Cybersecurity Defence Mechanism Against DDoS Attack with Explainability

Article Sidebar

PDF PDF Views 135 views
Published: Dec 26, 2024
DOI: https://doi.org/10.58496/MJCS/2024/027
Keywords:
Application layer attack, DDoS detection, DDoS Mitigation, SHAP

Main Article Content

Alaa Mohammed Mahmood
Computer Engineering, Karabuk University, Karabuk, 78000, Turkey.
İsa Avcı
Computer Engineering, Karabuk University, Karabuk, 78000, Turkey.

Abstract

Application-layer attacks (Layer 7 attacks), a form of distributed denial-of-service (DDoS) aimed at web servers, have become a significant concern in cybersecurity because of their ability to disrupt services by overwhelming server resources. This study focuses on addressing the challenges of detecting and mitigating the impact of such attacks, which are difficult to counter due to their sophisticated nature. The primary objective of this study is to develop an effective monitoring and defence model to detect, defend, and respond to these attacks efficiently. To achieve this, SHapley Additive exPlanations (SHAP) technology was used to understand the behaviour of the model and to increase the efficiency of the detection classifiers. The defence model is designed with three states: normal, observing, and suspicious. The observing mode, which represents the detection part, is triggered when the server load exceeds a predefined threshold. The detection system incorporates five machine learning (ML) algorithms: decision trees (DTs), support vector machines (SVMs), logistic regression (LR), naive Bayes (NB), and K-nearest neighbours (KNNs). A stacked classifier (SC) was then employed to combine these models to achieve optimal performance. The algorithms were evaluated in terms of accuracy (ACC), precision (PRC), recall (REC), F1 score (F1), and time (T). The SC demonstrates superior accuracy in distinguishing between legitimate traffic and malicious traffic. If the server continues to suffer from overload, the suspicious part of the defence model will be activated, and the mitigation algorithm will be called, which, in turn, bans users responsible for the attack and prevents illegitimate users from connecting to the server. The effects of the mitigation algorithm were noticeable in the server traffic rate, transmission rate, memory utilization, and CPU utilization, confirming its ability to defend against application-layer attacks.


 

Downloads

Download data is not yet available.

Article Details

How to Cite
Mahmood , A. M., & Avcı , İsa. (2024). Cybersecurity Defence Mechanism Against DDoS Attack with Explainability. Mesopotamian Journal of CyberSecurity, 4(3), 278–290. https://doi.org/10.58496/MJCS/2024/027
Issue
Vol. 4 No. 3 (2024)
Section
Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Crossref
Scopus
Google Scholar
Europe PMC

References

S. Wani, M. Imthiyas, H. Almohamedh, K. M. Alhamed, S. Almotairi, and Y. Gulzar, "Distributed denial of service (DDoS) mitigation using blockchain—A comprehensive insight," Symmetry, vol. 13, no. 2, p. 227, 2021.

M. Roopak, G. Y. Tian, and J. Chambers, "Multi‐objective‐based feature selection for DDoS attack detection in IoT networks," IET Networks, vol. 9, no. 3, pp. 120–127, 2020.

Mishra, B. B. Gupta, and R. C. Joshi, "A comparative study of distributed denial of service attacks, intrusion tolerance and mitigation techniques," in Proc. European Intelligence and Security Informatics Conf., pp. 286–289, Sep. 2011.

Abhishta, W. van Heeswijk, M. Junger, L. J. Nieuwenhuis, and R. Joosten, "Why would we get attacked? An analysis of attacker's aims behind DDoS attacks," J. Wirel. Mob. Netw. Ubiquitous Comput. Dependable Appl., vol. 11, no. 2, pp. 3–22, 2020.

Liu and J. Huang, "DDoS Defense Systems in Large Enterprises: A Comprehensive Review of Adoption, Challenges, and Strategies," J. Artif. Intell. Mach. Learn. Manage., vol. 2, no. 1, pp. 1–21, 2018.

R. Uddin, S. A. Kumar, and V. Chamola, "Denial of Service attacks in Edge computing layers: Taxonomy, Vulnerabilities, Threats and Solutions," Ad Hoc Netw., vol. 138, p. 103322, 2023.

Z. Liu, H. Jin, Y. C. Hu, and M. Bailey, "Practical proactive DDoS-attack mitigation via endpoint-driven in-network traffic control," IEEE/ACM Trans. Netw., vol. 26, no. 4, pp. 1948–1961, 2018.

Kumar, "Emerging Threats in Cybersecurity: A Review Article," Int. J. Appl. Nat. Sci., vol. 1, no. 1, pp. 1–8, 2023.

R. R. Brooks, L. Yu, I. Özcelik, J. Oakley, and N. Tusing, "Distributed denial of service (DDoS): a history," IEEE Ann. Hist. Comput., vol. 44, no. 2, pp. 44–54, 2021.

A. Ophardt, "Cyber warfare and the crime of aggression: The need for individual accountability on tomorrow's battlefield," Duke L. Tech. Rev., vol. 9, pp. 1–10, 2010.

Sonar and H. Upadhyay, "A survey: DDOS attack on Internet of Things," Int. J. Eng. Res. Dev., vol. 10, no. 11, pp. 58–63, 2014.

Arora, K. Kumar, and M. Sachdeva, "Impact analysis of recent DDoS attacks," Int. J. Comput. Sci. Eng., vol. 3, no. 2, pp. 877–883, 2011.

H. A. Salman and A. Alsajri, “The Evolution of Cybersecurity Threats and Strategies for Effective Protection. A review”, SHIFRA, vol. 2023, pp. 73–85, Aug. 2023, doi: 10.70470/SHIFRA/2023/009.

Kashaf, V. Sekar, and Y. Agarwal, "Analyzing third party service dependencies in modern web services: Have we learned from the mirai-dyn incident?," in Proc. ACM Internet Meas. Conf., pp. 634–647, Oct. 2020.

R. Singh, S. Tanwar, and T. P. Sharma, "Utilization of blockchain for mitigating the distributed denial of service attacks," Secur. Privacy, vol. 3, no. 3, p. e96, 2020.

V. R. Guntamukalla, "Mitigation Against Distributed-Denial of Service Attacks Using Distribution and Self-Learning Aegis System," Ph.D. dissertation, Texas A&M Univ.-Kingsville, 2017.

Coburn, E. Leverett, and G. Woo, Solving cyber risk: protecting your company and society, John Wiley & Sons, 2018.

İ. Özçelik and R. Brooks, Distributed denial of service attacks: Real-world detection and mitigation, CRC Press, 2020.

Y. L. Khaleel, M. A. Habeeb, and H. Alnabulsi, “Adversarial Attacks in Machine Learning: Key Insights and Defense Approaches ”, Applied Data Science and Analysis, vol. 2024, pp. 121–147, Aug. 2024.

Fachkha, E. Bou-Harb, and M. Debbabi, "Inferring distributed reflection denial of service attacks from darknet," Comput. Commun., vol. 62, pp. 59–71, 2015.

Karami, Y. Park, and D. McCoy, "Stress testing the booters: Understanding and undermining the business of DDoS services," in Proc. 25th Int. Conf. World Wide Web, pp. 1033–1043, Apr. 2016.

J. Scott Sr and W. Summit, "Rise of the machines: The dyn attack was just a practice run," Inst. Crit. Infrastruct. Technol., Washington, DC, USA, 2016.

L. Hussain, “Fortifying AI Against Cyber Threats Advancing Resilient Systems to Combat Adversarial Attacks”, EDRAAK, vol. 2024, pp. 26–31, Mar. 2024, doi: 10.70470/EDRAAK/2024/004.

R. A. Yusof, N. I. Udzir, and A. Selamat, "Systematic literature review and taxonomy for DDoS attack detection and prediction," Int. J. Digit. Enterp. Technol., vol. 1, no. 3, pp. 292–315, 2019.

Z. Gavric and D. Simic, "Overview of DOS attacks on wireless sensor networks and experimental results for simulation of interference attacks," Ingeniería e Investigación, vol. 38, no. 1, pp. 130–138, 2018.

C. S. Kalutharage, X. Liu, C. Chrysoulas, N. Pitropakis, and P. Papadopoulos, "Explainable AI-based DDOS attack identification method for IoT networks," Computers, vol. 12, no. 2, p. 32, 2023.

J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Comput. Commun. Rev., vol. 34, no. 2, pp. 39–53, 2004.

Akinwale, E. Olajubu, and A. Aderounmu, "A Regeneration Model for Mitigation Against Attacks on HTTP Servers for Mobile Wireless Networks," Int. J. Electr. Comput. Eng. Syst., vol. 15, no. 5, pp. 395–406, 2024.

A. Dogra and N. Taqdir, "Enhancing DDoS Attack Detection and Network Resilience Through Ensemble-Based Packet Processing and Bandwidth Optimization," Deleted J., vol. 2, no. 4, pp. 930–937, 2024. doi: 10.47392/irjaeh.2024.0130.

Tedyyana, O. Ghazali, and O. W. Purbo, "Machine learning for network defense: automated DDoS detection with telegram notification integration," Indones. J. Electr. Eng. Comput. Sci., vol. 34, no. 2, pp. 1102, 2024.

Bindu, A. V. S. Harika, D. Swetha, and M. Sahithi, "SDN Network DDOS Detection Using ML," Int. J. Innov. Sci. Res. Technol., pp. 811–817, 2024.

S. salman Qasim and S. M. NSAIF, “Advancements in Time Series-Based Detection Systems for Distributed Denial-of-Service (DDoS) Attacks: A Comprehensive Review”, BJN, vol. 2024, pp. 9–17, Jan. 2024.

Laiq, F. Al-Obeidat, A. Amin, and F. Moreira, "DDoS Attack Detection in Edge-IIoT Network Using Ensemble Learning," J. Phys. Complex., 2024.

L. Becerra-Suarez, I. Fernández-Roman, and M. G. Forero, "Improvement of Distributed Denial of Service Attack Detection through Machine Learning and Data Processing," Mathematics, vol. 12, no. 9, p. 1294, 2024. doi: 10.3390/math12091294.

Cynthia, D. Ghosh, and G. K. Kamath, "Detection of DDOS attacks using SHAP-Based feature reduction," Int. J. Mach. Learn., vol. 13, no. 4, pp. 173–180, 2023. doi: 10.18178/ijml.2023.13.4.1147.

Z. Zhou, Ensemble Methods: Foundations and Algorithms, CRC Press, 2012. doi: 10.1201/b12207.