VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 490
AN ANALYSIS OF D-DOS ATTACK DETECTION ON NEXT GENERATION COMMUNICATION NETWORK : A REVIEW
Shekhar Nigam1
Research Scholar, Department of Computer Science and Engineering, SunRise University Dr. Sanjay Kumar Tiwari 2
Associate Professor, Department of Computer Science and Engineering, SunRise University Abstract- The nature of the threats posed by Distributed Denial of Service (DDoS) attacks on large networks, such as the Internet, demands effective detection and response methods. These methods must be deployed not only at the edge but also at the core of the network. This paper presents methods to identify DDoS attacks by computing entropy and frequency-sorted distributions of selected packet attributes. The DDoS attacks show anomalies in the characteristics of the selected packet attributes. The detection accuracy and performance are analyzed using live traffic traces from a variety of network environments ranging from points in the core of the Internet to those inside an edge network. The results indicate that these methods can be effective against current attacks and suggest directions for improving detection of more stealthy attacks. We also describe our detection- response prototype and how the detectors can be extended to make effective response decisions.
Keywords- DDoS, Machine Learning, MATLAB, 5G Network.
I. INTRODUCTION
5G is the fifth generation of mobile network technology and the successor to 4G. It promises to provide faster data speeds, lower latency, and greater capacity for mobile devices and the Internet of Things (IoT). Compared to previous generations of mobile networks, 5G offers significantly higher data transfer speeds, reaching up to 20 gigabits per second (Gbps). It also has lower latency, meaning that data can be transmitted and received much faster, resulting in quicker response times for applications and services. Additionally, 5G networks can support a much larger number of connected devices simultaneously, which is crucial for the growth of the IoT. 5G networks use advanced technologies such as massive MIMO (Multiple- Input Multiple-Output), beam forming, and network slicing to enhance network capacity and coverage. They also rely on higher frequency bands, such as millimeter wave (mmWave) and mid-band frequencies, to provide faster data speeds and lower latency. With the rollout of 5G, industries such as healthcare, transportation, and manufacturing are expected to benefit from increased connectivity and the ability to use advanced technologies such as augmented reality, virtual reality, and artificial intelligence in real-time. However, the adoption of 5G also brings new security and privacy challenges, which must be addressed to ensure the safety and integrity of 5G networks and their users.
1.2 D-DoS Attack and 5G Networks
A Distributed Denial-of-Service (DDoS) attack is a type of cyber attack where multiple systems are used to overwhelm a targeted server or network with a flood of traffic, making it unavailable to legitimate users. In a DDoS attack, the attacker takes control of a network of compromised devices, known as a botnet, and uses them to flood the target with traffic. As 5G networks become more prevalent, they are increasingly vulnerable to DDoS attacks due to their higher bandwidth and lower latency capabilities. 5G networks also rely heavily on cloud-based infrastructure, which can be targeted in DDoS attacks.
VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 491
5G networks are also more complex than previous generations of networks, with more interconnected devices and more points of vulnerability. This complexity makes them harder to secure and easier to exploit in a DDoS attack. Furthermore, the increased number of devices and sensors connected to 5G networks creates more potential entry Points for attackers, increasing the likelihood of successful attacks. In order to protect 5G networks from DDoS attacks, it is important to implement robust security measures such as firewalls, intrusion detection and prevention systems, and encryption protocols. Additionally, regular security audits and vulnerability assessments can help identify and address potential weaknesses in the network.
Fig.1 D-DoS Attack and 5G Network
II. REVIEW OF LITERATURE
Mazhar Javed Awan et.al. (2021) - In this research work presented, One major type of attack is the DDoS attack. Traditional intrusion detection techniques can only work best on slow-speed data or small data. Still, they are inefficient on big data and are incapable of handling high-speed data, so new methods adapted to work on large data to detect any signs of intrusion are needed. In this paper, we predicted DDoS attacks in real-time with different machine learning models using a big data approach. We used a distributed system, Apache Spark, and a classification algorithm to enhance the algorithms’ execution.
Additionally, we compared the results of the big data approach and how it outperforms the non-big data approach. Apache Spark is a big data tool to detect an attack in real-time with Spark ML libraries. We applied the two machine learning approaches, Random Forest (RF) and Multi-Layer Perception (MLP), through the Sickest ML library and big data framework Spark-ML library for the detection of DoS attack. In addition to the detection of DoS attacks we have optimized the performance of the models by minimizing the prediction time as compared with other existing approaches using big data framework. We achieved a similar mean accuracy in the models used, but in terms of training time and testing time big data approach outperforms the non-big data approach due to the fact that Spark performs computations in memory in a distributed manner. The minimum average training and testing time in minutes was 14.08 and 0.04, respectively, by using the big data tool (Apache Spark), and maximum average training and testing time in minutes was 34.11 and 0.46, respectively, by using the non-big data approach. Using the big data approach, we were able to detect an attack in real-time in a few milliseconds [01].
VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 492
Özgür Tonkal et.al. (2021) - In this research work presented, normal and attack traffic in the dataset obtained from the SDN environment was classified using machine learning algorithms. The customized SDN-based dataset consists of TCP, UDP, and ICMP normal and attack traffics. The dataset has statistical features such as byte count, duration_sec, packet rate, and packet per flow except for features that define source and target machines. The NCA algorithm has been used to perform an effective classification and to select the most suitable features. After analyzing 22 network features NCA algorithms, 14 effective features were selected and given as input to machine learning algorithms. More than 100 thousand network records were classified by kNN, DT, ANN, and SVM algorithms after preprocessing and feature selection. The experimental results show that DT has a better accuracy rate than the other algorithms with 100% [02].
Jalal Bhayo et. al. (2021) - In this research work tried to address the security issues faced by IoT devices in terms of DDoS attacks. It is critical to provide solutions that detect and prevent the DDoS attack launched against and or through IoT devices with minimum resource utilization capabilities. Our proposed framework is a novel approach for the detection of DDoS attacks. As the solution is deployed on SDN, we have a centralized controller possessing the complete topology of a network that can efficiently manage security threats in IoT. Due to the high computational power constraints and low-level security, IoT devices are vulnerable to attacks. We have addressed these challenges by leveraging the capabilities of SDN. In this research, we have made an SD-IoT network model on COOJA simulator. Some of the nodes in this model are configured to generate massive traffic to other nodes. The detection mechanism is deployed on the SDNWISE controller by applying IP Packet counter and Payload Detection techniques by analyzing packet logs. Early detection of suspicious traffic in IoT will be advantageous for making countermeasures, i.e., isolating IoT devices to communicate to other nodes to avoid a higher level of attack formation. This research focuses on the flooding type of DDoS detection module, adding support of IP Spoofing detection technique can further enhance the framework’s security. The simulated infrastructure is evaluated by experimenting with various attack scenarios and detection mechanisms. In the future, this research can expand the framework of DDoS attack mitigation by blocking vulnerable identified nodes and dropping or blocking their traffic on the network. Moreover, this study may be extended to address a large number of DDoS attacks in real-time enterprise networks based on IoT systems [03].
G.C. Amaizu et.al. (2021) - This research work presented, Distributed denial-of-service (DDoS) remains an ever-growing problem that has affected and continues to affect a host of web applications, corporate bodies, and governments. With the advent of fifth-generation (5G) network and beyond 5G (B5G) networks, the number and frequency of occurrence of DDoS attacks are predicted to soar as time goes by, hence there is a need for a sophisticated DDoS detection framework to enable the swift transition to 5G and B5G networks without worrying about the security issues and threats. A range of schemes has been deployed to tackle this issue, but along the line, few limitations have been noticed by the research community about these schemes. Owing to these limitations/drawbacks, this paper proposes a composite and efficient DDoS attack detection framework for 5G and B5G.
The proposed detection framework consists of a composite multilayer perception which was coupled with an efficient feature extraction algorithm and was built not just to detect a DDoS attack, but also, return the type of DDoS attack it encountered. At the end of the simulations and after testing the proposed framework with an industry-recognized dataset,
VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 493
results showed that the framework is capable of detecting DDoS attacks with a high accuracy score of 99.66% and a loss of 0.011. Furthermore, the results of the proposed detection framework were compared with their contemporaries [04].
C. Murugesh et.al. (2023) - In this research work presented, Wireless Sensor networks (WSN) are a new technology and are huge potential that is utilized in crucial moments such as battlefields and commercial applications namely habitat monitoring and smart homes, building, traffic surveillance, etc. Among the main problems WSNs currently affecting is security. But the utilization of sensor nodes (SNs) from the unattended platform creates the networks vulnerable to variation of potential attacks, the inherent power and memory restrictions of SNs create ordinary security solutions impossible. This article develops a Spotted Hyena Optimizer with Quantum Neural Network for DDoS Attack Classification (SHOQNN-AC) technique for WSN. The major intention of the SHOQNN-AC technique lies in the proper identification of DDoS attacks in the WSN. To accomplish this, the SHOQNN-AC technique performs data scaling process using min-max scaler. For DDoS attack detection, the SHOQNN-AC technique employs QNN classification model which proficiently recognizes the DDoS attacks in the network. To boost the attack detection efficiency of the SHOQNN- AC technique, the SHO algorithm is exploited for parameter selection procedure. The performance validation of SHOQNN-AC technique is tested on benchmark WSN-DS dataset.
The experimental outcome demonstrates the significance of the SHOQNN-AC algorithm over other models [05].
Tariq Emad Ali et.al. (2023) - In this research work presented, It may be quite difficult to distinguish between DDoS assaults with various rates and patterns and normal traffic.
Over the years, many effective ML/DL methods for DDoS attack detection have been suggested by different researchers. Sadly, however, the applicability of these techniques is severely constrained due to attackers constantly changing their attack tactics. Findings involving the SLR protocol are evaluated and drawn from in this review in order to assess the state-of-the-art DDoS assault detection systems based on ML/DL approaches. The literature has been summarized in accordance with the suggested taxonomy for DDoS attack detection using ML/DL techniques, with each study’s respective advantages and disadvantages listed. The accuracy rate reported in much of the literature is over 99%.
Because the majority of these studies assessed their models using offline data analysis for evaluation and comparison, certain metrics for performance may vary in a real-world or production settings. In particularly, we note that existing papers have generally not employed the same DS or assessment techniques, making comparisons between their results difficult [06].
III Type of DDoS attack
There are several types of DDoS (Distributed Denial of Service) attack detection techniques that can be used to identify and mitigate such attacks. Here are some common techniques:
Signature-based detection: This approach involves looking for specific patterns or signatures of known DDoS attacks in network traffic. For example, if a DDoS attack is known to use a specific type of packet with a particular payload, the detection system can look for that packet and drop it before it reaches its target.
Anomaly-based detection: This approach involves looking for abnormal behavior in network traffic that may indicate a DDoS attack. For example, sudden spikes in traffic from a particular IP address or unusual patterns of traffic can indicate a DDoS attack.
Behavioral-based detection: This approach involves monitoring the behavior of the network and its users to identify potential DDoS attacks. For example, monitoring the usage patterns of a particular user or group of users can help identify when
VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 494 they are engaging in malicious activity.
Hybrid detection: This approach combines the strengths of the previous three techniques to create a more effective DDoS detection system. By using a combination of signature-based, anomaly-based, and behavioral-based detection, the system can detect and mitigate DDoS attacks more accurately.
It is important to note that no single detection technique can provide 100%
protection against DDoS attacks. A comprehensive DDoS protection strategy should include a combination of these techniques, along with other measures such as traffic filtering and rate limiting.
IV Problem in DDos Attack
DDoS (Distributed Denial of Service) attacks can be a significant problem in any network, including 5G networks. In a DDoS attack, a large number of devices or computers are used to overwhelm a network, server, or website with traffic, rendering it unable to function properly.
In a 5G network, DDoS attacks can be particularly damaging because of the network's high bandwidth and low latency capabilities. An attacker could potentially use multiple 5G devices to generate a massive amount of traffic that would quickly overwhelm the network's infrastructure.
To mitigate the risk of DDoS attacks in a 5G network, network administrators and service providers can employ a variety of strategies, such as:
Implementing traffic filtering mechanisms to block malicious traffic from reaching the network.
Using intrusion detection and prevention systems to monitor network traffic and detect anomalies that may indicate an attack.
Utilizing load balancers to distribute traffic across multiple servers or network segments, reducing the impact of an attack.
Deploying firewalls to block traffic from known sources of malicious traffic.
Implementing rate-limiting measures to limit the amount of traffic that can be sent to the network from any single source.
Conducting regular security audits to identify potential vulnerabilities and address them before they can be exploited.
Overall, it is essential to take proactive measures to protect 5G networks from DDoS attacks to ensure the network's reliability and availability for users.
V Conclusion and Future Work
DDoS (Distributed Denial of Service) attacks on 5G networks can cause significant disruptions and can potentially bring down critical services. In this context, it is important to understand the impact of such attacks on 5G networks and take necessary steps to mitigate them.
One of the primary challenges with 5G networks is their high reliance on software- defined networking (SDN) and network function virtualization (NFV) technologies.
These technologies make the network more agile and flexible but also increase its attack surface. DDoS attacks can exploit vulnerabilities in these technologies to bring down the network.
To prevent DDoS attacks on 5G networks, various strategies can be implemented, including traffic filtering, access control, and behavioral analysis. It is also crucial to maintain up-to-date security patches, monitor network traffic for anomalies,
VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 495 and implement effective response and recovery mechanisms.
In terms of future work, research on AI-based DDoS detection and mitigation techniques is gaining traction. AI can be used to analyze network traffic patterns, identify anomalies, and take corrective actions in real-time. Moreover, the use of block chain technology is also being explored to enhance the security of 5G networks.
In conclusion, DDoS attacks on 5G networks can have severe consequences, and it is vital to have proper security measures in place to prevent such attacks. As technology continues to evolve, it is essential to keep pace with emerging threats and develop innovative solutions to mitigate them.
REFERENCES
1. Mazhar Javed Awan , Umar Farooq, Hafiz Muhammad Aqeel Babar, Awais Yasin, Haitham Nobanee , Muzammil Hussain , Owais Hakeem and Azlan Mohd Zain “Real- Time DDoS Attack Detection System Using Big Data Approach” Volume 13 Issue 19 , 27 September 2021.
2. Özgür Tonkal, Hüseyin Polat, Erdal Ba¸saran, Zafer Cömert and Ramazan Kocao ˘glu
“Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking” Volume 10 Issue 11, 21 May 2021.
3. Jalal Bhayo, Riaz Jafaq, Awais Ahmed, Sufian Hameed, and Syed Attique Shah “A Time- Efficient Approach Towards DDoS Attack Detection in IoT Network using SDN” APRIL 2021
4. C. Murugesh; S. Murugan “Modelling of Optimal Quantum Neural Network for DDoS Attack Classification in Wireless Sensor Networks” 02-04 February 2023.
5. Kanwal Rashid, Kanwal Rashid , Yousaf Saeed, Abid Ali, Faisal Jamil, Reem Alkanhel and Ammar Muthanna “An Adaptive Real-Time Malicious Node Detection Framework Using Machine Learning in Vehicular Ad-Hoc Networks (VANETs)” Volume 23 , Issue 5, 26 February 2023.
6. M. Dhinu Lal And Ramesh Varadarajan “A Review of Machine Learning Approaches in Synchrophasor Technology” Volume 11, 2023.
7. Özgür Tonkal, Hüseyin Polat, Erdal Ba¸saran, Zafer Cömert and Ramazan Kocao ˘glu
“Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking” Volume 10 Issue 11, 21 May 2021.
8. Jalal Bhayo, Riaz Jafaq, Awais Ahmed, Sufian Hameed, and Syed Attique Shah “A Time- Efficient Approach Towards DDoS Attack Detection in IoT Network using SDN” APRIL 2021
9. Bhatia, Sajal. "Ensemble-based model for DDoS attack detection and flash event separation." In 2016 Future Technologies Conference (FTC), pp. 958-967. IEEE, 2016.
10. Hoque, Nazrul, Dhruba K. Bhattacharyya, and Jugal K. Kalita. "Botnet in DDoS attacks:
trends and challenges." IEEE Communications Surveys & Tutorials 17, no. 4 (2015):
2242-2270.
11. Mousavi, Seyed Mohammad, and Marc St-Hilaire. "Early detection of DDoS attacks against SDN controllers." In 2015 international conference on computing, networking and communications (ICNC), pp. 77-81. IEEE, 2015.
12. Ashraf, Javed, and Seemab Latif. "Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques." In 2014 National software engineering conference, pp. 55-60. IEEE, 2014.
13. Balkanli, Eray, Jander Alves, and A. Nur Zincir-Heywood. "Supervised learning to detect DDoS attacks." In 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), pp. 1-8. IEEE, 2014.
VOLUME: 10, Special Issue 01, (IC-IESP-MULTI-2023) Paper id-IJIERM-X-I, January 2023 496
14. Kumar, Alok, Sandeep Kumar Shukla, Archana Sharma, and Pranay Yadav. "A Robust Approach for Image Super-Resolution using Modified Very Deep Convolution Networks."In 2022 International Conference on Applied Artificial Intelligence and Computing (ICAAIC), pp. 259-265. IEEE, 2022.
15. Mishra, Akhil, Ritu Shrivastava, and Pranay Yadav."A Modified Cascaded Feed Froward Neural Network Distributed Denial of Service Attack Detection using Improved Regression based Machine Leaning Approach."In 2022 6th International Conference on Trends in Electronics and Informatics (ICOEI), pp. 1292-1299. IEEE, 2022.
16. Tiwari, Sandeep, Nitesh Gupta, and Pranay Yadav. "Diabetes Type2 Patient Detection Using LASSO Based CFFNN Machine Learning Approach."In 2021 8th International Conference on Signal Processing and Integrated Networks (SPIN), pp. 602-608. IEEE, 2021.
17. Tiwary, Abhigyan, M. Kumar, and Pranay Yadav."Prediction of Covid-19 Patient in United States of America Using Prophet Model." In 2021 International Conference on Advances in Technology, Management & Education (ICATME), pp. 94-99. IEEE, 2021.
18. Tiwari, Prayag, Pranay Yadav, Sachin Kumar, Brojo Kishore Mishra, Gia Nhu Nguyen, Sarada Prasad Gochhayat, Jagendra Singhk, and Mukesh Prasad. "Sentiment analysis for airlines services based on Twitter dataset." Social Network Analytics: Computational Research Methods and Techniques 149 (2018).
19. Singh, Jagendra, Mukesh Prasad, Yousef Awwad Daraghmi, Prayag Tiwari, Pranay Yadav, Neha Bharill, Mahardhika Pratama, and Amit Saxena. "Fuzzy logic hybrid model with semantic filtering approach for pseudo relevance feedback-based query expansion."
In 2017 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1-7. Ieee, 2017.
20. Image Processing & Video Processing
21. Chavate, Shrikant, Ravi Mishra, and Pranay Yadav. "A Comparative Analysis of Video Shot Boundary Detection using Different Approaches." In 2021 10th International Conference on System Modeling & Advancement in Research Trends (SMART), pp. 1-7.
IEEE, 2021.
22. Yadav, Pranay. "Color image noise removal by modified adaptive threshold median filter for RVIN." In 2015 International Conference on Electronic Design, Computer Networks
& Automated Verification (EDCAV), pp. 175-180. IEEE, 2015.
23. Sharma, Shachi, and Pranay Yadav. "Removal of fixed valued impulse noise by improved Trimmed Mean Median filter." In 2014 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1-8. IEEE, 2014.
24. Yadav, Pranay, and Parool Singh. "Color impulse noise removal by modified alpha trimmed median mean filter for FVIN." In 2014 IEEE International Conference on Computational Intelligence and Computing Research, pp. 1-8. IEEE, 2014.
