The main objective of the research is to provide an Intrusion Detection System which can detect the DDoS attacks using Machine Learning Algorithms by identifying the suspicious packets and sending
a notification about the activity to all the network connected authorities. Organizations will be able to provide secure communication and risk-free experience with a well-secured IoT environment
through the proposed system. Most of the networks and IoT devices are very difficult to maintain because of the lack of security issues and lack of knowledge on these devices. It is required to have a
proper mechanism to protect the network and interconnected IoT devices with no intruder disruptions. Along with it, there should be a mechanism to maintain the data privacy of the organization and the
employees. Most of the time organizations must pay a huge amount of money to hire an expert to configure the network and it takes more time to get the outcome. The proposed system ‘WANHEDA’
will be able to adapt to the network and do the needed configurations by itself. It will reduce the number of false alarms and increase the accuracy of the network by giving a profitable financial
benefit to the organizations.
**Main Research questions**
As the DDoS attacks are spreading all over the world many types of DDoS attacks are discovered. But there are some advanced DDoS attacks which didn’t have a proper way to detect and mitigate.
Acting against those Distributed Denial of Service (DDoS) attacks through the internet has become one of the major and fundamental problems. Redirecting all destination to a third party like DNS,
protecting DDoS as a service provider like Akamai and Cloudflare are some of the practical approaches to address DDoS attacks as they are capable of filtering mechanisms to drop attack traffic
before passing the normal traffic to the destination. Even though with such kinds of approaches available, as it requires no upgrades to the existing network infrastructure and able to handle very
massive attacks, recent industrial interviews boils the fact that this approach alone is not capable especially for wide scope organizations like Web Hosting organizations and governments which they
are unable to handover third-party security service providers to control over their network connections. Apart from that, they must depend on their ISPs to filter out suspicious attack traffic.
**Individual research question**
W.H Chanuka - IT17106702
In modern world, most vexing cyber attacks to the industries are DDoS attacks. The brand new trend of the DDoS attacks is Mobile Botnet attack. Attacker(BotMaster) can send millions of
requests to a target using compromised mobile devices and it impacts the availability of the target. Because of the unavailability, legitimate users can’t access to the target. Therefore, target causes
financial losses. Beside this Botmaster can steal personal information of the target. The main reason that Mobile Botnet DDoS attacks become extremely dangerous is because, there is
not an effective detection and mitigation systems. The existing systems are capable of detecting common DDoS attacks[7], but Mobile Botnet attacks cannot be detected because it is new.
U.C.S Bandara - IT17111034
As the DDoS attacks are spreading all over world many types of DDoS attacks are discovered. But there are some advanced DDoS attacks which didn’t have a proper way to detect and mitigate this
attack. NTP Amplification attack is also like that. Not only other countries Sri Lanka also have the threat from the NTP Amplification attack.
As NTP Amplification attack didn’t have a proper way to detect, I focus on how to detect it using ML as many literatures say that it can be detected through the ML based IDS
Eshan A.M.N - IT17124904
Distributed Denial of Service (DDoS) attacks are the most devastating attacks in the world right now. So, these attacks damage the most critical functions in internet community.
The main reason are as follows, We can saw many kinds of existing intrusion detection systems in the world. Like Snote,
OSSEC, Sagan. So, these systems can identify DDoS attacks after the attack happened. There is no suitable detection system for DDoS attacks to identify them before the packets reach to
the network. And also, existing intrusion detection systems are not capable of identifying next generation DDoS attacks.
So, we use four next generation attacks as the sample for the system and they are Volumetric DDoS attack, Mobile Botnet Attack, Slow Loris Attack and NTP Amplification Attack.
And also, there are many powerful firewalls to identify and filter malicious packets. But those firewalls can’t filter next generation DDoS attacks. So, we proposed this system as the solution for above mentioned problems.
A.U.Sudugala - IT17114172
Acting against the Distributed Denial of Service (DDoS) attacks through the internet has become one of the major and fundamental problems. Redirecting all destination to
a third party like DNS, protecting DDoS as a service provider like Akamai and Cloudflare are some of the practical approaches to address DDoS attacks as they are
capable of filtering mechanisms to drop attack traffic before passing the normal traffic to the destination. Even though with such kinds of approaches available, as it requires
no upgrades to the existing network infrastructure and able to handle very massive attacks, recent industrial interviews boil the fact that this approach alone is not capable
especially for wide scope organizations like Web Hosting organizations and governments which they are unable to handover third-party security service providers
to control over their network connections. Apart from that, they must depend on their ISPs to filter out suspicious attack traffic. These issues have guided researchers to use autonomous solutions which can detect
and mitigate suspicious packets by the characteristics and behavior of the traffic. Due to the ability to consequently improve the detection of malicious traffic the machine
learning techniques which provide artificial intelligence-based solutions, are well known for offering the highest rate of flexibility in the classification process.
Finding the best among academic propositions and the industrial practice against DDoS is challenging.
Academic invests in techniques like Machine Learning and proposing to apply in the field of DDoS detection in Internet of Things,in
wireless sensors [10], in the field of cloud computing, in Software Defined Networking (SDN) and working on realistic datasets and result validation.
Apart from that, industry segments have invested in new models in their solutions like Network Function Virtualization (NFV) and SDN in order to have scientific discoveries and advanced network structures.
Even though, DDoS attacks related incidents still happen daily, convincing the fact that the problem is not yet solved properly.
**Individual Objectives**
W.H Chanuka - IT17106702
The main objective of the component is to identifying the IRC(Internet Relay Chat) traffic beside normal traffic and figure out whether it is a Mobile Botnet attack or not. If there are any suspicious
traffic, a notification should be given to the user. By identifying Mobile Botnet DDoS attack, the detection system can ensure the availability of a system for the legitimate users without any
interruption. And also reduce financial and other losses of the industries and governments worldwide.
U.C.S Bandara - IT17111034
The main objective of implementing my component is to filter out the normal internet traffic and identify the NTP Responses and identify whether it is a NTP Amplification attack or not. After
identifying the Network traffic, if there is any suspicious traffic a Notification should be given.
Eshan A.M.N - IT17124904
The main objective of the component is to identify the .pcap files and figure out whether it is a Slow Loris attack or not.is there any suspicious traffic, partial HTTP requests, a
notification should be given to the user. Is that suspicious traffic is Slow Loris attack, system detect the attack type and ensure the availability of the systems for the legitimate users without
any interruption.
A.U.Sudugala - IT17114172
The main objective of the research is to provide an Intrusion Detection System which can detect the DDoS attacks using Machine Learning Algorithms by identifying the
suspicious packets, dropping them and sending a notification about the activity to all the network connected authorities. Organizations will be able to provide secure
communication and risk-free experience with a well-secured IoT environment through the proposed system. Most of the networks and IoT devices are very difficult to
maintain because of the lack of security issues and lack of knowledge on these devices. It is required to have a proper mechanism to protect the network and interconnected
IoT devices with no intruder disruptions. Along with it, there should be a mechanism to maintain the data privacy of the organization and the employees. Most of the time
organizations must pay a huge amount of money to hire an expert to configure the network and it takes more time to get the outcome. The proposed system
‘WANHEDA’ will be able to adapt to the network and do the needed configurations by itself. It will reduce the number of false alarms and increase the accuracy of the
network by giving a profitable financial benefit to the organizations.
