SD-Honeypot Integration for Mitigating DDoS Attack Using Machine Learning Approaches

Sumadi, Fauzi Dwi Setiawan and widagdo, arizal rakhmad and reza, abyan faishal and Syaifuddin, Syaifuddin (2022) SD-Honeypot Integration for Mitigating DDoS Attack Using Machine Learning Approaches. JOIV International Journal on Information Visualization, 6 (1). ISSN 2549-9904

[thumbnail of Similarity - Sumadi Widagdo Reza Syaifuddin - DDoS intrusion prevention system machine learning SDHoneypot Suricata.pdf]
Preview
Text
Similarity - Sumadi Widagdo Reza Syaifuddin - DDoS intrusion prevention system machine learning SDHoneypot Suricata.pdf

Download (2MB) | Preview
[thumbnail of Sumadi Widagdo Reza Syaifuddin - DDoS intrusion prevention system machine learning SDHoneypot Suricata.pdf]
Preview
Text
Sumadi Widagdo Reza Syaifuddin - DDoS intrusion prevention system machine learning SDHoneypot Suricata.pdf

Download (3MB) | Preview

Abstract

Distributed Denial of Services (DDoS) is still considered the main availability problem in computer networks. Developing a programmable Intrusion Prevention System (IPS) application in a Software Defined Network (SDN) may solve the specified problem. However, the deployment of centralized logic control can create a single point of failure on the network. This paper proposed the integration of Honeypot Sensor (Suricata) on the SDN environment, namely the SD-Honeypot network, to resolve the DDoS attack using a machine learning approach. The application employed several algorithms (Support Vector Machine (SVM), Multilayer Perceptron (MLP), Gaussian Naive Bayes (GNB), K-Nearest Neighbors (KNN), Classification and Regression Trees (CART), and Random Forest (RF)) and comparatively analyzed. The dataset used during the emulation utilized the extracted Internet Control Message Protocol (ICMP) flood data from the Suricata sensor. In order to measure the effectiveness of detection and mitigation modules, several variables were examined, namely, accuracy, precision, recall, and the promptness of the flow mitigation installation process. The Honeypot server transmitted the flow rule modification message for blocking the attack using the Representational State Transfer Application Programming Interface (REST API). The experiment results showed the effectiveness of CART algorithm for detecting and resolving the intrusion. Despite the accuracy score pointed at 69-70%, the algorithm could promptly deploy the mitigation flow within 31-49ms compared to the SVM, which produced 93-94% accuracy, but the flow installation required 112-305ms. The developed CART module can be considered a solution to prevent the attack effectively based on the analyzed variable

Item Type: Article
Keywords: DDoS; intrusion prevention system; machine learning; SD-Honeypot; Suricata.
Subjects: T Technology > T Technology (General)
Divisions: Faculty of Engineering > Department of Informatics (55201)
Depositing User: evalina Risqi Evalina ST.
Date Deposited: 02 Apr 2024 07:32
Last Modified: 02 Apr 2024 07:32
URI: https://eprints.umm.ac.id/id/eprint/5409

Actions (login required)

View Item
View Item