Biblio

Recently, internet services have increased rapidly due to the Covid-19 epidemic. As a result, cloud computing applications, which serve end-users as subscriptions, are rising. Cloud computing provides various possibilities like cost savings, time and access to online resources via the internet for end-users. But as the number of cloud users increases, so does the potential for attacks. The availability and efficiency of cloud computing resources may be affected by a Distributed Denial of Service (DDoS) attack that could disrupt services' availability and processing power. DDoS attacks pose a serious threat to the integrity and confidentiality of computer networks and systems that remain important assets in the world today. Since there is no effective way to detect DDoS attacks, it is a reliable weapon for cyber attackers. However, the existing methods have limitations, such as relatively low accuracy detection and high false rate performance. To tackle these issues, this paper proposes a Deep Generative Radial Neural Network (DGRNN) with a sigmoid activation function and Mutual Information Gain based Feature Selection (MIGFS) techniques for detecting DDoS attacks for the cloud environment. Specifically, the proposed first pre-processing step uses data preparation using the (Network Security Lab) NSL-KDD dataset. The MIGFS algorithm detects the most efficient relevant features for DDoS attacks from the pre-processed dataset. The features are calculated by trust evaluation for detecting the attack based on relative features. After that, the proposed DGRNN algorithm is utilized for classification to detect DDoS attacks. The sigmoid activation function is to find accurate results for prediction in the cloud environment. So thus, the proposed experiment provides effective classification accuracy, performance, and time complexity.

Undoubtedly, technology has not only transformed our world of work and lifestyle, but it also carries with it a lot of security challenges. The Distributed Denial-of-Service (DDoS) attack is one of the most prominent attacks witnessed by cyberspace of the current era. This paper outlines several DDoS attacks, their mitigation stages, propagation of attacks, malicious codes, and finally provides redemptions of exhibiting normal and DDoS attacked scenarios. A case study of a SYN flooding attack has been exploited by using Metasploit. The utilization of CPU frame length and rate have been observed in normal and attacked phases. Preliminary results clearly show that in a normal scenario, CPU usage is about 20%. However, in attacked phases with the same CPU load, CPU execution overhead is nearly 90% or 100%. Thus, through this research, the major difference was found in CPU usage, frame length, and degree of data flow. Wireshark tool has been used for network traffic analyzer.

From the past few years, DDoS attack incidents are continuously rising across the world. DDoS attackers have also shifted their target towards cloud environments as majority of services have shifted their operations to cloud. Various authors proposed distinct solutions to minimize the DDoS attacks effects on victim services and co-located services in cloud environments. In this work, we propose an approach by utilizing incoming request separation at the container-level. In addition, we advocate to employ scale-inside out [10] approach for all the suspicious requests. In this manner, we achieve the request serving of all the authenticated benign requests even in the presence of an attack. We also improve the usages of scale-inside out approach by applying it to a container which is serving the suspicious requests in a separate container. The results of our proposed technique show a significant decrease in the response time of benign users during the DDoS attack as compared with existing solutions.

Distributed denial of service (DDoS) attack is a common way of network attack. It has the characteristics of wide distribution, low cost and difficult defense. The traditional algorithms of machine learning (ML) have such shortcomings as excessive systemic overhead and low accuracy in detection of DDoS. In this paper, a CGAN (conditional generative adversarial networks, conditional GAN) -based method is proposed to detect the attack of DDoS. On off-line training, five features are extracted in order to adapt the input of neural network. On the online recognition, CGAN model is adopted to recognize the packets of DDoS attack. The experimental results demonstrate that our proposed method obtains the better performance than the random forest-based method.

Software-defined network (SDN) is a network architecture that used to build, design the hardware components virtually. We can dynamically change the settings of network connections. In the traditional network, it's not possible to change dynamically, because it's a fixed connection. SDN is a good approach but still is vulnerable to DDoS attacks. The DDoS attack is menacing to the internet. To prevent the DDoS attack, the machine learning algorithm can be used. The DDoS attack is the multiple collaborated systems that are used to target the particular server at the same time. In SDN control layer is in the center that link with the application and infrastructure layer, where the devices in the infrastructure layer controlled by the software. In this paper, we propose a machine learning technique namely Decision Tree and Support Vector Machine (SVM) to detect malicious traffic. Our test outcome shows that the Decision Tree and Support Vector Machine (SVM) algorithm provides better accuracy and detection rate.

Content Delivery Networks(CDN) is a standout amongst the most encouraging innovations that upgrade performance for its clients' websites by diverting web demands from browsers to topographically dispersed CDN surrogate nodes. However, due to the variable nature of CDN, it suffers from various security and resource allocation issues. The most common attack which is used to bring down a whole network as well as CDN without even finding a loophole in the security is DDoS. In this proposal, we proposed a distributed virtual honeypot model for diminishing DDoS attacks and prevent intrusion in securing CDN. Honeypots are specially utilized to imitate the primary server with the goal that the attack is alleviated to the fake rather than the main server. Our proposed layer based model utilizes honeypot to be more effective reducing the cost of the system as well as maintaining the smooth delivery in geographically dispersed servers without performance degradation.

The Internet of Things (IoT) vulnerabilities provides an ideal target for botnets, making them a major contributor in the increased number of Distributed Denial of Service (DDoS) attacks. The increase in DDoS attacks has made it important to address the consequences it implies on the IoT industry being one of the major causes. The aim of this paper is to provide an analysis of the attempts to prevent DDoS attacks, mainly at a network level. The sensibility of these solutions is extracted from their impact in resolving IoT vulnerabilities. It is evident from this review that there is no perfect solution yet for IoT security, this field still has many opportunities for research and development.

Many IoT devices lack memory and computational complexities of modern computing devices, making them vulnerable to a wide range of cyber attacks. Among these, DDoS attacks are a growing concern in IoT. Such attacks are executed through the introduction of rogue devices and then using them and/or other compromised devices to facilitate DDoS attacks by generating relentless traffic. This paper aims to address DDoS security issues in IoT by proposing an integration of IoT devices with blockchain. This paper uses Ethereum, a blockchain variant, with smart contracts to replace the traditional centralized IoT infrastructure with a decentralized one. IoT devices are then required to access the network using smart contracts. The integration of IoT with Ethereum not only prevents rogue devices from gaining access to the server but also addresses DDoS attacks by using static resource allocation for devices.

This paper proposes a new adaptively distributed packet filtering mechanism to mitigate the DDoS attacks targeted at the victim's bandwidth. The mechanism employs IP traceback as a means of distinguishing attacks from legitimate traffic, and continuous action reinforcement learning automata, with an improved learning function, to compute effective filtering probabilities at filtering routers. The solution is evaluated through a number of experiments based on actual Internet data. The results show that the proposed solution achieves a high throughput of surviving legitimate traffic as a result of its high convergence speed, and can save the victim's bandwidth even in case of varying and intense attacks.

SDN provides a way to manage complex networks by introducing programmability and abstraction of the control plane. All networks suffer from attacks to critical infrastructure and services such as DDoS attacks. We make use of the programmability provided by the SDN environment to provide a game theoretic attack analysis and countermeasure selection model in this research work. The model is based on reward and punishment in a dynamic game with multiple players. The network bandwidth of attackers is downgraded for a certain period of time, and restored to normal when the player resumes cooperation. The presented solution is based on Nash Folk Theorem, which is used to implement a punishment mechanism for attackers who are part of DDoS traffic, and reward for players who cooperate, in effect enforcing desired outcome for the network administrator.

Recent architectures for the advanced metering infrastructure (AMI) have incorporated several back-end systems that handle billing and other smart grid control operations. The non-availability of metering data when needed or the untimely delivery of data needed for control operations will undermine the activities of these back-end systems. Unfortunately, there are concerns that cyber attacks such as distributed denial of service (DDoS) will manifest in magnitude and complexity in a smart grid AMI network. Such attacks will range from a delay in the availability of end user's metering data to complete denial in the case of a grounded network. This paper proposes a cloud-based (IaaS) firewall for the mitigation of DDoS attacks in a smart grid AMI network. The proposed firewall has the ability of not only mitigating the effects of DDoS attack but can prevent the attack before they are launched. Our proposed firewall system leverages on cloud computing technology which has an added advantage of reducing the burden of data computations and storage for smart grid AMI back-end systems. The openflow firewall proposed in this study is a better security solution with regards to the traditional on-premises DoS solutions which cannot cope with the wide range of new attacks targeting the smart grid AMI network infrastructure. Simulation results generated from the study show that our model can guarantee the availability of metering/control data and could be used to improve the QoS of the smart grid AMI network under a DDoS attack scenario.

Distributed Denial of Service (DDoS) attack is a congestion-based attack that makes both the network and host-based resources unavailable for legitimate users, sending flooding attack packets to the victim's resources. The non-existence of predefined rules to correctly identify the genuine network flow made the task of DDoS attack detection very difficult. In this paper, a combination of unsupervised data mining techniques as intrusion detection system are introduced. The entropy concept in term of windowing the incoming packets is applied with data mining technique using Clustering Using Representative (CURE) as cluster analysis to detect the DDoS attack in network flow. The data is mainly collected from DARPA2000, CAIDA2007 and CAIDA2008 datasets. The proposed approach has been evaluated and compared with several existing approaches in terms of accuracy, false alarm rate, detection rate, F. measure and Phi coefficient. Results indicates the superiority of the proposed approach with four out five detected phases, more than 99% accuracy rate 96.29% detection rate, around 0% false alarm rate 97.98% F-measure, and 97.98% Phi coefficient.

As today's networks become larger and more complex, the Distributed Denial of Service (DDoS) flooding attack threats may not only come from the outside of networks but also from inside, such as cloud computing network where exists multiple tenants possibly containing malicious tenants. So, the need of source-based defense mechanism against such attacks is pressing. In this paper, we mainly focus on the source-based defense mechanism against Botnet-based DDoS flooding attack through combining the power of Software-Defined Networking (SDN) and sample flow (sFlow) technology. Firstly, we defined a metric to measure the essential features of this kind attack which means distribution and collaboration. Then we designed a simple detection algorithm based on statistical inference model and response scheme through the abilities of SDN. Finally, we developed an application to realize our idea and also tested its effect on emulation network with real network traffic. The result shows that our mechanism could effectively detect DDoS flooding attack originated in SDN environment and identify attack flows for avoiding the harm of attack spreading to target or outside. We advocate the advantages of SDN in the area of defending DDoS attacks, because it is difficult and laborious to organize selfish and undisciplined traditional distributed network to confront well collaborative DDoS flooding attacks.