Rios,%20Vin%C3%ADcius%20de%20Miranda&rft.date=2021-02-26&rft.volume=186&rft.spage=107792&rft.pages=107792-&rft.artnum=107792&rft.issn=1389-1286&rft.eissn=1872-7069&rft_id=info:doi/10.1016/j.comnet.2020.107792&rft_dat=%3Cproquest_hal_p%3E2516871795%3C/proquest_hal_p%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2516871795&rft_id=info:pmid/&rft_els_id=S1389128620313633&rfr_iscdi=true |