服务拒绝攻击
计算机科学
人工智能
机器学习
计算机安全
操作系统
互联网
作者
Marcos J. Santos‐Neto,Jacir L. Bordim,Eduardo Alchieri,Edison Ishikawa
摘要
Summary Software defined network (SDN) has emerged as a new paradigm in terms of network architecture, providing flexibility, agility, and programmability to network management. These benefits boosted the SDN adoption, bringing new challenges mainly related to security, in particular, those related to Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. The detection, prevention, and mitigation of these attacks are important since they can affect the entire network. Many current security measures use statistical techniques, as entropy, or machine learning (ML) algorithms to detect DoS and DDoS attacks. While the definition of a threshold to determine whether a traffic is an attack is not trivial in statistical techniques, ML solutions may provide better accuracy but require considerable computational resources and time to converge to a model able to detect these attacks. Trying to circumvent these limitations, current hybrid approaches either use the results from entropy as input in ML algorithms (EntropyML) or use entropy as a filter and ML algorithms to identify attacks. This work goes one step ahead and combines these techniques in a three‐step approach (EntropyMLEntropy), called ML‐Entropy, which inherits the intelligence of ML algorithms to adjust the threshold used by entropy. The proposed solution was implemented and evaluated in two datasets, the well‐known synthetic DARPA dataset and a dataset composed by traffic collected from a real‐corporate environment. Experimental results show that, in general, ML‐Entropy presents an accuracy above 99%, similar to support vector machine (SVC) and random forest (RF) algorithms, being able to converge to a detection model up to and faster than RF and SVC, respectively.
科研通智能强力驱动
Strongly Powered by AbleSci AI