Implementation of a Clustering-Based LDDoS Detection Method

With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Veröffentlicht in:	Electronics (Basel) 2022-09, Vol.11 (18), p.2804
Hauptverfasser:	Hussain, Tariq, Saeed, Muhammad Irfan, Khan, Irfan Ullah, Aslam, Nida, Aljameel, Sumayh S.
Format:	Artikel
Sprache:	eng
Schlagworte:	Analysis Cluster analysis Clustering Communications traffic Cybercrime Cybersecurity Data encryption Data security Denial of service attacks Internet Linux Malware Methods Office automation Prevention Ransomware Topology Traffic control
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

container_end_page
container_issue	18
container_start_page	2804
container_title	Electronics (Basel)
container_volume	11
creator	Hussain, Tariq Saeed, Muhammad Irfan Khan, Irfan Ullah Aslam, Nida Aljameel, Sumayh S.
description	With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.
doi_str_mv	10.3390/electronics11182804
format	Article
fullrecord	<record><control><sourceid>gale_proqu</sourceid><recordid>TN_cdi_proquest_journals_2716521545</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><galeid>A745603339</galeid><sourcerecordid>A745603339</sourcerecordid><originalsourceid>FETCH-LOGICAL-c361t-eddc42e96d7df750ef65f8a386c2eb6cf97770f169583955e368128db0c6ed593</originalsourceid><addsrcrecordid>eNptkLtOAzEQRS0EElHIF9CsRL3Bj_VLVCHhESmIAqhXjj0OG23WwXYK_h5HoaBgppjR6N650kHomuApYxrfQg82xzB0NhFCFFW4OUMjiqWuNdX0_M9-iSYpbXEpTZhieITulrt9DzsYssldGKrgK1PN-0PKELthU9-bBK5aLRbhrVpALklH1Qvkz-Cu0IU3fYLJ7xyjj8eH9_lzvXp9Ws5nq9oyQXINztmGghZOOi85Bi-4V4YpYSmshfVaSok9EZorpjkHJhShyq2xFeC4ZmN0c_q7j-HrACm323CIQ4lsqSSCU8IbXlTTk2pjemi7wYccjS3tYNfZMIDvyn0mGy4wK-CKgZ0MNoaUIvh2H7udid8twe2RbPsPWfYDAFJtcw</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2716521545</pqid></control><display><type>article</type><title>Implementation of a Clustering-Based LDDoS Detection Method</title><source>Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals</source><source>MDPI - Multidisciplinary Digital Publishing Institute</source><creator>Hussain, Tariq ; Saeed, Muhammad Irfan ; Khan, Irfan Ullah ; Aslam, Nida ; Aljameel, Sumayh S.</creator><creatorcontrib>Hussain, Tariq ; Saeed, Muhammad Irfan ; Khan, Irfan Ullah ; Aslam, Nida ; Aljameel, Sumayh S.</creatorcontrib><description>With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.</description><identifier>ISSN: 2079-9292</identifier><identifier>EISSN: 2079-9292</identifier><identifier>DOI: 10.3390/electronics11182804</identifier><language>eng</language><publisher>Basel: MDPI AG</publisher><subject>Analysis ; Cluster analysis ; Clustering ; Communications traffic ; Cybercrime ; Cybersecurity ; Data encryption ; Data security ; Denial of service attacks ; Internet ; Linux ; Malware ; Methods ; Office automation ; Prevention ; Ransomware ; Topology ; Traffic control</subject><ispartof>Electronics (Basel), 2022-09, Vol.11 (18), p.2804</ispartof><rights>COPYRIGHT 2022 MDPI AG</rights><rights>2022 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). Notwithstanding the ProQuest Terms and Conditions, you may use this content in accordance with the terms of the License.</rights><lds50>peer_reviewed</lds50><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c361t-eddc42e96d7df750ef65f8a386c2eb6cf97770f169583955e368128db0c6ed593</citedby><cites>FETCH-LOGICAL-c361t-eddc42e96d7df750ef65f8a386c2eb6cf97770f169583955e368128db0c6ed593</cites><orcidid>0000-0003-1002-6178 ; 0000-0002-4761-0346 ; 0000-0002-1619-5733 ; 0000-0001-8246-4658</orcidid></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>314,777,781,27905,27906</link.rule.ids></links><search><creatorcontrib>Hussain, Tariq</creatorcontrib><creatorcontrib>Saeed, Muhammad Irfan</creatorcontrib><creatorcontrib>Khan, Irfan Ullah</creatorcontrib><creatorcontrib>Aslam, Nida</creatorcontrib><creatorcontrib>Aljameel, Sumayh S.</creatorcontrib><title>Implementation of a Clustering-Based LDDoS Detection Method</title><title>Electronics (Basel)</title><description>With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.</description><subject>Analysis</subject><subject>Cluster analysis</subject><subject>Clustering</subject><subject>Communications traffic</subject><subject>Cybercrime</subject><subject>Cybersecurity</subject><subject>Data encryption</subject><subject>Data security</subject><subject>Denial of service attacks</subject><subject>Internet</subject><subject>Linux</subject><subject>Malware</subject><subject>Methods</subject><subject>Office automation</subject><subject>Prevention</subject><subject>Ransomware</subject><subject>Topology</subject><subject>Traffic control</subject><issn>2079-9292</issn><issn>2079-9292</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2022</creationdate><recordtype>article</recordtype><sourceid>ABUWG</sourceid><sourceid>AFKRA</sourceid><sourceid>AZQEC</sourceid><sourceid>BENPR</sourceid><sourceid>CCPQU</sourceid><sourceid>DWQXO</sourceid><recordid>eNptkLtOAzEQRS0EElHIF9CsRL3Bj_VLVCHhESmIAqhXjj0OG23WwXYK_h5HoaBgppjR6N650kHomuApYxrfQg82xzB0NhFCFFW4OUMjiqWuNdX0_M9-iSYpbXEpTZhieITulrt9DzsYssldGKrgK1PN-0PKELthU9-bBK5aLRbhrVpALklH1Qvkz-Cu0IU3fYLJ7xyjj8eH9_lzvXp9Ws5nq9oyQXINztmGghZOOi85Bi-4V4YpYSmshfVaSok9EZorpjkHJhShyq2xFeC4ZmN0c_q7j-HrACm323CIQ4lsqSSCU8IbXlTTk2pjemi7wYccjS3tYNfZMIDvyn0mGy4wK-CKgZ0MNoaUIvh2H7udid8twe2RbPsPWfYDAFJtcw</recordid><startdate>20220901</startdate><enddate>20220901</enddate><creator>Hussain, Tariq</creator><creator>Saeed, Muhammad Irfan</creator><creator>Khan, Irfan Ullah</creator><creator>Aslam, Nida</creator><creator>Aljameel, Sumayh S.</creator><general>MDPI AG</general><scope>AAYXX</scope><scope>CITATION</scope><scope>7SP</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BGLVJ</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>HCIFZ</scope><scope>L7M</scope><scope>P5Z</scope><scope>P62</scope><scope>PIMPY</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>PRINS</scope><orcidid>https://orcid.org/0000-0003-1002-6178</orcidid><orcidid>https://orcid.org/0000-0002-4761-0346</orcidid><orcidid>https://orcid.org/0000-0002-1619-5733</orcidid><orcidid>https://orcid.org/0000-0001-8246-4658</orcidid></search><sort><creationdate>20220901</creationdate><title>Implementation of a Clustering-Based LDDoS Detection Method</title><author>Hussain, Tariq ; Saeed, Muhammad Irfan ; Khan, Irfan Ullah ; Aslam, Nida ; Aljameel, Sumayh S.</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c361t-eddc42e96d7df750ef65f8a386c2eb6cf97770f169583955e368128db0c6ed593</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2022</creationdate><topic>Analysis</topic><topic>Cluster analysis</topic><topic>Clustering</topic><topic>Communications traffic</topic><topic>Cybercrime</topic><topic>Cybersecurity</topic><topic>Data encryption</topic><topic>Data security</topic><topic>Denial of service attacks</topic><topic>Internet</topic><topic>Linux</topic><topic>Malware</topic><topic>Methods</topic><topic>Office automation</topic><topic>Prevention</topic><topic>Ransomware</topic><topic>Topology</topic><topic>Traffic control</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Hussain, Tariq</creatorcontrib><creatorcontrib>Saeed, Muhammad Irfan</creatorcontrib><creatorcontrib>Khan, Irfan Ullah</creatorcontrib><creatorcontrib>Aslam, Nida</creatorcontrib><creatorcontrib>Aljameel, Sumayh S.</creatorcontrib><collection>CrossRef</collection><collection>Electronics & Communications Abstracts</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Advanced Technologies & Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Technology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>SciTech Premium Collection</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Advanced Technologies & Aerospace Database</collection><collection>ProQuest Advanced Technologies & Aerospace Collection</collection><collection>Publicly Available Content Database</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central China</collection><jtitle>Electronics (Basel)</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Hussain, Tariq</au><au>Saeed, Muhammad Irfan</au><au>Khan, Irfan Ullah</au><au>Aslam, Nida</au><au>Aljameel, Sumayh S.</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Implementation of a Clustering-Based LDDoS Detection Method</atitle><jtitle>Electronics (Basel)</jtitle><date>2022-09-01</date><risdate>2022</risdate><volume>11</volume><issue>18</issue><spage>2804</spage><pages>2804-</pages><issn>2079-9292</issn><eissn>2079-9292</eissn><abstract>With the rapid advancement and transformation of technology, information and communication technologies (ICT), in particular, have attracted everyone’s attention. The attackers took advantage of this and can caused serious problems, such as malware attack, ransomware, SQL injection attack, etc. One of the dominant attacks, known as distributed denial-of-service (DDoS), has been observed as the main reason for information hacking. In this paper, we have proposed a secure technique, called the low-rate distributed denial-of-service (LDDoS) technique, to measure attack penetration and secure communication flow. A two-step clustering method was adopted, where the network traffic was controlled by using the characteristics of TCP traffic with discrete sense; then, the suspicious cluster with the abnormal analysis was detected. This method has proven to be reliable and efficient for LDDoS attacks detection, based on the NS-2 simulator, compared to the exponentially weighted moving average (EWMA) technique, which has comparatively very high false-positive rates. Analyzing abnormal test pieces helps us reduce the false positives. The proposed methodology was implemented using Python for scripting and NS-2 simulator for topology, two public trademark datasets, i.e., Web of Information for Development (WIDE) and Lawrence Berkley National Laboratory (LBNL), were selected for experiments. The experiments were analyzed, and the results evaluated using Wireshark. The proposed LDDoS approach achieved good results, compared to the previous techniques.</abstract><cop>Basel</cop><pub>MDPI AG</pub><doi>10.3390/electronics11182804</doi><orcidid>https://orcid.org/0000-0003-1002-6178</orcidid><orcidid>https://orcid.org/0000-0002-4761-0346</orcidid><orcidid>https://orcid.org/0000-0002-1619-5733</orcidid><orcidid>https://orcid.org/0000-0001-8246-4658</orcidid><oa>free_for_read</oa></addata></record>
fulltext	fulltext
identifier	ISSN: 2079-9292
ispartof	Electronics (Basel), 2022-09, Vol.11 (18), p.2804
issn	2079-9292 2079-9292
language	eng
recordid	cdi_proquest_journals_2716521545
source	Elektronische Zeitschriftenbibliothek - Frei zugängliche E-Journals; MDPI - Multidisciplinary Digital Publishing Institute
subjects	Analysis Cluster analysis Clustering Communications traffic Cybercrime Cybersecurity Data encryption Data security Denial of service attacks Internet Linux Malware Methods Office automation Prevention Ransomware Topology Traffic control
title	Implementation of a Clustering-Based LDDoS Detection Method
url	https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-18T13%3A06%3A49IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-gale_proqu&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Implementation%20of%20a%20Clustering-Based%20LDDoS%20Detection%20Method&rft.jtitle=Electronics%20(Basel)&rft.au=Hussain,%20Tariq&rft.date=2022-09-01&rft.volume=11&rft.issue=18&rft.spage=2804&rft.pages=2804-&rft.issn=2079-9292&rft.eissn=2079-9292&rft_id=info:doi/10.3390/electronics11182804&rft_dat=%3Cgale_proqu%3EA745603339%3C/gale_proqu%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2716521545&rft_id=info:pmid/&rft_galeid=A745603339&rfr_iscdi=true