Submitted Successfully!
To reward your contribution, here is a gift for you: A free trial for our video production service.
Thank you for your contribution! You can also upload a video entry or images related to this topic.
Version Summary Created by Modification Content Size Created at Operation
1 -- 3021 2023-08-11 02:26:16 |
2 format correction -10 word(s) 3011 2023-08-11 02:38:53 |

Video Upload Options

Do you have a full video?

Confirm

Are you sure to Delete?
Cite
If you have any further questions, please contact Encyclopedia Editorial Office.
Haseeb-Ur-Rehman, R.M.A.; Aman, A.H.M.; Hasan, M.K.; Ariffin, K.A.Z.; Namoun, A.; Tufail, A.; Kim, K. DDOS Attack Detection in High-Speed Network. Encyclopedia. Available online: https://encyclopedia.pub/entry/47929 (accessed on 22 June 2024).
Haseeb-Ur-Rehman RMA, Aman AHM, Hasan MK, Ariffin KAZ, Namoun A, Tufail A, et al. DDOS Attack Detection in High-Speed Network. Encyclopedia. Available at: https://encyclopedia.pub/entry/47929. Accessed June 22, 2024.
Haseeb-Ur-Rehman, Rana M. Abdul, Azana Hafizah Mohd Aman, Mohammad Kamrul Hasan, Khairul Akram Zainol Ariffin, Abdallah Namoun, Ali Tufail, Ki-Hyung Kim. "DDOS Attack Detection in High-Speed Network" Encyclopedia, https://encyclopedia.pub/entry/47929 (accessed June 22, 2024).
Haseeb-Ur-Rehman, R.M.A., Aman, A.H.M., Hasan, M.K., Ariffin, K.A.Z., Namoun, A., Tufail, A., & Kim, K. (2023, August 11). DDOS Attack Detection in High-Speed Network. In Encyclopedia. https://encyclopedia.pub/entry/47929
Haseeb-Ur-Rehman, Rana M. Abdul, et al. "DDOS Attack Detection in High-Speed Network." Encyclopedia. Web. 11 August, 2023.
DDOS Attack Detection in High-Speed Network
Edit

Two forms of DoS attack are troubling, DoS and DDoS (DDoS). Typically, DDoS attacks occur through linked devices from numerous locations. The attack can cause unusual activity that interrupts the regular traffic of specific servers, services, and networks through data bombardment from nearby infrastructure. This unusual activity creates tremendous continuous service requests to the servers and networks, making it difficult to identify a trustworthy source.

denial of service distributed denial of service cyber–physical system machine learning high-speed network intrusion detection system

1. Introduction

With the increase in network traffic through the introduction of devices such as remote sensors, intelligent devices, self-drive Global Positioning System (GPS)-connected vehicles, 5G data transmission, smartphones, and cloud computing, the size of the internet is rapidly increasing [1]. There are approximately 4.66 billion internet users globally, which amounts to 59.5% of the global population. Similarly, approximately 53.6% of the global population are social media users, while smartphone users constitute 66.6%. Overall, the total population connected to the digital world was approximately 7.83 billion in 2021, with an anticipated annual growth of 316 million users. The expected internet user growth is alarming, especially when it comes to internet security and the integrity of Cyber–Physical Systems (CPS) [2]. Although the internet helps with different aspects of life and makes life more convenient, it creates many security risks. A typical example of these risks is malicious attacks such as DoS attacks, deception attacks, and reply attacks, all of which are types of cyber-attack. Their objectives and methods are different. DoS attacks aim to disrupt availability and deception attacks involve manipulation and trickery, whereas replay attacks focus on intercepting and reusing valid data to gain unauthorized access or manipulate systems. In addition, Denial-of-Service (DoS) attacks are related to breaches in user privacy and compromised security [3].
Generally, two forms of DoS attack are troubling, DoS and DDoS (DDoS). Typically, DDoS attacks occur through linked devices from numerous locations. The attack can cause unusual activity that interrupts the regular traffic of specific servers, services, and networks through data bombardment from nearby infrastructure. This unusual activity creates tremendous continuous service requests to the servers and networks, making it difficult to identify a trustworthy source. For example, in the Internet of things (IoT) environment, an attacker can quickly attack thousands of devices on a large scale [4][5][6][7]. For a practical CPS communication network, time delay is an important issue. A durable, adaptive DSC based on the dwell-time strategy and switching perspective was developed for a time-delayed switched nonlinear CPS under hybrid attacks on sensor measurements [8]. To investigate the stochastic characteristics of end-to-end network-induced time delay in a time-critical smart substation CPS context, the components of a smart substation CPS, such as data flow, communication network, and intelligent electronic devices (IEDs), are modelled [9]. In the case of time delay attacks (TDAs), which exploit communication channel weaknesses to cause potentially serious harm to a system, many of the approaches suggested for TDA detection have been evaluated exclusively offline and under strict assumptions of building a practical method for dealing with real-world problems [10]. DDoS attacks can be application layer attacks, protocol attacks, and volume-based attacks, and detecting them is more challenging on high-speed networks (HSNs). In HSNs, which consist of optical fiber networks with data rates of 100 Gbs, the context switching of network processing due to a DoS attack can reduce network speed due to a packet associated with a system call and a copy of the transition propagating across the network [11].
Since the speed of data processing on networks has grown, detecting DDoS attacks has become more complicated, raising security risks. Figure 1 illustrates a scenario of a DDoS attack occurring in a high-speed network. Additionally, researchers face enormous challenges in addressing DDoS attacks due to the network speed and different types of data entering the network [12]. Several DDoS attack detection techniques have been proposed, with two common types of detection, namely misuse detection and abnormal detection [13][14]. Both detection systems have limitations regarding the parameters selected for detecting network patterns. The advantage of misuse detection is that it provides a high accuracy; however, it requires complete information on the network. In contrast, prior knowledge of the network is not acquired in abnormal detection, but this approach does not provide the high accuracy offered by misuse detection [15].
Figure 1. DDoS attack in a high-speed network scenario.
In recent years, there have been several reviews in the literature of DoS attacks. For example, the authors of [16] presented the taxonomy of low-rate DoS attacks based on a three-layer modus operandi. The review included slow rate, service queue, and Quality of Service (QOS) attacks and described the various detection approaches against eight low-rate DoS attacks. However, the paper did not mention high-speed Network DDoS attacks. The authors of [17] presented cutting-edge defense techniques that help to prevent DDoS attacks and reduce the damage to user information. The review elaborates on the prevention techniques for IoT and Software-Defined Network devices. Ironically, DDoS attacks in a high-speed network scenario are not discussed. In [18], the authors described a defense mechanism against DDoS attacks, including the attack response, traffic classification, and attack detection, but not the network details.

2. DDOS Attack Detection in High-Speed Network

An open-source Intrusion Detection System, Snort and Suricata [19], explains how to evaluate the drop rates and accuracy rates in a 100 Gbps network using their comparison and benchmarks [20]. This evaluation includes the usage of system resources, packet processing speed, packet drop ratio, and detection accuracy. However, a shortcoming is that it does not consider the extensive data on the network. Another model proposed by [21], the Very Long Short-Term Memory (VLSTM) learning model, deals with the challenges of high dimensionality and unfairness. Its performance in experiments has resulted in using the UNSW-NB15 open dataset. A study presented reconstruction loss, classification loss, and divergence loss. However, anomaly detection tasks are still challenging for imbalanced data.
An Extended Barkley packet filtering (eBPF) and express data path are presented by M. A. Vieira [22] to introduce new technology for packet filtering and provide an example of a standard procedure of these technologies. The XDP program is written in the C or P4 languages, and the instructions are processed through the kernel and other programmable devices, such as a smart network interface card. Researchers mainly focuses on network monitoring, traffic analysis, load balancing, and system profiling. Moreover, the authors dealt with the high speed of network data but did not address the packet drop ratio. In given Table 1, the studies of the recent five years are categorized based on different parameters such as year, article reference, main features, advantages, and weaknesses.
Table 1. The studies of DDoS attacks in a high-speed network.
Year Article Main Features Advantages Weakness
2018 [23] The author proposed a three-layer module DDOS attack identification, delivery module flow table, and traffic identification The applied SVM to DDoS traffic identification. The flow table delivery module is needed to improve.
2018 [24] For DDoS mitigation, traffic MoonPol High-performance packet processors used by policers like DPDK. The small number of packets that randomly falls into subnets of limited ranges.
2018 [25] A non-parametric methodology in the data stream Statistical based,
distance-based detection.
Not optimized to find anomalies.
2018 [26] The present Time Path’s performance (XDP) Just-in-time (JIT), kernel hook. It is needed to capture the packets at a high data rate.
2019 [27] Detection of DDoS attacks at the application layer Analysis about HTTP DDOS monitoring, detection, mitigation, and prevention. This study does not consider high-speed networks.
2019 [28] The Big-Flow classification model Network traffic dataset, scalable. Does not consider the packet drop ratio.
2019 [29] Data-driven cyber-security is used for internet traffic analysis Cybersecurity, network traffic analysis, machine learning (ML), and social scam detection. Research is required for extensive data networks, domain knowledge of traffic monitoring.
2019 [30] To build the rule of DDOS mitigation in smart NICs on offloading the edge server Smart NICs can help mitigate the network load on congested servers Smart NICs reduce the effectiveness of server resources.
2020 [31] Extended Berkeley packet filter and express data path Packet filtering Does not consider the packet drop ratio.
2020 [32] DDoS detection schema Incoming flows, packet symmetry ratio. Does not consider delay time
2020 [21] A VLSTM learning model Reconstruction loss, classification loss, and divergence loss. Anomaly detection tasks are still challenging for imbalanced data.
2020 [22] Extended Barkley packet filtering (eBPF) and express data path Network monitoring, network traffic analysis. Does not deal with big data.
2020 [33] Open-source Intrusion Detection System: Snort and Suricata Speed of packet processing, packet drop ratio, the accurateness of detection. Does not consider the extensive data on the network.
2020 [34] Experiment with a Linux subsystem to track containerized user-space programs Interpledge, eBPF, Profiling, Tracing. It is not created for an end-to-end view of a distributed system.
2021 [35] To suggest a new malicious classification scheme based on the Long Short-Term Memory (LSTM) model LSTM, accuracy, throughput. Traffic classification, artificial intelligence, malicious traffic. Using upcoming learning strategies, the metric selection for LSTM can be made accurately.
2021 [36] This article proposed a new Learning Design Discussion Model (LDDM) Lower false positive and false negative rates. DDoS attacks. Still improve the detection accuracy on high-speed data 100 Gbps network.
2021 [20] To estimate the flow size of encrypted data at multi-Gbps line rates Deep Packet Inspection, multi-Gbps line, VPN-buffered traffic. Still improve the detection accuracy on high-speed data 100 Gbps network.
2021 [37] Estimate the overall number of unique components or different k-constant items in a flow across various traffic measurement Filter out duplicates, sample the elements, and store the sampled traffic data in off-chip memory using it on memory. Cannot detect distributed denial of service attacks and scanners.
2021 [38] In this paper, we develop and deploy a full-packet capture in (FPC-NM) systems Packet reception, data packet storage, and log management. Up to 40 Gbs, 70 Gbs, and 100 Gbs are not included.
2021 [39] To eliminate errors and produce a custom binary for specific network Code-optimization approaches. Does not continue the packet processing at 100 Gbps.
2022 [40] The algorithm monitors the CPU time used by every connection and the statistical method used for attack detection System Calls information is container-based on Linux eBPF at the host level. This algorithm considers only Dos attacks, not DDoS attacks.
2022 [41] Signature-based techniques for DDoS mitigation and utilization of Packet generation algorithms (PGA) for attack execution Full-fledged IDS/IPS solutions like Snort Suricata. To unlock the full potential of eBPF and XDP (cross-compiling, modularity).
2022 [42] NetFPGA SUME approach used for packet filtering and mitigation of volumetric DDOS attack Packet filtering has been performed in HSN using a single core of CPU. A 100 Gbit/s data path provides an excellent testing environment.
2022 [43] HARNESS schedule and serve as control plane USRs in terms of delay tolerant and delay-sensitive to authenticate H.A. services. XDP and eBPF use for coherent and optimized end-to-end working. Does not consider the packet drop ratio.
The researchers in [28] processed a massive amount of network traffic with a verification technique that checked the reliability based on the classifier’s outcomes. The Big-Flow classification model is adjusted once suspect packets are found. The focus is to deal with the network traffic dataset, but it does not consider the packet drop ratio. According to [32], the DDoS detection schema has numerous traffic functions. This scheme generates precise per-subnet alarms implemented in the data plane without external controllers, allowing for tight control loops. The findings include accurate detection relying on a realistic attack using accessible traces. It deals with incoming flows and the packet symmetry ratio observed per secured sub-network. The express data path is a suitable framework for DDoS protection and creating a novel scheme to prevent cyber threats. Nevertheless, it features packet rates of 1–2 Mpps for 10 Gigabit links not more than 10 Giga bit.
A Linux subsystem is capable of tracking containerized user-space programs for Inter ledger connectors, with the ability to control the software stack in development [44]. The tests investigated and evaluated the tool landscape developed to assist eBPF in this project. This project does not show the end-to-end view of a distributed system. In addition, HTTPS encrypted traffic is analyzed to determine the user’s operating system and track the user’s local explorer and other methods, resulting in a 20,000 dataset example with a 96.06% classification accuracy [45]. The traffic analysis technique, which employs SSL/TLS, is a powerful method. The attacker can use statistics to identify the user’s operating system.
A data distributed control system (DDCS) can be used for data-driven cyber security, social, and internet traffic analyses, cyber security data collection, cyber security feature engineering, and simulation [29]. The DDCS shows a strong link among data, models, and methodology while reviewing the key recent works in Twitter spam detection and I.P. traffic classification. However, researchers does not mention high-speed data.
The research in [21] suggested a new malicious classification scheme based on the Long Short-Term Memory (LSTM) model. Data annotation for effective traffic classification can result in network loops and bandwidth issues. The selection of LSTM makes it accurate. In a DDoS, the detection schema has numerous traffic functions [32]. These features are known as formal DoS parameters, such as the arriving flow pattern and packet symmetry levels observed per secured sub-network. In [46], a full-packet capture in (FPC-NM) systems in 20 Gb/s was developed and deployed. A nanosecond timestamp was used in the FPC-NM system, significantly boosting the accuracy of a security incident retrospective analysis.
Implementing the FPC-NM system achieves a 17 Gb/s throughput with a connection of 160,000, experiencing zero packet loss. These parameters encompass packet reception, nanosecond timestamping, load balancing, preprocessing packets, application layer protocol analysis, data packet storage, and log management. By utilizing LZ4 compression, the system achieves real-time compression and storage efficiency at 10 Gb/s, but up to 40 Gb/s. However, it does not support 70 Gbps and 100 Gbps. As industry and research institutions are installing 100 Gbps networks to meet data transfer demands, high-speed networks are becoming more common, leading to significant technical challenges. An Intrusion Detection System cannot efficiently handle network activities with high rates of traffic monitoring and packet drop ratios, which directly affects the detection accuracy. Researchers [33] provided a detailed explanation of the open-source IDS, namely, Snort and Suricata, with comparative parameters in a 100 Gb/s network.
A low-rate DDoS attack detection method (LDDM) using a multidimensional sketch structure and network flow measuring allows for a reduction in the data storage cast and improves the detection accuracy [36]. The measurements depend on the daubechies four wavelets transform to calculate each sketch’s energy percentage. This approach differentiates between the regular and attack traffic. The LDDM is used to evaluate low-rate DDoS attack datasets, but a high-rate DDoS attack is not considered. Figure 2 shows different irregular traffic pattern detection.
Figure 2. Irregular traffic pattern detection.
The architecture in [47] allows for network operators to estimate the flow size of encrypted data at multi-Gbps line rates using samples and sketching mechanisms. It also helps in understanding the behavior of VPN-buffered traffic. The implementation shows a 99% accuracy of the service provider on 6000 tracks for three key factors. Evaluation studies depend on the track time and starting point, achieving more than a 90% precision for the content classification of a given service provider in the best case. The examiner presents the time path’s performance (XDP). eBPF is used for XDP to process incoming traffic before allocating kernel data structures, which improves the performance. The second case study uses eBPF to set up socket-level application-specific packet-filtering options. To eliminate errors and produce a custom binary for a specific network function, Packet-Mill boosts the throughput (up to 36.4 Gb/s—70%) and reduces the latency (up to 101 Gb/s—28%) without continuing unnecessary packet processing at 100 Gb/s. However, new packets arrive 10 times faster than main memory access times while utilizing only one processor core [39]. Apache storm used the Netty communication component [47], a TCP/IP protocol stack applied for an asynchronous server, and a client framework that decreased efficiency due to context switching and memory copying. It increased the IP over the InfiniBand communication mode on the CPU load. With the aid of remote direct memory access (RDMA) technology, the scheme implementation can reach up to five times faster than IPoIB and ten times faster than Gigabit Ethernet when tested on Mellanox QDR Cards (40 Gb/s). Additionally, this approach considerably reduces the CPU burden and boosts the system throughput.
Comma-separated values (CSV) [46] are a frequently used data interchange format. Concerning format, all industries’ potent databases and stream processing of frameworks have utilized CSV as an input. The speed of input or output hardware poses significant challenges due to advanced input or output gadgets such as InfiniBand NICs and NVMe SSDs, with transfer rates of 100 Gb/s and higher. Researchers aim to increase the input speed of CSV with the help of graphics processing unit GPUs. A new parsing strategy is created that simplifies the control flow, while correctly handling context-sensitive CSV features such as quotes. The articles have been studied and categorized based on their main features, advantages, and drawbacks. This section defines the thematic taxonomy of the characterization and classification of the irregular traffic pattern schemes on high-speed data networks, in order to achieve the following objectives: end-to-end time, packet drop, packet delay time, scalability, packet processing speed, and detection accuracy. The stated studies are categorized based on six characteristics: (i) detection techniques, (ii) traffic monitoring, (iii) NICs, (iv) traffic flow, (v) traffic filtering, and (vi) objective function.
Network traffic monitoring is a task to ensure that the operation of a network performs smoothly. When any unusual packet comes on the network, the Network Traffic Monitoring Tool (NTMT) [48] captures that packet. Generally, NTMT observes all incoming and outgoing packets on the network. Detection accuracy implies the agreement between the actual and detection values. The exact value is unknown in several cases, but is compared with the standard. Accuracy is a ratio of the nearest value to the real value, which is the result. Scalability is a characteristic of a system, model, or function that elaborates on the ability to manage the workload. In the scalability test, many parameters are included, such as throughput, memory usage, CPU usage, network usage, and response time. Delay time is the time between the source signal and its echo. The most uncomplicated delay effect is a single repeat. The minimum delay is counted as 30 and 100 ms to create a slap-back echo, while longer delay times produce a more distant echo.

References

  1. Haseeb-Ur-Rehman, R.M.A.; Liaqat, M.; Aman, A.H.M.; Ab Hamid, S.H.; Ali, R.L.; Shuja, J.; Khan, M.K. Sensor cloud frameworks: State-of-the-art, taxonomy, and research issues. IEEE Sens. J. 2021, 21, 22347–22370.
  2. Chaâri, R.; Ellouze, F.; Koubâa, A.; Qureshi, B.; Pereira, N.; Youssef, H.; Tovar, E. Cyber-physical systems clouds: A survey. Comput. Netw. 2016, 108, 260–278.
  3. Cisco, U. Cisco annual internet report (2018–2023) white paper. Acessado Em. 2021, 10, 1–35.
  4. Li, Q.; Meng, L.; Zhang, Y.; Yan, J. DDoS attacks detection using machine learning algorithms. In International Forum on Digital TV and Wireless Multimedia Communications; Springer: Berlin/Heidelberg, Germany, 2018; pp. 205–216.
  5. Yusof, A.R.a.; Udzir, N.I.; Selamat, A. Systematic literature review and taxonomy for DDoS attack detection and prediction. Int. J. Digit. Enterp. Technol. 2019, 1, 292–315.
  6. Cheng, J.; Xu, R.; Tang, X.; Sheng, V.S.; Cai, C. An abnormal network flow feature sequence prediction approach for DDoS attacks detection in big data environment. Comput. Mater. Contin. 2018, 55, 95–119.
  7. Singh, K.J.; Thongam, K.; De, T. Detection and differentiation of application layer DDoS attack from flash events using fuzzy-GA computation. IET Inf. Secur. 2018, 12, 502–512.
  8. Akbari, E.; Tabatabaei, S.M.; Yazdi, M.B.; Arefi, M.M.; Cao, J. Resilient backstepping control for a class of switched nonlinear time-delay systems under hybrid cyber-attacks. Eng. Appl. Artif. Intell. 2023, 122, 106128.
  9. Zheng, A.; Huang, Q.; Cai, D.; Li, J.; Jing, S.; Hu, W.; Wu, J. Quantitative assessment of stochastic property of network-induced time delay in smart substation cyber communications. IEEE Trans. Smart Grid 2019, 11, 2407–2416.
  10. Ganesh, P.; Lou, X.; Chen, Y.; Tan, R.; Yau, D.K.; Chen, D.; Winslett, M. Learning-based simultaneous detection and characterization of time delay attack in cyber-physical systems. IEEE Trans. Smart Grid 2021, 12, 3581–3593.
  11. Ullah, S.; Choi, J.; Oh, H. IPsec for high speed network links: Performance analysis and enhancements. Future Gener. Comput. Syst. 2020, 107, 112–125.
  12. El Sayed, M.S.; Le-Khac, N.-A.; Azer, M.A.; Jurcut, A.D. A Flow Based Anomaly Detection Approach with Feature Selection Method Against DDoS Attacks in SDNs. IEEE Trans. Cogn. Commun. Netw. 2022, 8, 1862–1880.
  13. Papalkar, R.R.; Alvi, A.S. Analysis of Defense Techniques for DDOS Attacks in IoT—A Review. ECS Trans. 2022, 107, 3061.
  14. Naqvi, I.; Chaudhary, A.; Kumar, A. A Systematic Review of the Intrusion Detection Techniques in VANETS. TEM J. 2022, 11, 900.
  15. Almansor, M.; Gan, K. Intrusion detection systems: Principles and perspectives. J. Multidiscip. Eng. Sci. Stud. 2018, 4, 2458–2925.
  16. Rios, V.D.M.; Inacio, P.R.; Magoni, D.; Freire, M.M. Detection and Mitigation of Low-Rate Denial-of-Service Attacks: A Survey. IEEE Access 2022, 10, 76648–76668.
  17. Gupta, B.; Chaudhary, P.; Chang, X.; Nedjah, N. Smart defense against distributed Denial of service attack in IoT networks using supervised learning classifiers. Comput. Electr. Eng. 2022, 98, 107726.
  18. Ennemoser, F.J.; Sattler, P.; Zirngibl, J. State of the Art of DDoS Mitigation Techniques. In Proceedings of the Seminar IITM WS 21/22, Munich, Germany, 30 July–27 February 2022.
  19. Gaur, V.; Kumar, R. Analysis of machine learning classifiers for early detection of DDoS attacks on IoT devices. Arab. J. Sci. Eng. 2022, 47, 1353–1374.
  20. Kattadige, C.; Choi, K.N.; Wijesinghe, A.; Nama, A.; Thilakarathna, K.; Seneviratne, S.; Jourjon, G. Seta++: Real-time scalable encrypted traffic analytics in multi-gbps networks. IEEE Trans. Netw. Serv. Manag. 2021, 18, 3244–3259.
  21. Zhou, X.; Hu, Y.; Liang, W.; Ma, J.; Jin, Q. Variational LSTM enhanced anomaly detection for industrial big data. IEEE Trans. Ind. Inform. 2020, 17, 3469–3477.
  22. Vieira, M.A.; Castanho, M.S.; Pacífico, R.D.; Santos, E.R.; Júnior, E.P.C.; Vieira, L.F. Fast packet processing with ebpf and xdp: Concepts, code, challenges, and applications. ACM Comput. Surv. (CSUR) 2020, 53, 1–36.
  23. Yang, L.; Zhao, H. DDoS attack identification and defense using SDN based on machine learning method. In Proceedings of the 2018 15th International Symposium on Pervasive Systems, Algorithms and Networks (I-SPAN), Yichang, China, 16–18 October 2018; pp. 174–178.
  24. Kirdan, E.; Raumer, D.; Emmerich, P.; Carle, G. Building a traffic policer for ddos mitigation on top of commodity hardware. In Proceedings of the 2018 International Symposium on Networks, Computers and Communications (ISNCC), Rome, Italy, 19–21 June 2018; pp. 1–5.
  25. Tellis, V.M.; D’Souza, D.J. Detecting anomalies in data stream using efficient techniques: A review. In Proceedings of the 2018 International Conference on Control, Power, Communication and Computing Technologies (ICCPCCT), Kannur, India, 23–24 March 2018; pp. 296–298.
  26. Scholz, D.; Raumer, D.; Emmerich, P.; Kurtz, A.; Lesiak, K.; Carle, G. Performance implications of packet filtering with linux ebpf. In Proceedings of the 2018 30th International Teletraffic Congress (ITC 30), Vienna, Austria, 3–7 September 2018; pp. 209–217.
  27. Jaafar, G.A.; Abdullah, S.M.; Ismail, S. Review of recent detection methods for HTTP DDoS attack. J. Comput. Netw. Commun. 2019, 2019, 1283472.
  28. Viegas, E.; Santin, A.; Bessani, A.; Neves, N. BigFlow: Real-time and reliable anomaly-based intrusion detection for high-speed networks. Future Gener. Comput. Syst. 2019, 93, 473–485.
  29. Coulter, R.; Han, Q.-L.; Pan, L.; Zhang, J.; Xiang, Y. Data-driven cyber security in perspective—Intelligent traffic analysis. IEEE Trans. Cybern. 2019, 50, 3081–3093.
  30. Miano, S.; Doriguzzi-Corin, R.; Risso, F.; Siracusa, D.; Sommese, R. Introducing SmartNICs in server-based data plane processing: The DDoS mitigation use case. IEEE Access 2019, 7, 107161–107170.
  31. Choe, Y.; Shin, J.-S.; Lee, S.; Kim, J. eBPF/XDP based network traffic visualization and dos mitigation for intelligent service protection. In Proceedings of the International Conference on Emerging Internetworking, Data & Web Technologies, Okayama, Japan, 2–4 March 2022; pp. 458–468.
  32. Dimolianis, M.; Pavlidis, A.; Maglaris, V. A multi-feature DDoS detection schema on P4 network hardware. In Proceedings of the 2020 23rd Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), Paris, France, 24–27 February 2020; pp. 1–6.
  33. Hu, Q.; Yu, S.-Y.; Asghar, M.R. Analysing performance issues of open-source intrusion detection systems in high-speed networks. J. Inf. Secur. Appl. 2020, 51, 102426.
  34. Cassagnes, C.; Trestioreanu, L.; Joly, C.; State, R. The rise of eBPF for non-intrusive performance monitoring. In Proceedings of the NOMS 2020-2020 IEEE/IFIP Network Operations and Management Symposium, Budapest, Hungary, 20–24 April 2020; pp. 1–7.
  35. Thapa, K.; Duraipandian, N. Malicious traffic classification using long short-term memory (LSTM) model. Wirel. Pers. Commun. 2021, 119, 2707–2724.
  36. Liu, X.; Ren, J.; He, H.; Wang, Q.; Song, C. Low-rate DDoS attacks detection method using data compression and behavior divergence measurement. Comput. Secur. 2021, 100, 102107.
  37. Bu, X.; Sun, Y.-E.; Du, Y.; Wu, X.; Zhang, B.; Huang, H. A novel spread estimation based abnormal flow detection in high-speed networks. Peer—Peer Netw. Appl. 2021, 14, 1401–1413.
  38. Han, L.; Guo, Z.; Huang, X.; Zeng, X. A Multifunctional Full-Packet Capture and Network Measurement System Supporting Nanosecond Timestamp and Real-Time Analysis. IEEE Trans. Instrum. Meas. 2021, 70, 1–12.
  39. Farshin, A.; Barbette, T.; Roozbeh, A.; Maguire Jr, G.Q.; Kostić, D. PacketMill: Toward per-Core 100-Gbps networking. In Proceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems, Virtual, 19–23 April 2021; pp. 1–17.
  40. Zhan, M.; Li, Y.; Yang, H.; Yu, G.; Li, B.; Wang, W. Coda: Runtime Detection of Application-Layer CPU-Exhaustion DoS Attacks in Containers. IEEE Trans. Serv. Comput. 2022, 16, 1686–1697.
  41. Szynkiewicz, P. Signature-Based Detection of Botnet DDoS Attacks. In Cybersecurity of Digital Service Chains; Springer: Berlin/Heidelberg, Germany, 2022; pp. 120–135.
  42. Salopek, D. Hybrid Hardware/Software Datapath for Near Real-Time Reconfigurable High-Speed Packet Filtering. Ph.D. Thesis, Faculty of Electrical Engineering and Computing, University of Zagreb, Zagreb, Croatia, 2022.
  43. Vittal, S. HARNESS: High Availability supportive Self Reliant Network Slicing in 5G Networks. IEEE Trans. Netw. Serv. Manag. 2022, 19, 1951–1964.
  44. Abranches, M.; Michel, O.; Keller, E.; Schmid, S. Efficient Network Monitoring Applications in the Kernel with eBPF and XDP. In Proceedings of the 2021 IEEE Conference on Network Function Virtualization and Software Defined Networks (NFV-SDN), Heraklion, Greece, 9–11 November 2021; pp. 28–34.
  45. Li, K.; Lang, B.; Liu, H.; Chen, S. SSL/TLS Encrypted Traffic Application Layer Protocol and Service Classification. CS IT Conf. Proc. 2022, 12, 237–252.
  46. Kumaigorodski, A.; Lutz, C.; Markl, V. Fast CSV loading using GPUs and RDMA for in-memory data processing. In Proceedings of the Datenbanksysteme für Business, Technologie und Web (BTW 2021), Virtual, 19 April–21 June 2021; pp. 19–38, ISBN 978-3-88579-705-0.
  47. Zhang, Z.; Liu, Z.; Jiang, Q.; Chen, J.; An, H. RDMA-based apache storm for high-performance stream data processing. Int. J. Parallel Program. 2021, 49, 671–684.
  48. D’Alconzo, A.; Drago, I.; Morichetta, A.; Mellia, M.; Casas, P. A survey on big data for network traffic monitoring and analysis. IEEE Trans. Netw. Serv. Manag. 2019, 16, 800–813.
More
Information
Contributors MDPI registered users' name will be linked to their SciProfiles pages. To register with us, please refer to https://encyclopedia.pub/register : , , , , , ,
View Times: 368
Revisions: 2 times (View History)
Update Date: 11 Aug 2023
1000/1000
Video Production Service