Semi-supervised approach for detecting DDoS in SD-honeypot network environment
Abstract
Distributed Denial of Service (DDoS) attacks are the most common type of cyber-attack. Therefore, an appropriate mechanism is needed to overcome those problems. This paper proposed an integration method between the Honeypot sensor and Software Defined Network (SD-Honeypot Network). In terms of the attack detection process, the Honeypot server utilized the Semi-supervised learning method in the attack classification process by combining the Pseudo-labelling model (SVM algorithm) and the subsequent classification with the Adaptive Boosting method. The dataset used in this paper is monitoring data taken by the Suricata sensor. The research experiment was conducted by examining several variables, namely the accuracy, precision, and recall pointed at 99%, 66%, and 66%, respectively. The CPU usage during classification was relatively small, which was around 14%. The average time of flow rule mitigation installation was 40 s. In addition, the packet/prediction loss occurred during the attack, which caused several packets in the attack not to be classified was pointed at 43%.
Keywords
cyber security; DDoS; honeypot; SDN; semi-supervised;
DOI: http://doi.org/10.11591/ijai.v11.i3.pp%25p
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.