New techniques for DDoS attacks mitigation in resource-constrained networks

Abstract

Nowadays use of Internet for transaction is very common. The end users that are accessing Internet or system are vulnerable to malicious user attacks which results into legitimate user being prevented from accessing Internet. There are number of solutions reported under the different categories to detect such attacks and prevent them from harming the communication networks. However, the key challenges for such methods are to address the detection accuracy concerns as most of the present methods evaluated on publicly available network threats datasets rather than the real-time network traffic. The real-time data traffic may contain the noisy parts which may leads to the wrong prediction using the existing methods. This motivates us to design the novel Intrusion Detection System (IDS) framework for communication networks to detect the different types of security threats from both real time and offline traffic flows using the data preprocessing, features selection, and classification algorithms. We believe that, the accuracy and efficiency of attacks detection is based on correctness of capture data traffic. In this chapter we present the multiple algorithms to obtain the more accuracy as compare the existing techniques. The proposed framework is called as modified naïve Bayes based IDS (MNBDIS). There are three main contributions of this research work such as: first we proposed the novel data preprocessing algorithm for both online and offline traffic flows of communication networks in which the irrelevant fields elimination, data normalization, and transformation steps designed. After the preprocessing, we proposed the novel features selection algorithm to enhance the attacks detection accuracy. The proposed hybrid features selection algorithm designed mainly to retain the most relevant features. In final contribution, we overcome the challenges of naïve Bayes classification algorithm to classify the different types of security threats in communication networks by modified naïve Bayes classifier. The proposed classifiers perform the self-evaluations of attacks and detect the most accurate attack based on features selected. The experimental results of proposed contributions on both real-time captured communication network data traffic and research dataset shows the efficiency of proposed method against the state-of-art solutions. With the increase of E-commerce use, cheating and snooping is also increasing. To develop the E-commerce system, security and privacy are two main issues over the Internet. The Internet does not offer much security required for it. Stealing data is undetectable in most cases. Most surveys list shows that, insecurity of financial transactions and loss of privacy among the major concerns to electronic commerce users. In order to increase E-commerce business, it is very important to gain the trust of customers by continuously reviewing and resolving all new security issues related to it. It is widely recognized that distributed denial-of-service (DDoS) attacks can disrupt electronic commerce and cause large revenue losses. However, effective defenses continue to be mostly unavailable. As the result of above discussion, the two primary goals of this chapter are formed: one is to propose secure, efficient, lightweight, and reliable mechanism for the E-commerce environment to enhance its security and to protect the user’s/customer’s confidential information over the insecure network by providing authentication, authorization, and integrity services and another is to design and develop the new classifier that can be used in improved authorization model of E-commerce system to protect the E-commerce transactions from the malicious DoS attack. The classifier should easily classify between the authorized user and unauthorized user in the E-commerce transactions.