Relevant bibliographies by topics / DDoS attack detection

Contents

  1. Journal articles
  2. Dissertations / Theses
  3. Books
  4. Book chapters
  5. Conference papers

Academic literature on the topic 'DDoS attack detection'

Author: Grafiati
Published: 4 June 2025
Last updated: 15 July 2025

Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles

Select a source type:

Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'DDoS attack detection.'

Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.

You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.

Journal articles on the topic "DDoS attack detection"

1

Aladaileh, Mohammad Adnan, Mohammed Anbar, Ahmed J. Hintaw, et al. "Effectiveness of an Entropy-Based Approach for Detecting Low- and High-Rate DDoS Attacks against the SDN Controller: Experimental Analysis." Applied Sciences 13, no. 2 (2023): 775. http://dx.doi.org/10.3390/app13020775.

Full text
Abstract:
Software-defined networking (SDN) is a unique network architecture isolating the network control plane from the data plane, offering programmable elastic features that allow network operators to monitor their networks and efficiently manage them. However, the new technology is security deficient. A DDoS attack is one of the common attacks that threaten SDN controllers, leading to the degradation or even collapse of the entire SDN network. Entropy-based approaches and their variants are considered the most efficient approaches to detecting DDoS attacks on SDN controllers. Therefore, this work analyzes the feasibility and impacts of an entropy-based DDoS attack detection approach for detecting low-rate and high-rate DDoS attacks against the controller, measured in terms of detection rate (DR) and false-positive rate (FPR), triggered by a single or multiple host attacks targeting a single or multiple victims. Eight simulation scenarios, representing low and high DDoS attack traffic rates on the controller, have been used to evaluate an entropy-based DDoS attack detection approach. The experimental results reveal that the entropy-based approach enhances the average DR for detecting high-rate DDoS attack traffic compared with low-rate DDoS attack traffic by 6.25%, 20.26%, 6.74%, and 8.81%. In addition, it reduces the average FPRs for detecting a high DDoS attack traffic rate compared with a low DDoS attack traffic rate by 67.68%, 77.54%, 66.94%, and 64.81.
APA, Harvard, Vancouver, ISO, and other styles
2

Han, Dezhi, Kun Bi, Han Liu, and Jianxin Jia. "A DDoS attack detection system based on spark framework." Computer Science and Information Systems 14, no. 3 (2017): 769–88. http://dx.doi.org/10.2298/csis161217028h.

Full text
Abstract:
There are many problems in traditional Distributed Denial of Service (DDoS) attack detection such as low accuracy, low detection speed and so on, which is not suitable for the real time detecting and processing of DDoS attacks in big data environment. This paper proposed a novel DDoS attack detection system based on Spark framework including 3 main algorithms. Based on information entropy, the first one can effectively warn all kinds of DDoS attacks in advance according to the information entropy change of data stream source IP address and destination IP address; With the help of designed dynamic sampling K-Means algorithm, this new detection system improves the attack detection accuracy effectively; Through running dynamic sampling K-Means parallelization algorithm, which can quickly and effectively detect a variety of DDoS attacks in big data environment. The experiment results show that this system can not only early warn DDoS attacks effectively, but also can detect all kinds of DDoS attacks in real time, with low false rate.
APA, Harvard, Vancouver, ISO, and other styles
3

Dasari, Kishore Babu, and Nagaraju Devarakonda. "Detection of Different DDoS Attacks Using Machine Learning Classification Algorithms." Ingénierie des systèmes d information 26, no. 5 (2021): 461–68. http://dx.doi.org/10.18280/isi.260505.

Full text
Abstract:
Cyber attacks are one of the world's most serious challenges nowadays. A Distributed Denial of Service (DDoS) attack is one of the most common cyberattacks that has affected availability, which is one of the most important principles of information security. It leads to so many negative consequences in terms of business, production, reputation, data theft, etc. It shows the importance of effective DDoS detection mechanisms to reduce losses. In order to detect DDoS attacks, statistical and data mining methods have not been given good accuracy values. Researchers get good accuracy values while detecting DDoS attacks by using classification algorithms. But researchers, use individual classification algorithms on generalized DDoS attacks. This study used six machine learning classification algorithms to detect eleven different DDoS attacks on different DDoS attack datasets. We used the CICDDoS2019 dataset which is collected from the Canadian Institute of Cyber security in this study. It contains eleven different DDoS attack datasets in CSV file format. On each DDoS attack, we evaluated the effectiveness of the classification methods Logistic regression, Decision tree, Random Forest, Ada boost, KNN, and Naive Bayes, and determined the best classification algorithms for detection.
APA, Harvard, Vancouver, ISO, and other styles
4

Beshah, Yonas Kibret, Surafel Lemma Abebe, and Henock Mulugeta Melaku. "Drift Adaptive Online DDoS Attack Detection Framework for IoT System." Electronics 13, no. 6 (2024): 1004. http://dx.doi.org/10.3390/electronics13061004.

Full text
Abstract:
Internet of Things (IoT) security is becoming important with the growing popularity of IoT devices and their wide applications. Recent network security reports revealed a sharp increase in the type, frequency, sophistication, and impact of distributed denial of service (DDoS) attacks on IoT systems, making DDoS one of the most challenging threats. DDoS is used to commit actual, effective, and profitable cybercrimes. The current machine learning-based IoT DDoS attack detection systems use batch learning techniques, and hence are unable to maintain their performance over time in a dynamic environment. The dynamicity of heterogeneous IoT data causes concept drift issues that result in performance degradation and automation difficulties in detecting DDoS. In this study, we propose an adaptive online DDoS attack detection framework that detects and adapts to concept drifts in streaming data using a number of features often used in DDoS attack detection. This paper also proposes a novel accuracy update weighted probability averaging ensemble (AUWPAE) approach to detect concept drift and optimize zero-day DDoS detection. We evaluated the proposed framework using IoTID20 and CICIoT2023 dataset containing benign and DDoS traffic data. The results show that the proposed adaptive online DDoS attack detection framework is able to detect DDoS attacks with an accuracy of 99.54% and 99.33% for the respective datasets.
APA, Harvard, Vancouver, ISO, and other styles
5

Li, Feng, and Hai Ying Wang. "Design on DDoS Attack Detection and Prevention Systems." Applied Mechanics and Materials 530-531 (February 2014): 798–801. http://dx.doi.org/10.4028/www.scientific.net/amm.530-531.798.

Full text
Abstract:
For DDoS attacks, it must be sniffing this step, the attacker to be able to successfully launch the final realization of the invasion and attack, we must find a suitable host computer and can be used as hosts puppet machine. In this thesis, a DDoS attack detection technologies, and further proposed based DDoS attack defense system design, the results show that our design can effectively prevent DDoS network attacks.
APA, Harvard, Vancouver, ISO, and other styles
6

Xu, Hao, and Hequn Xian. "SCD: A Detection System for DDoS Attacks based on SAE-CNN Networks." Frontiers in Computing and Intelligent Systems 5, no. 3 (2023): 94–99. http://dx.doi.org/10.54097/fcis.v5i3.13865.

Full text
Abstract:
The pervasive application of network technology has given rise to a numerous of network attacks, including Distributed Denial of Service (DDoS) attacks. DDoS attacks can lead to the collapse of network resources, making the target server unable to support legitimate users, which is a critical issue in cyberspace security. In complex real-world network environments, differentiating DDoS attack traffic from normal traffic is a challenging task, making it significant to effectively distinguish between attack types in order to resist DDoS attacks. However, traditional DDoS attack detection methods have certain limitations in terms of data preprocessing and detection efficiency. In this paper, we propose a lightweight framework based on deep learning called SAE-CNN-Detection (SCD), which combines stacked autoencoder network (SAE) and convolutional neural network (CNN) for DDoS attacks detection. The CIC-DDoS2019 dataset is used to simulate network traffic that has suffered from DDoS attacks, and this system employs adaptive preprocessing techniques for the dataset. The results demonstrate that multi-classification experiment achieves an accuracy of 97.2% for DDoS attack types, while the binary classification experiment achieves an accuracy of 99.1%.
APA, Harvard, Vancouver, ISO, and other styles
7

D., Glăvan. "DDoS detection and prevention based on artificial intelligence techniques." Scientific Bulletin of Naval Academy XXII, no. 1 (2019): 134–43. http://dx.doi.org/10.21279/1454-864x-19-i1-018.

Full text
Abstract:
Distributed Denial of Service (DDoS) attacks have been the major threats for the Internet and can bring great loss to companies and governments. With the development of emerging technologies, such as cloud computing, Internet of Things (IoT), artificial intelligence techniques, attackers can launch a huge volume of DDoS attacks with a lower cost, and it is much harder to detect and prevent DDoS attacks, because DDoS traffic is similar to normal traffic. Some artificial intelligence techniques like machine learning algorithms have been used to classify DDoS attack traffic and detect DDoS attacks, such as Naive Bayes and Random forest tree. In the paper, we survey on the latest progress on the DDoS attack detection using artificial intelligence techniques and give recommendations on artificial intelligence techniques to be used in DDoS attack detection and prevention.
APA, Harvard, Vancouver, ISO, and other styles
8

Zhang, Jian, Qidi Liang, Rui Jiang, and Xi Li. "A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors." Applied Sciences 9, no. 21 (2019): 4633. http://dx.doi.org/10.3390/app9214633.

Full text
Abstract:
In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.
APA, Harvard, Vancouver, ISO, and other styles
9

Xie, Bailin, Yu Wang, Guogui Wen, and Xiaojun Xu. "Application-Layer DDoS Attack Detection Using Explicit Duration Recurrent Network-Based Application-Layer Protocol Communication Models." International Journal of Intelligent Systems 2023 (June 17, 2023): 1–13. http://dx.doi.org/10.1155/2023/2632678.

Full text
Abstract:
Existing application-layer distributed denial of service (AL-DDoS) attack detection methods are mainly targeted at specific attacks and cannot effectively detect other types of AL-DDoS attacks. This study presents an application-layer protocol communication model for AL-DDoS attack detection, based on the explicit duration recurrent network (EDRN). The proposed method includes model training and AL-DDoS attack detection. In the AL-DDoS attack detection phase, the output of each observation sequence is updated in real time. The observation sequences are based on application-layer protocol keywords and time intervals between adjacent protocol keywords. Protocol keywords are extracted based on their identification using regular expressions. Experiments are conducted using datasets collected from a real campus network and the CICDDoS2019 dataset. The results of the experiments show that EDRN is superior to several popular recurrent neural networks in accuracy, F1, recall, and loss values. The proposed model achieves an accuracy of 0.996, F1 of 0.992, recall of 0.993, and loss of 0.041 in detecting HTTP DDoS attacks on the CICDDoS2019 dataset. The results further show that our model can effectively detect multiple types of AL-DDoS attacks. In a comparison test, the proposed method outperforms several state-of-the-art approaches.
APA, Harvard, Vancouver, ISO, and other styles
10

Goparaju, Bhargavi, and Dr Bandla Srinivasa Rao. "A DDoS Attack Detection using PCA Dimensionality Reduction and Support Vector Machine." International Journal of Communication Networks and Information Security (IJCNIS) 14, no. 1s (2023): 01–08. http://dx.doi.org/10.17762/ijcnis.v14i1s.5586.

Full text
Abstract:
Distributed denial-of-service attack (DDoS) is one of the most frequently occurring network attacks. Because of rapid growth in the communication and computer technology, the DDoS attacks became severe. So, it is essential to research the detection of a DDoS attack. There are different modes of DDoS attacks because of which a single method cannot provide good security. To overcome this, a DDoS attack detection technique is presented in this paper using machine learning algorithm. The proposed method has two phases, dimensionality reduction and model training for attack detection. The first phase identifies important components from the large proportion of the internet data. These extracted components are used as machine learning’s input features in the phase of model detection. Support Vector Machine (SVM) algorithm is used to train the features and learn the model. The experimental results shows that the proposed method detects DDoS attacks with good accuracy.
APA, Harvard, Vancouver, ISO, and other styles
More sources

Dissertations / Theses on the topic "DDoS attack detection"

1

Saied, Alan. "Distributed Denial of Service (DDoS) attack detection and mitigation." Thesis, King's College London (University of London), 2015. http://kclpure.kcl.ac.uk/portal/en/theses/distributed-denial-of-service-ddos-attack-detection-and-mitigation(eaa45e51-f602-46da-a37a-75c3ae71d2db).html.

Full text
Abstract:
A Distributed Denial of Service (DDoS) attack is an organised distributed packet-storming technique that aims to overload network devices and the communication channels between them. Its major objective is to prevent legitimate users from accessing networks, servers, services, or other computer resources. In this thesis, we propose, implement and evaluate a DDoS Detector approach consisting of detection, defence and knowledge sharing components. The detection component is designed to detect known and unknown DDoS attacks using an Artificial Neural Network (ANN) while the defence component prevents forged DDoS packets from reaching the victim. DDoS Detectors are distributed across one or more networks in order to mitigate the strength of a DDoS attack. The knowledge sharing component uses encrypted messages to inform other DDoS Detectors when it detects a DDoS attack. This mechanism increases the efficacy of the detection mechanism between the DDoS Detectors. This approach has been evaluated and tested against other related approaches in terms of Sensitivity, Specificity, False Positive Rate (FPR), Precision, and Detection Accuracy. A major contribution of the research is that this approach achieves a 98% DDoS detection and mitigation accuracy, which is 5% higher than the best result of previous related approaches.
APA, Harvard, Vancouver, ISO, and other styles
2

Yu, Yue. "Resilience Strategies for Network Challenge Detection, Identification and Remediation." Thesis, The University of Sydney, 2013. http://hdl.handle.net/2123/10277.

Full text
Abstract:
The enormous growth of the Internet and its use in everyday life make it an attractive target for malicious users. As the network becomes more complex and sophisticated it becomes more vulnerable to attack. There is a pressing need for the future internet to be resilient, manageable and secure. Our research is on distributed challenge detection and is part of the EU Resumenet Project (Resilience and Survivability for Future Networking: Framework, Mechanisms and Experimental Evaluation). It aims to make networks more resilient to a wide range of challenges including malicious attacks, misconfiguration, faults, and operational overloads. Resilience means the ability of the network to provide an acceptable level of service in the face of significant challenges; it is a superset of commonly used definitions for survivability, dependability, and fault tolerance. Our proposed resilience strategy could detect a challenge situation by identifying an occurrence and impact in real time, then initiating appropriate remedial action. Action is autonomously taken to continue operations as much as possible and to mitigate the damage, and allowing an acceptable level of service to be maintained. The contribution of our work is the ability to mitigate a challenge as early as possible and rapidly detect its root cause. Also our proposed multi-stage policy based challenge detection system identifies both the existing and unforeseen challenges. This has been studied and demonstrated with an unknown worm attack. Our multi stage approach reduces the computation complexity compared to the traditional single stage, where one particular managed object is responsible for all the functions. The approach we propose in this thesis has the flexibility, scalability, adaptability, reproducibility and extensibility needed to assist in the identification and remediation of many future network challenges.
APA, Harvard, Vancouver, ISO, and other styles
3

Goldschmidt, Patrik. "Potlačení DoS útoků s využitím strojového učení." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2021. http://www.nusl.cz/ntk/nusl-449294.

Full text
Abstract:
Útoky typu odoprenia služby (DDoS) sú v dnešných počítačových sieťach stále frekventovanejším bezpečnostným incidentom. Táto práca sa zameriava na detekciu týchto útokov a poskytnutie relevantných informácii za účelom ich mitigácie v reálnom čase. Spomínaná funkcionalita je dosiahnutá s využitím techník prúdového dolovania z dát a strojového učenia. Výsledkom práce je sada nástrojov zastrešujúca celý proces strojového učenia - od vlastnej extrakcie príznakov cez predspracovanie dát až po export natrénovaného modelu pripraveného na nasadenie v produkcii. Experimentálne výsledky vyhodnotené na viacerých reálnych a syntetických dátových sadách poukazujú na presnosť systému väčšiu ako 99% s možnosťou spoľahlivej detekcie prebiehajúceho útoku do 4 sekúnd od jeho začiatku.
APA, Harvard, Vancouver, ISO, and other styles
4

Abdelaty, Maged Fathy Youssef. "Robust Anomaly Detection in Critical Infrastructure." Doctoral thesis, Università degli studi di Trento, 2022. http://hdl.handle.net/11572/352463.

Full text
Abstract:
Critical Infrastructures (CIs) such as water treatment plants, power grids and telecommunication networks are critical to the daily activities and well-being of our society. Disruption of such CIs would have catastrophic consequences for public safety and the national economy. Hence, these infrastructures have become major targets in the upsurge of cyberattacks. Defending against such attacks often depends on an arsenal of cyber-defence tools, including Machine Learning (ML)-based Anomaly Detection Systems (ADSs). These detection systems use ML models to learn the profile of the normal behaviour of a CI and classify deviations that go well beyond the normality profile as anomalies. However, ML methods are vulnerable to both adversarial and non-adversarial input perturbations. Adversarial perturbations are imperceptible noises added to the input data by an attacker to evade the classification mechanism. Non-adversarial perturbations can be a normal behaviour evolution as a result of changes in usage patterns or other characteristics and noisy data from normally degrading devices, generating a high rate of false positives. We first study the problem of ML-based ADSs being vulnerable to non-adversarial perturbations, which causes a high rate of false alarms. To address this problem, we propose an ADS called DAICS, based on a wide and deep learning model that is both adaptive to evolving normality and robust to noisy data normally emerging from the system. DAICS adapts the pre-trained model to new normality with a small number of data samples and a few gradient updates based on feedback from the operator on false alarms. The DAICS was evaluated on two datasets collected from real-world Industrial Control System (ICS) testbeds. The results show that the adaptation process is fast and that DAICS has an improved robustness compared to state-of-the-art approaches. We further investigated the problem of false-positive alarms in the ADSs. To address this problem, an extension of DAICS, called the SiFA framework, is proposed. The SiFA collects a buffer of historical false alarms and suppresses every new alarm that is similar to these false alarms. The proposed framework is evaluated using a dataset collected from a real-world ICS testbed. The evaluation results show that the SiFA can decrease the false alarm rate of DAICS by more than 80%. We also investigate the problem of ML-based network ADSs that are vulnerable to adversarial perturbations. In the case of network ADSs, attackers may use their knowledge of anomaly detection logic to generate malicious traffic that remains undetected. One way to solve this issue is to adopt adversarial training in which the training set is augmented with adversarially perturbed samples. This thesis presents an adversarial training approach called GADoT that leverages a Generative Adversarial Network (GAN) to generate adversarial samples for training. GADoT is validated in the scenario of an ADS detecting Distributed Denial of Service (DDoS) attacks, which have been witnessing an increase in volume and complexity. For a practical evaluation, the DDoS network traffic was perturbed to generate two datasets while fully preserving the semantics of the attack. The results show that adversaries can exploit their domain expertise to craft adversarial attacks without requiring knowledge of the underlying detection model. We then demonstrate that adversarial training using GADoT renders ML models more robust to adversarial perturbations. However, the evaluation of adversarial robustness is often susceptible to errors, leading to robustness overestimation. We investigate the problem of robustness overestimation in network ADSs and propose an adversarial attack called UPAS to evaluate the robustness of such ADSs. The UPAS attack perturbs the inter-arrival time between packets by injecting a random time delay before packets from the attacker. The attack is validated by perturbing malicious network traffic in a multi-attack dataset and used to evaluate the robustness of two robust ADSs, which are based on a denoising autoencoder and an adversarially trained ML model. The results demonstrate that the robustness of both ADSs is overestimated and that a standardised evaluation of robustness is needed.
APA, Harvard, Vancouver, ISO, and other styles
5

Syed, Naeem Firdous. "IoT-MQTT based denial of service attack modelling and detection." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2020. https://ro.ecu.edu.au/theses/2303.

Full text
Abstract:
Internet of Things (IoT) is poised to transform the quality of life and provide new business opportunities with its wide range of applications. However, the bene_ts of this emerging paradigm are coupled with serious cyber security issues. The lack of strong cyber security measures in protecting IoT systems can result in cyber attacks targeting all the layers of IoT architecture which includes the IoT devices, the IoT communication protocols and the services accessing the IoT data. Various IoT malware such as Mirai, BASHLITE and BrickBot show an already rising IoT device based attacks as well as the usage of infected IoT devices to launch other cyber attacks. However, as sustained IoT deployment and functionality are heavily reliant on the use of e_ective data communication protocols, the attacks on other layers of IoT architecture are anticipated to increase. In the IoT landscape, the publish/- subscribe based Message Queuing Telemetry Transport (MQTT) protocol is widely popular. Hence, cyber security threats against the MQTT protocol are projected to rise at par with its increasing use by IoT manufacturers. In particular, the Internet exposed MQTT brokers are vulnerable to protocolbased Application Layer Denial of Service (DoS) attacks, which have been known to cause wide spread service disruptions in legacy systems. In this thesis, we propose Application Layer based DoS attacks that target the authentication and authorisation mechanism of the the MQTT protocol. In addition, we also propose an MQTT protocol attack detection framework based on machine learning. Through extensive experiments, we demonstrate the impact of authentication and authorisation DoS attacks on three opensource MQTT brokers. Based on the proposed DoS attack scenarios, an IoT-MQTT attack dataset was generated to evaluate the e_ectiveness of the proposed framework to detect these malicious attacks. The DoS attack evaluation results obtained indicate that such attacks can overwhelm the MQTT brokers resources even when legitimate access to it was denied and resources were restricted. The evaluations also indicate that the proposed DoS attack scenarios can signi_cantly increase the MQTT message delay, especially in QoS2 messages causing heavy tail latencies. In addition, the proposed MQTT features showed high attack detection accuracy compared to simply using TCP based features to detect MQTT based attacks. It was also observed that the protocol _eld size and length based features drastically reduced the false positive rates and hence, are suitable for detecting IoT based attacks.
APA, Harvard, Vancouver, ISO, and other styles
6

Кульчицький, Б. В., та Л. М. Куперштейн. "До проблеми формування набору даних для дослідження DDoS-атак". Thesis, ВНТУ, 2019. http://ir.lib.vntu.edu.ua//handle/123456789/24232.

Full text
Abstract:
В роботі розглянуто підходи щодо перевірки запропонованих методів виявлення атак. Проаналізовано наявні набори даних, які використовуються для створення систем виявлення DDoS-атак. Також, проаналізовано декілька інструментів, що використовуються для реалізації чи моделювання DDoS-атак для збору даних.<br>The paper considers approaches to checking the proposed method of detecting attacks. The existing datasets that scientists use to create DDoS-attack detection systems are analyzed. Also, there are several tools used to implement or simulate DDoS-attacks for data collection
APA, Harvard, Vancouver, ISO, and other styles
7

Náčin, Peter. "Detekce útoku SlowDrop." Master's thesis, Vysoké učení technické v Brně. Fakulta elektrotechniky a komunikačních technologií, 2021. http://www.nusl.cz/ntk/nusl-442391.

Full text
Abstract:
The diploma thesis is focused on the detection of a slow DoS attack named SlowDrop. The attack tries to imitate a legitimate person with a slow internet connection and does not show a new strong signature, so the attack is difficult to detect. The diploma thesis is based on the work of Ing. Mazanek in which the SlowDrop attack script was created. At the theoretical level, the issue of DoS attacks is described in general, but also in particular. Furthermore, the work develops methods for solving the problem of SlowDrop attack detection. The methods are then defined in detail and tested in a simulation environment. The practical part describes data analysis, signature detection, anomaly detection using neural networks and a detection script. In all practical parts, the used technologies and solution procedures are described in detail. The specific implementation of the solution and the achieved results are also presented. Finally, the individual results are evaluated, compared individually, but also among themselves. The obtained results show that the attack is detectable using a neural network and by created detection script.
APA, Harvard, Vancouver, ISO, and other styles
8

Guerid, Hachem. "Systèmes coopératifs décentralisés de détection et de contre-mesures des incidents et attaques sur les réseaux IP." Thesis, Paris, ENST, 2014. http://www.theses.fr/2014ENST0079/document.

Full text
Abstract:
La problématique des botnets, réseaux de machines infectées par des logiciels malveillants permettant de les contrôler à distance, constitue une préoccupation majeure du fait du nombre de machines infectées et des menaces associées: attaque par déni de service distribué (DDoS), spam, vol de données bancaires. Les solutions de lutte contre les botnets proposées présentent des limitations majeures dans le contexte d'un opérateur réseau (contraintes de volumétrie et de passage à l'échelle, respect de la confidentialité et de la vie privée des utilisateurs). Cette thèse propose quatre contributions orientées réseau de lutte contre les botnets. Chaque contribution traite d'une étape complémentaire dans la problématique des botnets: la première contribution permet de remonter à la source d'attaques par déni de service, et ainsi d'identifier un groupe de machines infectées à l'origine de ces attaques. La deuxième contribution concerne la détection des communications entre les machines infectées et leurs serveurs de contrôle et commande dans un réseau à large échelle, et offre ainsi l'opportunité de bloquer ces serveurs pour limiter le risque de nouvelles attaques. La troisième contribution permet une détection collaborative de botnets dans un contexte inter-domaine et inter-opérateur, permettant ainsi de lutter contre l'aspect hautement distribué de ces botnets. Enfin, la dernière contribution proposée permet de remédier aux botnets en ralentissant les communications entre les machines infectées et leur serveur de contrôle, offrant par ce biais une contre-mesure aux stratégies d'évasions développées par les cybercriminels afin de rendre leurs botnets plus résilients<br>The problem of botnets, networks of infected hosts controlled remotely by attackers, is a major concern because of the number of infected hosts and associated threats, like distributed denial of service (DDoS), spams, and data theft. State of the art solutions to fight against botnets have major limitations in a context of a network operator (scalability of the solution, confidentiality and privacy of users). In this thesis, we propose four network-based contributions to fight against botnets. Each solution address a different and complementary issue in this area: the first contribution tracebacks the source of denial of service attacks which threaten the network availability, allowing by that way to identify infected devices used to perpetrate these attacks. The second contribution detects the communications between infected computers and their command and control server (C&amp;C) in a large scale network and offers the opportunity to block these servers to minimize the risk of future attacks. The third contribution enables collaborative detection of botnets in an inter-domain and inter-operator context in order to fight against the highly distributed aspect of these botnets. Finally, the last contribution mitigates botnets by slowing down the communication between infected hosts and their C&amp;C server, providing a countermeasure against evasion techniques developed by cybercriminals to make their botnets more resilient
APA, Harvard, Vancouver, ISO, and other styles
9

Damour, Gabriel. "Information-Theoretic Framework for Network Anomaly Detection: Enabling online application of statistical learning models to high-speed traffic." Thesis, KTH, Matematisk statistik, 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-252560.

Full text
Abstract:
With the current proliferation of cyber attacks, safeguarding internet facing assets from network intrusions, is becoming a vital task in our increasingly digitalised economies. Although recent successes of machine learning (ML) models bode the dawn of a new generation of intrusion detection systems (IDS); current solutions struggle to implement these in an efficient manner, leaving many IDSs to rely on rule-based techniques. In this paper we begin by reviewing the different approaches to feature construction and attack source identification employed in such applications. We refer to these steps as the framework within which models are implemented, and use it as a prism through which we can identify the challenges different solutions face, when applied in modern network traffic conditions. Specifically, we discuss how the most popular framework -- the so called flow-based approach -- suffers from significant overhead being introduced by its resource heavy pre-processing step. To address these issues, we propose the Information Theoretic Framework for Network Anomaly Detection (ITF-NAD); whose purpose is to facilitate online application of statistical learning models onto high-speed network links, as well as provide a method of identifying the sources of traffic anomalies. Its development was inspired by previous work on information theoretic-based anomaly and outlier detection, and employs modern techniques of entropy estimation over data streams. Furthermore, a case study of the framework's detection performance over 5 different types of Denial of Service (DoS) attacks is undertaken, in order to illustrate its potential use for intrusion detection and mitigation. The case study resulted in state-of-the-art performance for time-anomaly detection of single source as well as distributed attacks, and show promising results regarding its ability to identify underlying sources.<br>I takt med att antalet cyberattacker växer snabbt blir det alltmer viktigt för våra digitaliserade ekonomier att skydda uppkopplade verksamheter från nätverksintrång. Maskininlärning (ML) porträtteras som ett kraftfullt alternativ till konventionella regelbaserade lösningar och dess anmärkningsvärda framgångar bådar för en ny generation detekteringssytem mot intrång (IDS). Trots denna utveckling, bygger många IDS:er fortfarande på signaturbaserade metoder, vilket förklaras av de stora svagheter som präglar många ML-baserade lösningar. I detta arbete utgår vi från en granskning av nuvarande forskning kring tillämpningen av ML för intrångsdetektering, med fokus på de nödvändiga steg som omger modellernas implementation inom IDS. Genom att sätta upp ett ramverk för hur variabler konstrueras och identifiering av attackkällor (ASI) utförs i olika lösningar, kan vi identifiera de flaskhalsar och begränsningar som förhindrar deras praktiska implementation. Särskild vikt läggs vid analysen av de populära flödesbaserade modellerna, vars resurskrävande bearbetning av rådata leder till signifikant tidsfördröjning, vilket omöjliggör deras användning i realtidssystem. För att bemöta dessa svagheter föreslår vi ett nytt ramverk -- det informationsteoretiska ramverket för detektering av nätverksanomalier (ITF-NAD) -- vars syfte är att möjliggöra direktanslutning av ML-modeller över nätverkslänkar med höghastighetstrafik, samt tillhandahåller en metod för identifiering av de bakomliggande källorna till attacken. Ramverket bygger på modern entropiestimeringsteknik, designad för att tillämpas över dataströmmar, samt en ASI-metod inspirerad av entropibaserad detektering av avvikande punkter i kategoriska rum. Utöver detta presenteras en studie av ramverkets prestanda över verklig internettrafik, vilken innehåller 5 olika typer av överbelastningsattacker (DoS) genererad från populära DDoS-verktyg, vilket i sin tur illustrerar ramverkets användning med en enkel semi-övervakad ML-modell. Resultaten visar på hög nivå av noggrannhet för detektion av samtliga attacktyper samt lovande prestanda gällande ramverkets förmåga att identifiera de bakomliggande aktörerna.
APA, Harvard, Vancouver, ISO, and other styles
10

Guerid, Hachem. "Systèmes coopératifs décentralisés de détection et de contre-mesures des incidents et attaques sur les réseaux IP." Electronic Thesis or Diss., Paris, ENST, 2014. http://www.theses.fr/2014ENST0079.

Full text
Abstract:
La problématique des botnets, réseaux de machines infectées par des logiciels malveillants permettant de les contrôler à distance, constitue une préoccupation majeure du fait du nombre de machines infectées et des menaces associées: attaque par déni de service distribué (DDoS), spam, vol de données bancaires. Les solutions de lutte contre les botnets proposées présentent des limitations majeures dans le contexte d'un opérateur réseau (contraintes de volumétrie et de passage à l'échelle, respect de la confidentialité et de la vie privée des utilisateurs). Cette thèse propose quatre contributions orientées réseau de lutte contre les botnets. Chaque contribution traite d'une étape complémentaire dans la problématique des botnets: la première contribution permet de remonter à la source d'attaques par déni de service, et ainsi d'identifier un groupe de machines infectées à l'origine de ces attaques. La deuxième contribution concerne la détection des communications entre les machines infectées et leurs serveurs de contrôle et commande dans un réseau à large échelle, et offre ainsi l'opportunité de bloquer ces serveurs pour limiter le risque de nouvelles attaques. La troisième contribution permet une détection collaborative de botnets dans un contexte inter-domaine et inter-opérateur, permettant ainsi de lutter contre l'aspect hautement distribué de ces botnets. Enfin, la dernière contribution proposée permet de remédier aux botnets en ralentissant les communications entre les machines infectées et leur serveur de contrôle, offrant par ce biais une contre-mesure aux stratégies d'évasions développées par les cybercriminels afin de rendre leurs botnets plus résilients<br>The problem of botnets, networks of infected hosts controlled remotely by attackers, is a major concern because of the number of infected hosts and associated threats, like distributed denial of service (DDoS), spams, and data theft. State of the art solutions to fight against botnets have major limitations in a context of a network operator (scalability of the solution, confidentiality and privacy of users). In this thesis, we propose four network-based contributions to fight against botnets. Each solution address a different and complementary issue in this area: the first contribution tracebacks the source of denial of service attacks which threaten the network availability, allowing by that way to identify infected devices used to perpetrate these attacks. The second contribution detects the communications between infected computers and their command and control server (C&amp;C) in a large scale network and offers the opportunity to block these servers to minimize the risk of future attacks. The third contribution enables collaborative detection of botnets in an inter-domain and inter-operator context in order to fight against the highly distributed aspect of these botnets. Finally, the last contribution mitigates botnets by slowing down the communication between infected hosts and their C&amp;C server, providing a countermeasure against evasion techniques developed by cybercriminals to make their botnets more resilient
APA, Harvard, Vancouver, ISO, and other styles
More sources

Books on the topic "DDoS attack detection"

1

Bhattacharyya, Dhruba Kumar, and Jugal Kumar Kalita. DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. Taylor & Francis Group, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
2

Bhattacharyya, Dhruba Kumar, and Jugal Kumar Kalita. DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. Taylor & Francis Group, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles
3

DDoS Attacks: Evolution, Detection, Prevention, Reaction, and Tolerance. Taylor & Francis Group, 2016.

Find full text
APA, Harvard, Vancouver, ISO, and other styles

Book chapters on the topic "DDoS attack detection"

1

Yu, Shui. "DDoS Attack Detection." In Distributed Denial of Service Attack and Defense. Springer New York, 2013. http://dx.doi.org/10.1007/978-1-4614-9491-1_3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Szynkiewicz, Paweł. "Signature-Based Detection of Botnet DDoS Attacks." In Cybersecurity of Digital Service Chains. Springer International Publishing, 2022. http://dx.doi.org/10.1007/978-3-031-04036-8_6.

Full text
Abstract:
AbstractThe distributed denial of service (DDoS) attack is an attempt to disrupt the proper availability of a targeted server, service or network. The attack is achieved by corrupting or overwhelming the target’s communications with a flood of malicious network traffic. In the current era of mass connectivity DDoS attacks emerge as one of the biggest threats, staidly causing greater collateral damage and heaving a negate impacting on the integral Internet Infrastructure. DDoS attacks come in a variety of types and schemes, they continue to evolve, steadily becoming more sophisticated and larger at scale. A close investigation of attack vectors and refining current security measures is required to efficiently mitigate new DDoS threats. The solution described in this article concerns a less explored variation of signature-based techniques for DDoS mitigation. The approach exploits one of the traits of modern DDoS attacks, the utilization of Packet generation algorithms (PGA) in the attack execution. Proposed method performs a fast, protocol-level detection of DDoS network packets and can easily be employed to provide an effective, supplementary protection against DDoS attacks.
APA, Harvard, Vancouver, ISO, and other styles
3

Swati, Jadhav, Pise Nitin, Shruti Singh, Akash Sinha, Vishal Sirvi, and Shreyansh Srivastava. "DDoS Attack Detection Using Machine Learning." In Lecture Notes in Electrical Engineering. Springer Nature Singapore, 2023. http://dx.doi.org/10.1007/978-981-99-5997-6_34.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Antad, Sonali M., Rucha Uplenchwar, Pratham Gajbhiye, Dakshata Wasnik, and Omkar Pawar. "DDoS Attack Detection Using Machine Learning." In Lecture Notes in Networks and Systems. Springer Nature Singapore, 2025. https://doi.org/10.1007/978-981-96-2697-7_42.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Smriti, Smriti, K. HariBabu, and Sanyam Garg. "DDoS Attack Detection in Data Plane." In Lecture Notes on Data Engineering and Communications Technologies. Springer Nature Switzerland, 2025. https://doi.org/10.1007/978-3-031-87784-1_22.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Wang, An, Aziz Mohaisen, Wentao Chang, and Songqing Chen. "Capturing DDoS Attack Dynamics Behind the Scenes." In Detection of Intrusions and Malware, and Vulnerability Assessment. Springer International Publishing, 2015. http://dx.doi.org/10.1007/978-3-319-20550-2_11.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Shalini, P. V., V. Radha, and Sriram G. Sanjeevi. "DDoS Attack Detection in SDN Using CUSUM." In Proceedings of International Conference on Computational Intelligence and Data Engineering. Springer Singapore, 2020. http://dx.doi.org/10.1007/978-981-15-8767-2_26.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Mouli, V. S. A. Chandra, P. Subba Rao, Shubhashish Jena, et al. "DDOS Attack Detection Using Time Based Features." In Computing, Communication and Intelligence. CRC Press, 2024. http://dx.doi.org/10.1201/9781003581215-3.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Anis, Adeeba, and Md Shohrab Hossain. "DDoS Attack Detection Using Ensemble Machine Learning." In Artificial Intelligence and Sustainable Computing. Springer Nature Singapore, 2024. http://dx.doi.org/10.1007/978-981-97-0327-2_39.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Zeng, Fantao, Jieren Cheng, Zhuyun Cao, Yue Yang, and Victor S. Sheng. "AcLGB: A Lightweight DDoS Attack Detection Method." In Smart Innovation, Systems and Technologies. Springer Nature Singapore, 2023. http://dx.doi.org/10.1007/978-981-99-7161-9_16.

Full text
APA, Harvard, Vancouver, ISO, and other styles

Conference papers on the topic "DDoS attack detection"

1

S, Jaya Praveena, and S.Sudha. "ARP Spoofing Attack Detection to Prevent DDoS Attack." In 2025 5th International Conference on Trends in Material Science and Inventive Materials (ICTMIM). IEEE, 2025. https://doi.org/10.1109/ictmim65579.2025.10987987.

Full text
APA, Harvard, Vancouver, ISO, and other styles
2

Chi, Kaiwen, Xiaohui Xie, Yannan Hu, et al. "E-DDoS: An Evaluation System for DDoS Attack Detection." In 2024 IEEE 32nd International Conference on Network Protocols (ICNP). IEEE, 2024. https://doi.org/10.1109/icnp61940.2024.10858578.

Full text
APA, Harvard, Vancouver, ISO, and other styles
3

Jadhav, Swati, Vaibhavi Bhosale, Gauri Choudhari, Rishita Bura, and Manasi Bhavik. "DDoS Attack Detection in Blockchain Networks." In 2024 5th International Conference on Data Intelligence and Cognitive Informatics (ICDICI). IEEE, 2024. https://doi.org/10.1109/icdici62993.2024.10810961.

Full text
APA, Harvard, Vancouver, ISO, and other styles
4

Aggarwal, Saransh, Bhagrajyoti Behera, Murari Kumar Singh, and Ajeet Kumar Sharma. "Optimizing DDoS Attack Detection Using Machine Learning." In 2025 2nd International Conference on Computational Intelligence, Communication Technology and Networking (CICTN). IEEE, 2025. https://doi.org/10.1109/cictn64563.2025.10932452.

Full text
APA, Harvard, Vancouver, ISO, and other styles
5

Mahmoodi, Meisam, and Seyed Mahdi Jameii. "Utilizing Large Language Models for DDoS Attack Detection." In 2024 OPJU International Technology Conference (OTCON) on Smart Computing for Innovation and Advancement in Industry 4.0. IEEE, 2024. http://dx.doi.org/10.1109/otcon60325.2024.10688345.

Full text
APA, Harvard, Vancouver, ISO, and other styles
6

Liu, Cuilian, and Sirong Zhong. "DDoS Attack Detection Method Based on Machine Learning." In 2024 IEEE 15th International Conference on Software Engineering and Service Science (ICSESS). IEEE, 2024. http://dx.doi.org/10.1109/icsess62520.2024.10719386.

Full text
APA, Harvard, Vancouver, ISO, and other styles
7

Mishra, Amit Kumar, Siddhant Thapliyal, Junedh Siddiqui, Rohit Bhatt, Keshav Naithani, and Ankit Joshi. "A Review: DDoS Attack Detection Using Clustering Algorithms." In 2024 5th International Conference on Artificial Intelligence and Data Sciences (AiDAS). IEEE, 2024. http://dx.doi.org/10.1109/aidas63860.2024.10730005.

Full text
APA, Harvard, Vancouver, ISO, and other styles
8

Zhi, Haiyou, Jingxian Li, Mengyue Yu, Jin Wang, Ziyan Hu, and Yihan Li. "DDoS Attack Detection Method Based on Improved Bagging." In 2024 4th International Conference on Communication Technology and Information Technology (ICCTIT). IEEE, 2024. https://doi.org/10.1109/icctit64404.2024.10928599.

Full text
APA, Harvard, Vancouver, ISO, and other styles
9

Zhang, Ruo, Guiqin Yang, and Wei Zhang. "DDoS Attack Detection System Based on GBDT Under SDN." In 2024 IEEE 7th Information Technology, Networking, Electronic and Automation Control Conference (ITNEC). IEEE, 2024. http://dx.doi.org/10.1109/itnec60942.2024.10733143.

Full text
APA, Harvard, Vancouver, ISO, and other styles
10

Zhao, Kai. "Research on DDoS attack detection technology in SDN environment." In 4th International Conference on Green Communication, Network, and Internet of Things (CNIoT 2024), edited by Xiangjie Kong and Cheng Siong Chin. SPIE, 2024. http://dx.doi.org/10.1117/12.3052465.

Full text
APA, Harvard, Vancouver, ISO, and other styles
You might also be interested in the extended bibliographies on the topic 'DDoS attack detection' for particular source types:
Journal articles Dissertations / Theses
We offer discounts on all premium plans for authors whose works are included in thematic literature selections. Contact us to get a unique promo code!

To the bibliography