@@ -32,24 +32,31 @@ As DDoS attacks are spreading all over the world many types of DDoS attacks are
As DDoS attacks are capable of filtering to drop attack traffic before passing the normal traffic to the destination, redirecting all destinations to a third-party DNS, such as Akamai and Cloudflare are some of the practical approaches used to mitigate this fundamental threat.
Even though with such kinds of approaches are available and requires no upgrades to the existing network infrastructure and able to handle very massive attacks, recent industrial interviews boils the fact that this approach alone is not capable especially for wide scope organizations such as web hosting organizations and governments as they are unable to handover the direct network control to a third-party security service. Hence, they must depend on their ISPs to filter out suspicious attack traffic.
**Research Problem**
As DDoS attacks are spreading all over the world many types of DDoS attacks are discovered. However, there are advanced DDoS attacks which do not currently have a fool proof way to detect and mitigate. Actively repelling DDoS attacks has become one of the fundamental problems in modern networks. As DDoS attacks are capable of filtering to drop attack traffic before passing the normal traffic to the destination, redirecting all destinations to a third-party DNS, such as Akamai and Cloudflare are some of the practical approaches used to mitigate this fundamental threat. Even though with such kinds of approaches are available and requires no upgrades to the existing network infrastructure and able to handle very massive attacks, recent industrial interviews boils the fact that this approach alone is not capable especially for wide scope organizations such as web hosting organizations and governments as they are unable to handover the direct network control to a third-party security service. Hence, they must depend on their ISPs to filter out suspicious attack traffic.
• Modern practical approaches like redirecting all destinations to a third party like DNS, protecting DDoS as a service provider like Akamai and Cloudflare are too expensive.
• This approach alone is not capable especially for wide scope organizations like Web Hosting organizations and governments which they are unable to handover third-party security service providers to control over their network connections.
• Advanced DDoS attacks do not currently have a fool proof way to detect and mitigate. They use various slip over techniques to pass from existing IDS & IPS.
**Research Objectives**
**Main Objective :**
The main objective of the research is to provide an Intrusion Detection System which can detect the DDoS attacks using Machine Learning Algorithms by identifying the suspicious packets, dropping them and sending a notification about the activity to all the network connected authorities. Organizations will be able to provide secure communication and risk-free experience with a well-secured IoT environment through the proposed system. Most of the networks and IoT devices are very difficult to maintain because of the lack of security issues and lack of knowledge on these devices. It is required to have a proper mechanism to protect the network and interconnected IoT devices with no intruder disruptions. Along with it, there should be a mechanism to maintain the data privacy of the organization and the employees. Most of the time organizations must pay a huge amount of money to hire an expert to configure the network and it takes more time to get the outcome.
The main objective of the research is to provide an Intrusion Detection System which can detect the DDoS attacks using Machine Learning Algorithms by identifying the suspicious packets, dropping them, and sending a notification about the activity to all the network connected authorities. Organizations will be able to provide secure communication and risk-free experience with a well-secured IoT environment through the proposed system. Most of the networks and IoT devices are very difficult to maintain because of the lack of security issues and lack of knowledge on these devices. It is required to have a proper mechanism to protect the network and interconnected IoT devices with no intruder disruptions. Along with it, there should be a mechanism to maintain the data privacy of the organization and the employees. Most of the time organizations must pay a huge amount of money to hire an expert to configure the network and it takes more time to get the outcome.
To achieve the main objective, identifying NTP amplification attacks is very important. Here the main objective is to filter out the normal internet traffic and identify the NTP Responses and identify whether it is NTP Amplification attack or not. After identifying the Network traffic if there is any suspicious traffic a Notification should be given.
• Identifying NTP Amplification attacks – (IT17111034) To achieve the main objective, identifying NTP amplification attacks is very important. Here the main objective is to filter out the normal internet traffic and identify the NTP Responses and identify whether it is NTP Amplification attack or not. After identifying the Network traffic if there is any suspicious traffic a Notification should be given.
• Identifying Slow Loris attacks - IT17124904
In order to achieve the main objective this specific objective proposed a way to identify the .pcap files and figure out whether it is a Slow Loris attack or not.is there any suspicious traffic, partial HTTP requests, a notification should be given to the user. Is that suspicious traffic is Slow Loris attack, system detect the attack type and ensure the availability of the systems for the legitimate users without any interruption.
• Identifying Slow Loris attacks – (IT17124904) In order to achieve the main objective this specific objective proposed a way to identify the .pcap files and figure out whether it is a Slow Loris attack or not.is there any suspicious traffic, partial HTTP requests, a notification should be given to the user. Is that suspicious traffic is Slow Loris attack, system detect the attack type and ensure the availability of the systems for the legitimate users without any interruption.
• Identifying Mobile Botnet DDoS attacks - IT17106702
To achieve the main object, one specific objective is to identify the IRC (Internet Relay Chat) traffic beside normal traffic and figure out whether it is a Mobile Botnet DDoS attack or not. If there are any suspicious traffic, a notification should be given to the user. By identifying Mobile Botnet DDoS attack, the detection system can ensure the availability of a system for the legitimate users without any interruption. And reduce financial and other losses of the industries and governments worldwide.
• Identifying Mobile Botnet DDoS attacks – (IT17106702) To achieve the main object, one specific objective is to identify the IRC (Internet Relay Chat) traffic beside normal traffic and figure out whether it is a Mobile Botnet DDoS attack or not. If there are any suspicious traffic, a notification should be given to the user. By identifying Mobile Botnet DDoS attack, the detection system can ensure the availability of a system for the legitimate users without any interruption. And reduce financial and other losses of the industries and governments worldwide.
• Identifying Volumetric attacks - IT17114172
To achieve the main object, another specific objective is to identify Volumetric attacks. The model is trained to identify very high bandwidth (more than 50 Gb+) requests received to the system.
• Identifying Volumetric attacks – (IT17114172) To achieve the main object, another specific objective is to identify Volumetric attacks. The model is trained to identify very high bandwidth (more than 50 Gb+) requests received to the system.
