Multi-agent-based DDoS detection on big data systems

Osei, Solomon

January 2018

The Hadoop framework has become the most deployed platform for processing Big Data. Despite its advantages, Hadoop s infrastructure is still deployed within the secured network perimeter because the framework lacks adequate inherent security mechanisms against various security threats. However, this approach is not sufficient for providing adequate security layer against attacks such as Distributed Denial of Service. Furthermore, current work to secure Hadoop s infrastructure against DDoS attacks is unable to provide a distributed node-level detection mechanism. This thesis presents a software agent-based framework that allows distributed, real-time intelligent monitoring and detection of DDoS attack at Hadoop s node-level. The agent s cognitive system is ingrained with cumulative sum statistical technique to analyse network utilisation and average server load and detect attacks from these measurements. The framework is a multi-agent architecture with transducer agents that interface with each Hadoop node to provide real-time detection mechanism. Moreover, the agents contextualise their beliefs by training themselves with the contextual information of each node and monitor the activities of the node to differentiate between normal and anomalous behaviours. In the experiments, the framework was exposed to TCP SYN and UDP flooding attacks during a legitimate MapReduce job on the Hadoop testbed. The experimental results were evaluated regarding performance metrics such as false-positive ratio, false-negative ratio and response time to attack. The results show that UDP and TCP SYN flooding attacks can be detected and confirmed on multiple nodes in nineteen seconds with 5.56% false-positive ration, 7.70% false-negative ratio and 91.5% success rate of detection. The results represent an improvement compared to the state-of the-art.

Design and Implementation of a Deep Learning based Intrusion Detection System in Software-Defined Networking Environment

Niyaz, Quamar

January 2017

No description available.

Computer Engineering

Computer Science

Obrana před volumetrickými DDoS útoky v prostředí SDN / Mitigation of Volumetric DDoS Attacks in SDN Environment

Hodes, Vojtěch

January 2017

The aim of this Master's thesis is to explore different attitudes and to design various monitoring and detection concepts of volumetric DDoS attacks in core networks. The thesis deals with data flow control protocols with an emphasis on a modern technology of Software Defined Networks. The last part of the thesis describes verification of the theory by setting up a laboratory environment for volumetric DDoS UDP Flood simulation, detection and automated mitigation.

Potlačení DoS útoků s využitím strojového učení / Mitigation of DoS Attacks Using Machine Learning

Goldschmidt, Patrik

January 2021

Útoky typu odoprenia služby (DDoS) sú v dnešných počítačových sieťach stále frekventovanejším bezpečnostným incidentom. Táto práca sa zameriava na detekciu týchto útokov a poskytnutie relevantných informácii za účelom ich mitigácie v reálnom čase. Spomínaná funkcionalita je dosiahnutá s využitím techník prúdového dolovania z dát a strojového učenia. Výsledkom práce je sada nástrojov zastrešujúca celý proces strojového učenia - od vlastnej extrakcie príznakov cez predspracovanie dát až po export natrénovaného modelu pripraveného na nasadenie v produkcii. Experimentálne výsledky vyhodnotené na viacerých reálnych a syntetických dátových sadách poukazujú na presnosť systému väčšiu ako 99% s možnosťou spoľahlivej detekcie prebiehajúceho útoku do 4 sekúnd od jeho začiatku.

Advancing DDoS Detection in 5GNetworks Through Machine Learningand Deep Learning Techniques

Bomidika, Sai Teja Reddy

January 2024

This thesis explores the development and validation of advanced Machine Learning (ML) and Deep Learning (DL) algorithms for detecting Distributed Denial of Service (DDoS) attacks within 5th Generation (5G) telecommunications networks. As 5G technologies expand, the vulnerability of these networks to cyber threats that compromise service integrity increases, necessitating robust detection mechanisms. The primary aim of this research is to develop and validate ML and DL algorithms that effectively detect DDoS attacks within 5G telecommunications networks. These algorithms will leverage real-time data processing to enhance network security protocols and improve resilience against cyber threats. A robust simulated environment using free 5GC and UERANSIM was established to mimic the complex dynamics of 5G networks. This facilitated the controlled testing of various ML and DL models under both normal and attack conditions. The models developed and tested include Bidirectional Encoder Representations from Transformer (BERT), Bidirectional Long Short-Term Memory (BiLSTM), Multilayer Perceptron (MLP), a Custom Convolutional Neural Network (CNN), Random Forest, Support Vector Machine (SVM), and XGBoost. The ensemble model combining Random Forest and XGBoost showed superior performance, making it suitable for the dynamic 5G environment. However, the study also highlights the complications of ensemble models, such as increased computational complexity and resource demands, which may limit their practicality in resource-constrained settings. This thesis addresses a critical research gap by evaluating modern DL techniques, traditional ML models, and ensemble methods within a simulated 5G environment. This comparative analysis helps identify the most effective approach for real-time DDoS detection, balancing accuracy, complexity, and resource efficiency. The findings indicate that the tailored ML, DL and Ensemble models developed are highly effective in detecting DDoS attacks, demonstrating high accuracy and efficiency in real-time threat detection. This highlights the potential for these models to be adapted for real-world applications in modern telecommunications infrastructures. In conclusion, this thesis contributes substantially to the field of cybersecurity in 5G networks by demonstrating that ML and DL models, developed and tested in a sophisticated simulated environment, can significantly enhance network security protocols. These models offer promising approaches to securing emerging telecommunications infrastructures against continuously evolving cyber threats, thus supporting the stability and reliability of 5G networks globally.

5G Telecommunications Networks

DDoS detection

machine learning

deep learning

network security

Simulation-based Analysis

Network Security

Ensemble mechanism

Recurrent Neural Network (RNN)

BERT

BiLSTM

Attack Detection Performance.

Telecommunications

Telekommunikation