Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method

Detection and mitigation of DDoS attacks based on multi-dimensional characteristics in SDN

Due to the large computational overhead, underutilization of features, and high bandwidth consumption in traditional SDN environments for DDoS attack detection and mitigation methods, this paper proposes a two-stage detection and mitigation method for DDoS attacks in SDN based on multi-dimensional characteristics. Firstly, an analysis of the traffic statistics from the SDN switch ports is performed, which aids in conducting a coarse-grained detection of DDoS attacks within the network. Subsequently, a Multi-Dimensional Deep Convolutional Classifier (MDDCC) is constructed using wavelet decomposition and convolutional neural networks to extract multi-dimensional characteristics from the traffic data passing through suspicious switches. Based on these extracted multi-dimensional characteristics, a simple classifier can be employed to accurately detect attack samples. Finally, by integrating graph theory with restrictive strategies, the source of attacks in SDN networks can be effectively traced and isolated. The experimental results indicate that the proposed method, which utilizes a minimal amount of statistical information, can quickly and accurately detect attacks within the SDN network. It demonstrates superior accuracy and generalization capabilities compared to traditional detection methods, especially when tested on both simulated and public datasets. Furthermore, by isolating the affected nodes, the method effectively mitigates the impact of the attacks, ensuring the normal transmission of legitimate traffic during network attacks. This approach not only enhances the detection capabilities but also provides a robust mechanism for containing the spread of cyber threats, thereby safeguarding the integrity and performance of the network.

Slide-block: End-to-end amplified security to improve DevOps resilience through pattern-based authentication

DevOps represents the fusion of cultural philosophies, tools, and practices that rapidly enhance an organization's capacity to deploy services and applications. Cloud-based tools, a subset of DevOps services, facilitate collaboration between development and operations teams within an organization. However, persistent challenges such as inadequate security management, substantial leakage of sensitive data, and system/service unavailability pose significant threats to sustainability. We propose an end-to-end enhanced security framework to fortify DevOps resilience by implementing authentication and vulnerability management through the Slide-Block methodology. Our approach comprises four sequential processes: pattern-based authentication, tri-level access control, privacy-focused data storage, and vulnerability management and correction. Initially, we establish candidate legitimacy through pattern-based authentication using the Magnificent Chacha-Poly 1305 algorithm. Subsequently, we devise effective access policies using the Enhanced Deep Deterministic Policy Gradient (EDDPG) algorithm, employing tri-level access control based on trust value, attributes, and roles for optimal user and developer selection via the African Vulture Optimization Algorithm (AVOA). Moreover, we encrypt data in transit and at rest using Mcha-Poly 1305, considering sensitivity, and store it in a blockchain to enhance data privacy. Our approach incorporates a sliding window blockchain for secure data transmission and storage. Finally, we identify and address attack and application-based issues using the Tweak Naive Bayes (Tweak-NB) algorithm and Intruder Vulnerability Scanner (IVS). Our Slide-Block framework demonstrates superior performance in detection rate, authentication time, packet loss, security strengthening, communication overhead, and latency compared to existing models.

A DDoS Detection Method Based on Feature Engineering and Machine Learning in Software-Defined Networks

Distributed denial-of-service (DDoS) attacks pose a significant cybersecurity threat to software-defined networks (SDNs). This paper proposes a feature-engineering- and machine-learning-based approach to detect DDoS attacks in SDNs. First, the CSE-CIC-IDS2018 dataset was cleaned and normalized, and the optimal feature subset was found using an improved binary grey wolf optimization algorithm. Next, the optimal feature subset was trained and tested in Random Forest (RF), Support Vector Machine (SVM), K-Nearest Neighbor (k-NN), Decision Tree, and XGBoost machine learning algorithms, from which the best classifier was selected for DDoS attack detection and deployed in the SDN controller. The results show that RF performs best when compared across several performance metrics (e.g., accuracy, precision, recall, F1 and AUC values). We also explore the comparison between different models and algorithms. The results show that our proposed method performed the best and can effectively detect and identify DDoS attacks in SDNs, providing a new idea and solution for the security of SDNs.

An Intelligent Agent-Based Detection System for DDoS Attacks Using Automatic Feature Extraction and Selection

Distributed Denial of Service (DDoS) attacks, advanced persistent threats, and malware actively compromise the availability and security of Internet services. Thus, this paper proposes an intelligent agent system for detecting DDoS attacks using automatic feature extraction and selection. We used dataset CICDDoS2019, a custom-generated dataset, in our experiment, and the system achieved a 99.7% improvement over state-of-the-art machine learning-based DDoS attack detection techniques. We also designed an agent-based mechanism that combines machine learning techniques and sequential feature selection in this system. The system learning phase selected the best features and reconstructed the DDoS detector agent when the system dynamically detected DDoS attack traffic. By utilizing the most recent CICDDoS2019 custom-generated dataset and automatic feature extraction and selection, our proposed method meets the current, most advanced detection accuracy while delivering faster processing than the current standard.

Machine Learning to Predict the Adsorption Capacity of Microplastics

Nowadays, there is an extensive production and use of plastic materials for different industrial activities. These plastics, either from their primary production sources or through their own degradation processes, can contaminate ecosystems with micro- and nanoplastics. Once in the aquatic environment, these microplastics can be the basis for the adsorption of chemical pollutants, favoring that these chemical pollutants disperse more quickly in the environment and can affect living beings. Due to the lack of information on adsorption, three machine learning models (random forest, support vector machine, and artificial neural network) were developed to predict different microplastic/water partition coefficients (log K_d) using two different approximations (based on the number of input variables). The best-selected machine learning models present, in general, correlation coefficients above 0.92 in the query phase, which indicates that these types of models could be used for the rapid estimation of the absorption of organic contaminants on microplastics.

Novel deep learning approach for DDoS attack using elephant heard optimization algorithm along with a fuzzy classifier for rules learning

The research aims to provide network security so that it can be protected from several attacks, especially DoS (Denial-of-Service) or DDoS (Distributed Denial-of-Service) attacks that could at some point render the server inoperable. Security is one of the main obstacles. There are a lot of network risks and attacks available today. One of the most common and disruptive attacks is a DDoS attack. In this study, upgraded deep learning Elephant Herd Optimization with random forest classifier is employed for early DDos attack detection. The DDoS dataset’s number of characteristics is decreased by the proposed IDN-EHO method for classifying data learning that works with a lot of data. In the feature extraction stage, deep neural networks (DNN) approach is used, and the classified data packages are compared to return the DDoS attack traffic characteristics with a significant percentage. In the classification stage, the proposed deep learning Elephant Herd Optimization with random forest classifier used to classify the data learning which deal with a huge amount of data and minimise the number of features of the DDoS dataset. During the detection step, when the extracted features are used as input features, the attack detection model is trained using the improved deep learning Elephant Herd Optimization. The proposed framework has the potential to be a promising method for identifying unidentified DDoS attacks, according to experiments. 99% recall, precision, and accuracy can be attained using the suggested strategy, according on the findings of the experiments.

Optimization Enabled Deep Learning-Based DDoS Attack Detection in Cloud Computing

Cloud computing is a vast revolution in information technology (IT) that inhibits scalable and virtualized sources to end users with low infrastructure cost and maintenance. They also have much flexibility and these resources are supervised by various management organizations and provided over the Internet by known standards, formats, and networking protocols. Legacy protocols and underlying technologies consist of vulnerabilities and bugs which open doors for intrusion by network attackers. Attacks as distributed denial of service (DDoS) are one of most frequent attacks, which impose heavy damage and affect performance of the cloud. In this research work, DDoS attack detection is easily identified in an optimized way through a novel algorithm, namely, the proposed gradient hybrid leader optimization (GHLBO) algorithm. This optimized algorithm is responsible to train a deep stacked autoencoder (DSA) that detects the attack in an efficient manner. Here, fusion of features is carried out by deep maxout network (DMN) with an overlap coefficient, and augmentation of data is carried out by the oversampling process. Furthermore, the proposed GHLBO is generated by integrating the gradient descent and hybrid leader-based optimization (HLBO) algorithm. Also, this proposed method is assessed by various performance metrics, such as the true positive rate (TPR), true negative rate (TNR), and testing accuracy with values attained as 0.909, 0.909, and 0.917, accordingly.

Determination of Air Traffic Complexity Most Influential Parameters Based on Machine Learning Models

Today, aircraft demand is exceeding the capacity of the Air Traffic Control (ATC) system. As a result, airspace is becoming a very complex environment to control. The complexity of airspace is thus closely related to the workload of controllers and is a topic of great interest. The major concern is that variables that are related to complexity are currently recognised, but there is still a debate about how to define complexity. This paper attempts to define which variables determine airspace complexity. To do so, a novel methodology based on the use of machine learning models is used. In this way, it tries to overcome one of the main disadvantages of the current complexity models: the subjectivity of the models based on expert opinion. This study has determined that the main indicator that defines complexity is the number of aircraft in the sector, together with the occupancy of the traffic flows and the vertical distribution of aircraft. This research can help numerous studies on both air traffic complexity assessment and Air Traffic Controller (ATCO) workload studies. This model can also help to study the behaviour of air traffic and to verify that there is symmetry in structure and the origin of the complexity in the different ATC sectors. This would have a great benefit on ATM, as it would allow progress to be made in solving the existing capacity problem.

Toward Efficient Intrusion Detection System Using Hybrid Deep Learning Approach

The increased adoption of cloud computing resources produces major loopholes in cloud computing for cybersecurity attacks. An intrusion detection system (IDS) is one of the vital defenses against threats and attacks to cloud computing. Current IDSs encounter two challenges, namely, low accuracy and a high false alarm rate. Due to these challenges, additional efforts are required by network experts to respond to abnormal traffic alerts. To improve IDS efficiency in detecting abnormal network traffic, this work develops an IDS using a recurrent neural network based on gated recurrent units (GRUs) and improved long short-term memory (LSTM) through a computing unit to form Cu-LSTMGRU. The proposed system efficiently classifies the network flow instances as benign or malevolent. This system is examined using the most up-to-date dataset CICIDS2018. To further optimize computational complexity, the dataset is optimized through the Pearson correlation feature selection algorithm. The proposed model is evaluated using several metrics. The results show that the proposed model remarkably outperforms benchmarks by up to 12.045%. Therefore, the Cu-LSTMGRU model provides a high level of symmetry between cloud computing security and the detection of intrusions and malicious attacks.