Semi-supervised approach for detecting distributed denial of service in SD-honeypot network environment

Fauzi Dwi Setiawan Sumadi, Christian Sri Kusuma Aditya, Ahmad Akbar Maulana, Syaifuddin Syaifuddin, Vera Suryani

Abstract


Distributed Denial of Service (DDoS) attacks is the most common type of cyber-attack. Therefore, an appropriate mechanism is needed to overcome those problems. This paper proposed an integration method between the honeypot sensor and software defined network (SDN) (SD-honeypot network). In terms of the attack detection process, the honeypot server utilized the Semi-supervised learning method in the attack classification process by combining the Pseudo-labelling model (support vector machine (SVM) algorithm) and the subsequent classification with the Adaptive Boosting method. The dataset used in this paper is monitoring data taken by the Suricata sensor. The research experiment was conducted by examining several variables, namely the accuracy, precision, and recall pointed at 99%, 66%, and 66%, respectively. The central processing unit (CPU) usage during classification was relatively small, which was around 14%. The average time of flow rule mitigation installation was 40s. In addition, the packet/prediction loss occurred during the attack, which caused several packets in the attack not to be classified was pointed at 43%.

Keywords


cyber security; distributed denial of service; honeypot; software defined network; semi-supervised;

Full Text:

PDF


DOI: http://doi.org/10.11591/ijai.v11.i3.pp1094-1100

Refbacks

  • There are currently no refbacks.


View IJAI Stats

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.