After completing this learning module, students will be able to:
(i) describe network denial of service attacks and impact on real-world;
(ii) explain why neural network algorithms are useful for detecting Denial of Service attack;
(iii) apply neural network to analyze network traffic data set and detect denial of service attack
Definition: Denial of service or "DoS" describes the ultimate goal of a class of cyberattacks designed to render a service inaccessible. The first DoS attack was conducted by 13-year-old David Dennis in 1974 who wrote a program using the “external” or “ext” command that forced some computers at a nearby university research lab to power off. According to the US Cybersecurity and infrastructure security agency, A denial-of-service (DoS) attack occurs when legitimate users are unable to access information systems, devices, or other network resources due to the actions of a malicious cyber threat actor. Services affected may include personal or business websites, email, online accounts (e.g., banking), or other services that rely on the affected computer or network. Denial of Service (DoS) attacks generate a large number of requests to a target application occupying resources for processing the requests [1]. As a result, legitimate users do not get access to the required services in time. Distributed DoS (DDoS) attacks involve issuing large number of requests from a set of computers (bots) and are one of the largest threats in the Internet
Dos concern:
Denial of Service (DoS) is a common attempt in security hacking for making computation resources unavailable or to impair geographical networks. The early DOS attacks targeted Yahoo, eBay, and CNN in 2000. The strategy of DOS attacks may be volumetric attacks that catch the bandwidth of the target server flooded with very high bits per second; Protocol-based attacks which capture the resources of the target server flooded with very high packages per second.
Figure 1: Structure of a DDoS attack
DoS attack comprises three different phases and four different components including attackers, multiple control masters or handlers, multiple slaves, agents, and a victim or target machine. There are many types of DoS attacks, Distribute Denial of Service (DDoS) is widely known. A DDoS attack occurs when multiple machines are operating together to attack one target where attackers often leverage the use of a botnet—a group of hijacked internet-connected devices to carry out large-scale attacks. Attackers take advantage of security vulnerabilities or device weaknesses to control numerous devices using command and control software. Once in control, an attacker can command their botnet to conduct DDoS on a target. In this case, the infected devices are also victims of the attack.
Neural Network: Neural networks are a set of algorithms that mimic the human brain, interpreting sensory data through a machine that perceives, marks, or clusters raw input. The patterns they recognize are digital, contained in vectors, and all real-world data, whether images, sounds, text, or time series, must be converted into vectors. Neural Network helps to find the normal traffic pattern and analyzes such attack patterns in network usage, In this lab, we will apply pattern-based neural network machine learning which relies on a pattern that differentiates the normal traffic from a DoS traffic.
Figure 2: A one-layer network with R input vector and S neurons is shown in Fig.
These layers are made up of nodes. A node is simply a place for calculation, loosely modeled on a neuron in the human brain that is activated when given enough stimulation. The node combines the input of the data with a set of coefficients or weights that can amplify or weaken the input, thereby assigning importance to the input of the task to be learned by the algorithm. For example, which input is the most helpful to classify data without errors? These input weighted products are summed, and then through a node's so-called activation function, to determine whether and to what extent the signal should further influence the final result, such as classification behavior, through the network. If the signal passes, the neuron is "activated."
The nodal layer is a row of neuron-like switches that turn on and off as input passes through the network. The output of each layer is also the input of the subsequent layers, starting from the initial input layer that receives the data.
Figure 3: Neural network architecture
Figure 4: Neural network learning mechanism
A Neural Network is based on a collection of nodes (neurons) and each connection between nodes can transmit a signal from one to another as shown in Figure 3. Each input is multiplied by weight then the result feeds the equivalent of a cell body. Figure 4represents N/AAaeural Network Learning Mechanism.
Activation Functions:
The activation function determines the output, based on its input. We usually use relu function in our Hidden layer, and the softmax function to our output layer.
Relu: y=max(0,x)
Advantages and Disadvantages of Neural network
Advantages:
Neural network is good at training with nonlinear data with very huge number of inputs.
Neural network can be used for both regression and classification
Neural network can run very fast once trained.
Disadvantages:
Neural network is kind of black box, we cannot know what this variable means in our model
The computational cost is very high, so we usually train the dataset with GPU.
Build your first example:
We will use Google Colab for our first Neural Network. Copy and paste the following link to open google colab
https://colab.research.google.com/notebooks/welcome.ipynb
Now Download Dataset (housepricedata.csv) from here
Then copy the following data, paste, and run it on Google Colab.
import pandas as pd
import matplotlib.pyplot as plt
from google.colab import files
file = files.upload()
Upload the downloaded file and run the following code
df = pd.read_csv('housepricedata.csv')
dataset = df.values
X = dataset[:,0:10]
Y = dataset[:,10]
from sklearn import preprocessing
min_max_scaler = preprocessing.MinMaxScaler()
X_scale = min_max_scaler.fit_transform(X)
X_scale
We now split our dataset into input features (X) and the feature we wish to predict (Y) and import the code that we want to use:
X = dataset[:,0:10]
Y = dataset[:,10]
from sklearn import preprocessing
min_max_scaler = preprocessing.MinMaxScaler()
X_scale = min_max_scaler.fit_transform(X)
X_scale
from sklearn.model_selection import train_test_split
X_train, X_val_and_test, Y_train, Y_val_and_test = train_test_split(X_scale, Y, test_size=0.3)
X_val, X_test, Y_val, Y_test = train_test_split(X_val_and_test, Y_val_and_test, test_size=0.5)
print(X_train.shape, X_val.shape, X_test.shape, Y_train.shape, Y_val.shape, Y_test.shape)
After run the code, we will get this result.
First, let’s import the necessary code from Keras the Configuring the model with these settings requires us to call the function model. Training on the data is pretty straightforward and requires us to write one line of code:
from keras.models import Sequential
from keras.layers import Dense
model = Sequential([
Dense(32, activation='relu', input_shape=(10,)),
Dense(32, activation='relu'),
Dense(1, activation='sigmoid'),
])
model.compile(optimizer='sgd',
loss='binary_crossentropy',
metrics=['accuracy'])
hist = model.fit(X_train, Y_train,
batch_size=32, epochs=100,
validation_data=(X_val, Y_val))
Now we can evaluate it on the test set. To find the accuracy on our test set, we run this code snippet and the accuracy is 0.8676
model.evaluate(X_test, Y_test)[1]
Reference:
https://skymind.ai/wiki/neural-network
https://us-cert.cisa.gov/ncas/tips/ST04-015
https://www.freecodecamp.org/news/how-to-build-your-first-neural-network-to-predict-house-prices-with-keras-f8db83049159/
Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13.
K. Khalil, O. Eldash, A. Kumar and M. Bayoumi, "An Efficient Approach for Neural Network Architecture," 2018 25th IEEE International Conference on Electronics, Circuits and Systems (ICECS), 2018, pp. 745-748, doi: 10.1109/ICECS.2018.8617887.