Semi-supervised approach for detecting distributed denial of service in SD-honeypot network environment
Abstract
Distributed Denial of Service (DDoS) attacks is the most common type of cyber-attack. Therefore, an appropriate mechanism is needed to overcome those problems. This paper proposed an integration method between the honeypot sensor and software defined network (SDN) (SD-honeypot network). In terms of the attack detection process, the honeypot server utilized the Semi-supervised learning method in the attack classification process by combining the Pseudo-labelling model (support vector machine (SVM) algorithm) and the subsequent classification with the Adaptive Boosting method. The dataset used in this paper is monitoring data taken by the Suricata sensor. The research experiment was conducted by examining several variables, namely the accuracy, precision, and recall pointed at 99%, 66%, and 66%, respectively. The central processing unit (CPU) usage during classification was relatively small, which was around 14%. The average time of flow rule mitigation installation was 40s. In addition, the packet/prediction loss occurred during the attack, which caused several packets in the attack not to be classified was pointed at 43%.
Keywords
cyber security; distributed denial of service; honeypot; software defined network; semi-supervised;
Full Text:
PDFDOI: http://doi.org/10.11591/ijai.v11.i3.pp1094-1100
Refbacks
- There are currently no refbacks.
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
IAES International Journal of Artificial Intelligence (IJ-AI)
ISSN/e-ISSN 2089-4872/2252-8938
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).