SCAFFY

IF 0.5 Q4 COMPUTER SCIENCE, SOFTWARE ENGINEERING

International Journal of Information Security and Privacy Pub Date : 2021-07-01 DOI:10.4018/ijisp.2021070107

Muraleedharan N., Janet B.

{"title":"SCAFFY","authors":"Muraleedharan N., Janet B.","doi":"10.4018/ijisp.2021070107","DOIUrl":null,"url":null,"abstract":"Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.","PeriodicalId":44332,"journal":{"name":"International Journal of Information Security and Privacy","volume":null,"pages":null},"PeriodicalIF":0.5000,"publicationDate":"2021-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"SCAFFY\",\"authors\":\"Muraleedharan N., Janet B.\",\"doi\":\"10.4018/ijisp.2021070107\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.\",\"PeriodicalId\":44332,\"journal\":{\"name\":\"International Journal of Information Security and Privacy\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.5000,\"publicationDate\":\"2021-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Information Security and Privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4018/ijisp.2021070107\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, SOFTWARE ENGINEERING\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Information Security and Privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4018/ijisp.2021070107","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, SOFTWARE ENGINEERING","Score":null,"Total":0}

引用次数: 1

摘要

拒绝服务(DoS)攻击是对关键基础设施和服务可用性的常见威胁之一。随着越来越多的服务启用在线，对这些服务可用性的攻击可能会对我们的日常生活产生灾难性的影响。与传统的容量DoS不同，慢速DoS攻击使用带宽较小的合法连接。因此，很难通过监视带宽使用情况和通信量来检测缓慢的DoS。本文解释了一种名为“scaffold”的新型机器学习模型，该模型使用流量级别参数对HTTP流量上的慢DoS进行分类。脚手架使用多阶段方法进行特征切片和分类。利用CICIDS2017和SUEE数据集的流量参数，对决策树、随机森林、XGBoost和KNN算法的分类性能进行了比较。将从SCAFFY得到的结果与最近的两个文献中可用的结果进行比较，表明脚手架模型在分类精度上优于最先进的方法。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

SCAFFY

Denial of service (DoS) attack is one of the common threats to the availability of critical infrastructure and services. As more and more services are online enabled, the attack on the availability of these services may have a catastrophic impact on our day-to-day lives. Unlike the traditional volumetric DoS, the slow DoS attacks use legitimate connections with lesser bandwidth. Hence, it is difficult to detect slow DoS by monitoring bandwidth usage and traffic volume. In this paper, a novel machine learning model called ‘SCAFFY' to classify slow DoS on HTTP traffic using flow level parameters is explained. SCAFFY uses a multistage approach for the feature section and classification. Comparison of the classification performance of decision tree, random forest, XGBoost, and KNN algorithms are carried out using the flow parameters derived from the CICIDS2017 and SUEE datasets. A comparison of the result obtained from SCAFFY with two recent works available in the literature shows that the SCAFFY model outperforms the state-of-the-art approaches in classification accuracy.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Information Security and Privacy COMPUTER SCIENCE, SOFTWARE ENGINEERING-

CiteScore

2.50

自引率

0.00%

发文量

期刊介绍： As information technology and the Internet become more and more ubiquitous and pervasive in our daily lives, there is an essential need for a more thorough understanding of information security and privacy issues and concerns. The International Journal of Information Security and Privacy (IJISP) creates and fosters a forum where research in the theory and practice of information security and privacy is advanced. IJISP publishes high quality papers dealing with a wide range of issues, ranging from technical, legal, regulatory, organizational, managerial, cultural, ethical and human aspects of information security and privacy, through a balanced mix of theoretical and empirical research articles, case studies, book reviews, tutorials, and editorials. This journal encourages submission of manuscripts that present research frameworks, methods, methodologies, theory development and validation, case studies, simulation results and analysis, technological architectures, infrastructure issues in design, and implementation and maintenance of secure and privacy preserving initiatives.