Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms - Archive ouverte HAL Accéder directement au contenu
Article Dans Une Revue Computer Networks Année : 2021

Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms

Résumé

Distributed Denial of Service (DDoS) attacks are still among the most dangerous attacks on the Internet. With the advance of methods for detecting and mitigating these attacks, crackers have improved their skills in creating new DDoS attack types with the aim of mimicking normal traffic behaviour therefore becoming silently powerful. Among these advanced DDoS attack types, the so-called lowrate DoS attacks aim at keeping a low level of network traffic. In this paper, we study one of these techniques, called Reduction of Quality (RoQ) attack. To investigate the detection of this type of attack, we evaluate and compare the use of four machine learning algorithms: Multi-Layer Perceptron (MLP) neural network with backpropagation, K-Nearest Neighbors (K-NN), Support Vector Machine (SVM) and Multinomial Naive Bayes (MNB). We also propose an approach for detecting this kind of attack based on three methods: Fuzzy Logic (FL), MLP and Euclidean Distance (ED). We evaluate and compare the approach based on FL, MLP and ED to the above machine learning algorithms using both emulated and real traffic traces. We show that among the four Machine Learning algorithms, the best classification results are obtained with MLP, which, for emulated traffic, leads to a F1-score of 98.04% for attack traffic and 99.30% for legitimate traffic, while, for real traffic, it leads to a F1-score of 99.87% for attack traffic and 99.95% for legitimate traffic. Regarding the approach using FL, MLP and EC, for classification of emulated traffic, we obtained a F1-score of 98.80% for attack traffic and 99.60% for legitimate traffic, while, for real traffic, we obtained a F1-score of 100% for attack traffic and 100% for legitimate traffic. However, the better performance of the approach based on FL, MLP and ED is obtained at the cost of larger execution time, since MLP required 0.74 ms and 0.87ms for classification of the emulated and real traffic datasets, respectively, where as the approach using FL, MLP and ED required 11'46" and 46'48" to classify the emulated and real traffic datasets, respectively.

Domaines

Réseaux et télécommunications [cs.NI] Cryptographie et sécurité [cs.CR] Intelligence artificielle [cs.AI]
Fichier principal
Vignette du fichier
rios-cn2021.pdf (2.08 Mo) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)

Damien Magoni  : Connectez-vous pour contacter le contributeur

https://hal.science/hal-03182934

Soumis le : vendredi 26 mars 2021-17:50:31

Dernière modification le : vendredi 24 mars 2023-14:53:21

Archivage à long terme le : dimanche 27 juin 2021-19:10:58

Télécharger pour visualiser

Dates et versions

hal-03182934 , version 1 (26-03-2021)

Identifiants

Citer

Vinícius de Miranda Rios, Pedro R.M. Inácio, Damien Magoni, Mário M Freire. Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms. Computer Networks, 2021, 186, pp.107792. ⟨10.1016/j.comnet.2020.107792⟩. ⟨hal-03182934⟩

Exporter

BibTeX XML-TEI Dublin Core DC Terms EndNote DataCite

Collections

CNRS
113 Consultations
773 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More