With the development of new information and communication technologies and the pervasive use of cyberspace, Distributed Denial of Service (DDoS) Attacks are a serious threat to online organizations. These Attacks can have destructive effects, for example, on one of its effects can be in terms of the public face of the trademark and its revenue. A good way to deal with DDoS Attacks is to save a signature for each Attack. Today, most organizations and institutions, both national and military (military and law enforcement) face such Attacks, so in this study, while trying to identify intrusion detection systems in the proposed method to produce the necessary signatures to explain. Using this method, any Attack can be detected as soon as this signature is found in traffic. However, this process is not easy and the signature production process is usually time consuming and requires a lot of effort. To help solve this challenge of generating signature problems, in this research, we propose an automated method for generating data-based signatures for DDoS Attacks. This study also examines the relationships between different data packets of the same Attack. In fact, data packet-based digital signatures are used for Attacks whose pattern and core are the same, with only minor differences in the structure of the Attack. The research concludes with a proposal for a signature generation algorithm and its validation using applied tools.

The software defined network (SDN) is a new computer architecture, where the central controller is applied. These networks rely on software and consequently, their security is exposed to different Attacks through different components therein. One type of these Attacks, which is the latest threat in computer network realm and the efficiency therein, is called the Distributed Denial of Services (DDoS). An attempt is made to develop an Attack-detector, through a combined statistical and machine learning method. In the statistical method, the entropy, based on destination IP and normal distribution in addition to dynamic threshold are applied to detect Attacks. Normal distribution is one of the most important distributions in the theory of probability. In this distribution the entropy average and standard deviation are effective in Attack detection. As for the learning algorithm, by applying the extracted features from the flows and supervised classification algorithms, the accuracy of Attack detection increases in such networks. The applied datasets in this study consist of: ISCX-SlowDDoS2016، ISCX-IDS2012, CTU-13 and ISOT. This method outperforms its counterparts with an accuracy of 99. 65% and 0. 12 false positive rate (FPR) for the UNB-ISCX dataset, and with an accuracy of 99. 84% and 0. 25 FPR for CTU-13 dataset.

Today, botnets have become a serious threat to enterprise networks. By creation of network of bots, they launch several Attacks, Distributed Denial of Service Attacks (DDoS) on networks is a sample of such Attacks. Such Attacks with the occupation of system resources, have proven to be an effective method of denying network Services. Botnets that launch HTTP packet flood Attacks against Web servers are one of the newest and most troublesome threats in networks. In this paper, we present a system called HF-Blocker that detects and prevents the HTTP flood Attacks. The proposed system, by checking at the HTTP request in three stages, a Java-based test, check cookies and then check the user agent, detects legitimate source of communication from malicios source, such as botnets. If it is proved the source of connection to be bot, HF-Blocker blocks the request and denies it to access to resources of the web server and thereby prevent a Denial of Service Attack. Performance analysis showed that HF-Blocker, detects and prevents the HTTP-based Attacks of botnets with high probability.

Distributed Denial of Service (DDoS) Attacks are among the primary concerns in internet security today. Machine learning can be exploited to detect such Attacks. In this paper, a multi-layer perceptron model is proposed and implemented using deep machine learning to distinguish between malicious and normal traffic based on their behavioral patterns. The proposed model is trained and tested using the CICDDoS2019 dataset. To remove irrelevant and redundant data from the dataset and increase learning accuracy, feature selection is used to select and extract the most effective features that allow us to detect these Attacks. Moreover, we use the grid search algorithm to acquire optimum values of the model’s hyperparameters among the parameters’ space. In addition, the sensitivity of accuracy of the model to variations of an input parameter is analyzed. Finally, the effectiveness of the presented model is validated in comparison with some state-of-the-art works.

Monitoring of Attacks carried out by botnets still has challenges of uncertainty during the Attack. In this study, we have proposed a methodology in which a Botnet sends some number of packets towards the hosts under its control (vicarious) across their network. Then, we can estimate the power of a botnet by data fu-sion. The existence of defensive filtering (local and regional), failure of sensors and packet loss cause faulty estimation. Thus, using the OMNET simulator, the proposed, model was tested with three scenarios and maximum-minimum and average voting procedures were used for data fusion. And the results were com-pared and evaluated using the Euclidean method which they showed that the Min-Max method is 95% accu-rate in such conditions. The above-mentioned experiment on the Internet environment showed that by utiliz-ing labeled packets, the accuracy of 96 % is obtained.

Distributed Denial of Service (DDoS) Attacks are one of the most important threats for E-commerce. Their main goal is to prevent the users from accessing to web sites and internet resources through excessive use of the resources. In these Attacks, availability which is one of the elements of security is targeted. One of the ways to achieve this goal is to apply web robots by which the Attackers design and carry out the DDoS Attacks at application layer. Various methods have been used to distinguish between malicious and non-malicious web robots. One of the most popular methods in the recent years is data mining and machine learning. This method is based on extracting and selecting those features which are fit for web sessions via web server access log files and applying data mining algorithms. Considering the fact that the DDoS Attacks are dynamic and customizable, in this research, an attempt is made to present a customizable dynamic defensive mechanism for detecting malicious web robots through the analysis of behaviors of their browsing. At the present study, features extraction was carried out based on the characteristics of DDoS Attacks together with optimization of the previous methods to determine web sessions. Furthermore refining the extracted features and selecting a set of efficient features reduced the time required for building a model. As a consequence, the efficiency enhanced by two percent compared to the best similar study.

Software Defined Network (SDN) is a new architecture for network management and its main concept is centralizing network management in the network control level that has an overview of the network and determines the forwarding rules for switches and routers (the data level). Although this centralized control is the main advantage of SDN, it is also a single point of failure. If this main control is made unreachable for any reason, the architecture of the network is crashed. A Distributed Denial of Service (DDoS) Attack is a threat for the SDN controller which can make it unreachable. In the previous researches in DDoS detection in SDN, not enough work has been done on improvement of accuracy in detection. The proposed solution of this research can detect DDoS Attack on SDN controller with a noticeable accuracy and prevents serious damage to the controller. For this purpose, fast entropy of each flow is computed at certain time intervals. Then, by the use of adaptive threshold, the possibility of a DDoS Attack is investigated. In order to achieve more accuracy, another method, computing flow initiation rate, is used alongside. After observation of the results of this two methods, according to the described conditions, the existence of an Attack is confirmed or rejected, or this decision is made at the next step of the algorithm, with further study of flow statistics of network switches by the perceptron neural network. The evaluation results show that the proposed algorithm has been able to make a significant improvement in detection rate and a reduction in false alarm rate compared to closest previous work, besides maintaining the average detection time on an acceptable level.

Nowadays, the Internet of Things (IoT) has emerged as an effective and innovative technology for developing the infrastructure of many hardware and related software applications. Moreover, blockchain technology has emerged as the backbone for the development of IoT-based applications. The use of blockchain in the Internet of Things as a reliable and safe system can help improve the security and quality of the Internet of Things network and in the long run lead to energy savings and improve the efficiency of these systems. However, security challenges, including Distributed Service breach Attacks, have revealed a fundamental fault line within the blockchain-based IoT network. Therefore, according to the necessity of the problem, in this article, we intend to first examine the types of security challenges and Denial of Service Attacks in Internet of Things networks based on block chains and then examine and propose solutions for identifying, managing and dealing with these Attacks. Certainly, the correct use of such security approaches can be effective toward securing Internet of Things environments and create more quality and reliable Services and increase users' acceptance of these Services.

With the ever-increasing number of Internet of Things devices, their security is becoming a very worrying issue. Weak security measures enable Attackers to Attack IoT devices. One of these Attacks is the Distributed Denial of Service(DDOS) Attack. Therefore, the existence of intrusion detection systems in the Internet of Things is of special importance. In this research, the majority voting group approach, which is a subset of machine learning, has been used to detect and predict Attacks. The motivation for using this method is to achieve better detection accuracy and a very low false positive rate by combining several machine learning classification algorithms in heterogeneous Internet of Things networks. In this research, the new and improved CICDDOS2019 dataset has been used to evaluate the proposed method. The simulation results show that by applying the majority voting Ensemble method on five Attacks from this data set, this method respectively has achieved accuracy of detection 99. 9669%, 99. 9670%, 100%, 99. 9686% and 99. 9674% in identifying DNS, NETBIOS, LDAP, UDP and SNMP Attacks which better and more stable performance in detecting and predicting Attacks have achieved than the basic models.

Named data networks are a potential Internet architecture that is designed as a Distributed network. Named data networks are very attractive for organizations that seek to share data on public networks and for which security of transmission and content is important. Therefore, this type of network can be implemented within the integrated police network if the defects and shortcomings are eliminated. Since data transfer using a data-driven network does not require an IP address, ordinary packets are not identifiable during the transfer process, and only the sender and receiver know which data needs to be retrieved. This will provide a new layer of security, such as encryption. Now, in this article, named data networks and the effect of Distributed Denial of Service Attacks on it are studied in order to find the main weakness of this network against these Attacks. The proposed method changes the Nack and the link layer congestion detection protocol is added to the best known network path strategy. These changes have been made in order to use the network bandwidth more effectively and with the aim of making more use of these networks in case of congestion and Denial of Service Attacks. The experiments performed after simulating the proposed method resulted in at least a 70% improvement in network access and a 40% improvement in network data recovery, and a 27% improvement in the need to retransmit the network in congestion compared to previous solutions.