Repository logo

Browsing by Issue Date, starting with "2025-02-28"

Filter results by year or month
Now showing 1 - 1 of 1
  • Detection of Stealthy Distributed Denial of Service Attacks Using Artificial Intelligence Methods
    Publication . Rios, Vinícius de Miranda; Freire, Mário Marques; Magoni, Damien
    Distributed Denial of Service (DDoS) attacks have been used to disrupt various online activities. The significant traffic volume of these distributed attacks has enabled the identification of signatures and behavior profiles that fostered the development of detection mechanisms for mitigating these attacks. However, as new attack types emerge, such as low-rate Denial of Service (DoS) attacks, new detection mechanisms need to be developed to combat these evolving threats effectively. Many detection mechanisms rely primarily on statistical analysis to identify low-rate DoS attacks in data traffic. However, these methods often exhibit a high rate of false negatives and are only applicable to small-scale data. Artificial intelligence techniques have been widely employed in various fields, including social network analysis and disease monitoring, and have gradually gained prominence in the field of cybersecurity in recent years. This thesis focuses on studying and developing detection mechanisms that exhibit effective performance against two specific types of low-rate DoS attacks: the Reduction of Quality (RoQ) attack and the Slowloris attack. For the RoQ attack, we examine the traffic transmission format to create a similar one, as there is no existing software capable of generating this type of attack traffic on the internet. For the Slowloris attack, we utilized free and open-source software specifically developed for this purpose. Subsequently, we analyze the traffic from both attacks and extract features that can be used by detection mechanisms. In this thesis, two approaches have been developed for classifying and detecting RoQ and Slowloris attacks: one approach is based on the separate use of a set of traditional Machine Learning (ML) algorithms and the second approach is based on fuzzy logic plus one traditional ML algorithm (that previously led to good classification results) and Euclidean distance. For the RoQ attack detection, the first approach uses eleven separate machine learning algorithms, namely K-Nearest Neighbors (K-NN), Multilayer Perceptron Neural Network (MLP), Support Vector Machine (SVM), Multinomial Naive Bayes (MNB), Gaussian Naive Bayes (GNB), Decision Tree (DT), Random Forest (RF), Gradient Boosting (XGB), Logistic Regression (LR), AdaBoost, and Light Gradient Boosting Machine (LGBM), while the second approach consists in our proposed method which combines fuzzy logic, the MLP algorithm, and the Euclidean distance method. For the Slowloris attack detection, the first approach utilizes nine machine learning algorithms, namely KNN, GNB, MLP, SVM, DT, MNB, RF, XGB, and LGBM, while the second approach consists in our proposed method which combines fuzzy logic, the RF algorithm, and the Euclidean distance method. Both approaches utilize previously selected features to classify the data traffic as either attack traffic or legitimate traffic. The obtained results show that some ML algorithms (namely MLP and RF) as well as our approach based on fuzzy logic, one ML algorithm, and Euclidean distance are good candidates to be used to classify RoQ and Slowloris attacks, but the latter approach with a slightly longer runtime for detecting them.
    2025-02-28Doctoral thesis Open access Show more