Distributed Denial of Service (DDOS) ATTACKS are among the primary concerns in internet security today. Machine learning can be exploited to detect such ATTACKS. In this paper, a multi-layer perceptron model is proposed and implemented using deep machine learning to distinguish between malicious and normal traffic based on their behavioral patterns. The proposed model is trained and tested using the CICDDOS2019 dataset. To remove irrelevant and redundant data from the dataset and increase learning accuracy, feature selection is used to select and extract the most effective features that allow us to detect these ATTACKS. Moreover, we use the grid search algorithm to acquire optimum values of the model’s hyperparameters among the parameters’ space. In addition, the sensitivity of accuracy of the model to variations of an input parameter is analyzed. Finally, the effectiveness of the presented model is validated in comparison with some state-of-the-art works.

DDOS (Distributed Denial-of-Service) ATTACKS are among the cyberATTACKS that are increasing day by day and have caused problems for computer network servers. With the advent of SDN networks, they are not immune to these ATTACKS, and due to the software-centric nature of these networks, this type of attack can be much more difficult for them, ignoring effective parameters such as port and Source IP in detecting ATTACKS, providing costly solutions which are effective in increasing CPU load, and low accuracy in detecting ATTACKS are of the problems of previously presented methods in detecting DDOS ATTACKS. Given the importance of this issue, the purpose of this paper is to increase the accuracy of DDOS attack detection using the second order correlation coefficient technique based on ∅-entropy according to source IP and selection of optimal features. To select the best features, by examining the types of feature selection algorithms and search methods, the WrapperSubsetEval feature selection algorithm, the BestFirst search method, and the best effective features were selected. This study was performed on CTU-13 and ISOT datasets and the results were compared with other methods. The accuracy of the detection in this work indicates the high efficiency of the proposed approach compared to other similar methods.

Network communication shows a variety of issues with the fast expansion of computer devices, ranging from network administration to traffic engineering. A well-known method for improving these connections is Software-Defined Networking (SDN). The SDN is a networking architecture that separates the control plane from the data plane to ease network administration. The main advantage of the SDN is the central controller. However, it has security flaws like unreachability in Distributed Denial-of-Service ATTACKS (DDOS). Hence, defending SDN against DDOS ATTACKS is critical. We proposed a framework for detecting DDOS ATTACKS and a fault-tolerant method to replace faulty leader controller in distributed multi-controller SDN. We used multi-controllers architecture and leader election algorithm to present a fault-tolerant framework to select a new leader controller, in the case of a leader controller failure. In addition, an early DDOS attack detection algorithm using the entropy of destination IP addresses and the packet window initiation rate is presented. To evaluate our proposed method in various configurations, we simulated exhaustive experiments in Mininet and Floodlight. The results show that our approach outperforms similar algorithms in various network configurations and multi-victim ATTACKS.

DDOS ATTACKS aim at making the authorized users unable to access the network resources. In the present paper, an evidence theory based security method has been proposed to confront DDOS ATTACKS in software-defined wireless sensor networks. The security model, as a security unit, is placed on the control plane of the software-defined wireless sensor network aiming at detecting the suspicious traffic. The main purpose of this paper is detection of the DDOS attack using the central controller of the software-defined network and entropy approach as an effective light-weight and quick solution in the early stages of the detection and, also, Dempster-Shafer theory in order to do a more exact detection with longer time. Evaluation of the ATTACKS including integration of data from the evidence obtained using Dempster-Shafer and entropy modules has been done with the purpose of increasing the rate of detection of the DDOS attack, maximizing the true positive, decreasing the false negative, and confronting the attack. The results of the paper show that providing a security unit on the control plane in a software-defined wireless sensor network is an efficient method for detecting and evaluating the probability of DDOS ATTACKS and increasing the rate of detection of an attacker.

Internet of Things (IoT) is a network of objects on which objects can communicate with other objects. The Internet of Things is currently constantly under numerous ATTACKS due to technical, legal and human problems. One of the most important of these ATTACKS is the Denial of Service (DoS) attack, in which normal network services are out of service and it is impossible for objects and users to access the server and other resources. Existing security solutions have not been able to effectively prevent interruption ATTACKS in Internet of Things services. Software-oriented network (SDN) is a new architecture in the network based on the separation of the control and data plane of the network. Programmability and network management capability by SDN can be used in IoT services because some IoT devices send data periodically and in certain time intervals. SDN can help reduce or prevent the data flood caused by IoT if properly deployed in the data center. In this article, a method to detect DDOS ATTACKS in Internet of Things based on SDN is presented and then an algorithm to reduce DDOS ATTACKS is presented. The proposed method is based on the entropy criterion, which is one of the most important concepts in information theory and is calculated based on the characteristics of the flow. In this method, by using two new components on the controller to receive incoming packets and considering the time window and calculating entropy and flow rate, a possible attack is detected in the network, and then based on the statistics of the flow received from the switches, the certainty of the attack is determined. Compared to the existing methods, the proposed method has improved 12% in terms of attack detection time and 26% in terms of false positives/negatives.

Distributed Denial of Service (DDOS) attack is an attempt to make network resources inaccessible to legitimate users. Today, the number of DDOS ATTACKS is increasing rapidly, this is a threat to Internet users, and police networks are no exception to this threat and are more sensitive due to the constant need for these networks to respond to legal requests. Although the target of DDOS ATTACKS may be different, they generally try to temporarily or permanently disable the services of a victim server connected to the Internet. In this paper, a network layer-based method independent from communication protocols is presented that is able to detect attack behaviors without the need to know normal network behaviors. In addition, this method does not need to store large volumes of profiles, multiple lists and attack signatures. This method is done in three steps: feature extraction through a two-dimensional wavelet decomposition that provides the energy distribution diagram, detection of the change point with the help of fuzzy logic rules and deep neural network analysis as the final step of detection. The proposed method was investigated on VAST and ISCX datasets in which it was able to detect DDOS ATTACKS in 10-second periods with 99. 99% accuracy for VAST dataset and 99. 08% accuracy for ISCX dataset.

Cybersecurity has turned into a brutal and vicious environment due to the expansion of cyber-threats and cyberbullying. Distributed Denial of Service (DDOS) is a network menace that compromises victims’ resources promptly. Considering the significant role of optimization algorithms in the highly accurate and adaptive detection of network ATTACKS, the present study has proposed Hybrid Modified Grasshopper Optimization algorithm and Genetic Algorithm (HMGOGA) to detect and prevent DDOS ATTACKS. HMGOGA overcomes conventional GOA drawbacks like low convergence speed and getting stuck in local optimum. In this paper, the proposed algorithm is used to detect DDOS ATTACKS through the combined nonlinear regression (NR)-sigmoid model simulation. In order to serve this purpose, initially, the most important features in the network packages are extracted using the Random Forest (RF) method. By removing 55 irrelevant features out of a total of 77, the selected ones play a key role in the proposed model’s performance. To affirm the efficiency, the high correlation of the selected features was measured with Decision Tree (DT). Subsequently, the HMGOGA is trained with benchmark cost functions and another proposed cost function that enabling it to detect malicious traffic properly. The usability of the proposed model is evaluated by comparing with two benchmark functions (Sphere and Ackley function). The experimental results have proved that HMGOGA based on NR-sigmoid outperforms other implemented models and conventional GOA methods with 99.90% and 99.34% train and test accuracy, respectively.

Software defined network (SDN) was born to make changes to existing network architectures and devices with specific function to reach an intelligent network. Recently, this networks have gained popularity in enterprise networks because of the flexibility in network service management and reduced operational cost. In this architecture, operating system and applications from the network switch are decoupled. They centralized in a virtual layer that called the controller. In the SDN, due to the centralized decision-making and resources controller limitations are exposed to all kinds of threats such as Distributed Denial of Service (DDOS) ATTACKS. In this paper we will review SDN architecture and DDOS ATTACKS in SDN. We proposed a novel detection and mitigation algorithm that takes advantage of unique features of the SDN architecture. In the proposed algorithm, for detecting DDOS ATTACKS in SDN, a statistical method based on Hellinger distance and Exponential Weighted Moving Average (EWMA) technique are used. In this paper, DDOS ATTACKS in SDN is simulated by MiniNet emulator with Pox controller. Our experiments performed in the simulator, showed the efficiency of the proposed method and its superiority compared to previous approaches.