Enhancing intrusion detection against denial of service and distributed denial of service attacks: Leveraging extended Berkeley packet filter and machine learning algorithms

IF 1.5 4区计算机科学 Q3 ENGINEERING, ELECTRICAL & ELECTRONIC

IET Communications Pub Date : 2025-01-06 DOI:10.1049/cmu2.12879

Nemalikanti Anand, Saifulla M A, Pavan Kumar Aakula, Raveendra Babu Ponnuru, Rizwan Patan, Chegireddy Rama Prakasha Reddy

{"title":"Enhancing intrusion detection against denial of service and distributed denial of service attacks: Leveraging extended Berkeley packet filter and machine learning algorithms","authors":"Nemalikanti Anand, Saifulla M A, Pavan Kumar Aakula, Raveendra Babu Ponnuru, Rizwan Patan, Chegireddy Rama Prakasha Reddy","doi":"10.1049/cmu2.12879","DOIUrl":null,"url":null,"abstract":"<p>As organizations increasingly rely on network services, the prevalence and severity of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have emerged as significant threats. The cornerstone of effectively addressing these challenges lies in the timely and precise detection capabilities offered by advanced intrusion detection systems (IDS). Hence, an innovative IDS framework is introduced that seamlessly integrates the extended Berkeley Packet Filter (eBPF) with powerful machine learning algorithms—specifically Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), and TwinSVM—enabling unparalleled real-time detection of DDoS attacks. This cutting-edge solution provides a robust and scalable IDS framework to combat DoS and DDoS threats with high efficiency, leveraging eBPF's capabilities within the Linux kernel to bypass typical user space constraints. The methodology encompasses several key steps: (a) Collection of data from the renowned CIC-IDS-2017 repository; (b) Processing the raw data through a meticulous series of steps, including transmission, cleaning, reduction, and discretization; (c) Utilizing an ANOVA F-test for the extraction of critical features from the preprocessed data; (d) Application of various ML algorithms (DT, RF, SVM, and TwinSVM) to analyze the extracted features for potential intrusion; (e) Implementing an eBPF program to capture network traffic and harness trained model parameters for efficient attack detection directly within the kernel. The experimental results reveal outstanding accuracy rates of 99.38%, 99.44%, 88.73%, and 93.82% for DT, RF, SVM, and TwinSVM, respectively, alongside remarkable precision values of 99.71%, 99.65%, 84.31%, and 98.49%. This high-speed, accurate detection model is ideally suited for high-traffic environments such as data centers. Furthermore, its foundational architecture paves the way for future advancements, including the potential integration of eBPF with XDP to achieve even lower-latency packet processing. The experimental code is available at the GitHub repository link: https://github.com/NemalikantiAnand/Project.</p>","PeriodicalId":55001,"journal":{"name":"IET Communications","volume":"19 1","pages":""},"PeriodicalIF":1.5000,"publicationDate":"2025-01-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://onlinelibrary.wiley.com/doi/epdf/10.1049/cmu2.12879","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Communications","FirstCategoryId":"94","ListUrlMain":"https://onlinelibrary.wiley.com/doi/10.1049/cmu2.12879","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"ENGINEERING, ELECTRICAL & ELECTRONIC","Score":null,"Total":0}

引用次数: 0

Abstract

As organizations increasingly rely on network services, the prevalence and severity of Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks have emerged as significant threats. The cornerstone of effectively addressing these challenges lies in the timely and precise detection capabilities offered by advanced intrusion detection systems (IDS). Hence, an innovative IDS framework is introduced that seamlessly integrates the extended Berkeley Packet Filter (eBPF) with powerful machine learning algorithms—specifically Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), and TwinSVM—enabling unparalleled real-time detection of DDoS attacks. This cutting-edge solution provides a robust and scalable IDS framework to combat DoS and DDoS threats with high efficiency, leveraging eBPF's capabilities within the Linux kernel to bypass typical user space constraints. The methodology encompasses several key steps: (a) Collection of data from the renowned CIC-IDS-2017 repository; (b) Processing the raw data through a meticulous series of steps, including transmission, cleaning, reduction, and discretization; (c) Utilizing an ANOVA F-test for the extraction of critical features from the preprocessed data; (d) Application of various ML algorithms (DT, RF, SVM, and TwinSVM) to analyze the extracted features for potential intrusion; (e) Implementing an eBPF program to capture network traffic and harness trained model parameters for efficient attack detection directly within the kernel. The experimental results reveal outstanding accuracy rates of 99.38%, 99.44%, 88.73%, and 93.82% for DT, RF, SVM, and TwinSVM, respectively, alongside remarkable precision values of 99.71%, 99.65%, 84.31%, and 98.49%. This high-speed, accurate detection model is ideally suited for high-traffic environments such as data centers. Furthermore, its foundational architecture paves the way for future advancements, including the potential integration of eBPF with XDP to achieve even lower-latency packet processing. The experimental code is available at the GitHub repository link: https://github.com/NemalikantiAnand/Project.

Abstract Image

查看原文本刊更多论文

增强针对拒绝服务和分布式拒绝服务攻击的入侵检测：利用扩展的伯克利包过滤和机器学习算法

随着组织越来越依赖网络服务，拒绝服务（DoS）和分布式拒绝服务（DDoS）攻击的流行和严重程度已经成为重大威胁。有效应对这些挑战的基石在于先进的入侵检测系统（IDS）提供的及时和精确的检测能力。因此，引入了一个创新的IDS框架，将扩展的伯克利包过滤器（eBPF）与强大的机器学习算法（特别是决策树（DT），随机森林（RF），支持向量机（SVM）和twinsvm）无缝集成，从而实现无与伦比的DDoS攻击实时检测。这种先进的解决方案提供了一个健壮的、可扩展的IDS框架，可以高效地对抗DoS和DDoS威胁，利用Linux内核中的eBPF功能来绕过典型的用户空间限制。该方法包括几个关键步骤：(a)从著名的CIC-IDS-2017存储库收集数据；(b)通过一系列细致的步骤处理原始数据，包括传输、清理、精简和离散化；(c)利用方差分析f检验从预处理数据中提取关键特征；(d)应用各种ML算法（DT、RF、SVM、TwinSVM）对提取的特征进行潜在入侵分析；(e)实现eBPF程序来捕获网络流量，并利用训练好的模型参数直接在内核内进行有效的攻击检测。实验结果表明，DT、RF、SVM和TwinSVM的准确率分别为99.38%、99.44%、88.73%和93.82%，精度分别为99.71%、99.65%、84.31%和98.49%。这种高速、准确的检测模型非常适合数据中心等高流量环境。此外，它的基础架构为未来的发展铺平了道路，包括eBPF与XDP的潜在集成，以实现更低延迟的数据包处理。实验代码可在GitHub存储库链接中获得：https://github.com/NemalikantiAnand/Project。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Communications 工程技术-工程：电子与电气

CiteScore

4.30

自引率

6.20%

发文量

220

审稿时长

5.9 months

期刊介绍： IET Communications covers the fundamental and generic research for a better understanding of communication technologies to harness the signals for better performing communication systems using various wired and/or wireless media. This Journal is particularly interested in research papers reporting novel solutions to the dominating problems of noise, interference, timing and errors for reduction systems deficiencies such as wasting scarce resources such as spectra, energy and bandwidth. Topics include, but are not limited to: Coding and Communication Theory; Modulation and Signal Design; Wired, Wireless and Optical Communication; Communication System Special Issues. Current Call for Papers: Cognitive and AI-enabled Wireless and Mobile - https://digital-library.theiet.org/files/IET_COM_CFP_CAWM.pdf UAV-Enabled Mobile Edge Computing - https://digital-library.theiet.org/files/IET_COM_CFP_UAV.pdf