检测不到DDOS攻击

[jayluxferro]

I suggest you read the base research paper before opening any issue. http://dx.doi.org/10.3390/technologies9010014

[wang-wyy]

I suggest you read the base research paper before opening any issue. http://dx.doi.org/10.3390/technologies9010014

I have read your article. I downloaded your code and tested it on ubantu virtual machine, but no DDoS attack was detected

[wang-wyy]

[wang-wyy]

I can't find out what's wrong,

[jayluxferro]

Did you just use our data for the classification? If yes that might not work for all cases because the thresholds for normal and malicious traffic might differ. What you can do with our data is just to apply some feature engineering techniques on it for better accuracy. If you want to do the classification, then you might have to gather data for normal and malicious traffic in your case for it to work.

Another optimal approach is to use inter-packet arrival rate for DDoS classification. Yet to try that on SDN. I earlier applied it an IoT Host-based research. http://dx.doi.org/10.1016/j.iot.2020.100319

[wang-wyy]

I directly used your trained model and code to detect DDoS in the same SDN environment

[wang-wyy]

I just want to test whether the detection engine can detect it. I don't classify it

[jayluxferro]

I just want to test whether the detection engine can detect it. I don't classify it

Oh okay. I get you now. For me to know what's wrong, which of the models are you using? What data are you passing to the model? Sorry I'm asking too many questions. Want to know what is wrong here.

[wang-wyy]

rnn_lstm model---------- analyzer.py I changed model.load_weights('./lmodel.h5') ---> model.load_weights('./lstm_model.h5') detection.py use -------------model_output = int(model.predict(np.reshape(data, (data.shape[0], 1, data.shape[1])))[0][0])

[wang-wyy]

The rest uses your code

[jayluxferro]

Alright. I will re-run the setup and figure out why that's happening. Hopefully by Thursday if that's okay.

[wang-wyy]

If you can detect it normally, please tell me the specific operation plan, Thanks

[jayluxferro]

If you can detect it normally, please tell me the specific operation plan, Thanks

Sure. Thanks

[wang-wyy]

I've tried all kinds of models you've trained, but they can't be detected

[wang-wyy]

It's correct?

[jayluxferro]

It's correct?

yeah it is.

In what we did, we looked at distributed Denial of service where we trigger a DoS to the control from all the nodes. I hope that's what you're doing? Then you can analyse and classify.

[jayluxferro]

It's correct?

yeah it is.

In what we did, we looked at distributed Denial of service where we trigger a DoS to the control from all the nodes. I hope that's what you're doing? Then you can analyse and classify.

So in that sense you don't just have DoS traffic from a single openvswitch. All the DoS traffic from all the switches was used in the model. So when running the detection model, please make sure you have all the nodes triggering a DoS attack on the controller.

[wang-wyy]

Do all hosts send DoS attacks to the controller at the same time

It's correct?

yeah it is. In what we did, we looked at distributed Denial of service where we trigger a DoS to the control from all the nodes. I hope that's what you're doing? Then you can analyse and classify.

So in that sense you don't just have DoS traffic from a single openvswitch. All the DoS traffic from all the switches was used in the model. So when running the detection model, please make sure you have all the nodes triggering a DoS attack on the controller.

It's correct?

yeah it is. In what we did, we looked at distributed Denial of service where we trigger a DoS to the control from all the nodes. I hope that's what you're doing? Then you can analyse and classify.

So in that sense you don't just have DoS traffic from a single openvswitch. All the DoS traffic from all the switches was used in the model. So when running the detection model, please make sure you have all the nodes triggering a DoS attack on the controller.

Do all hosts send DoS attacks to the controller at the same time

[jayluxferro]

Yes they do.

[wang-wyy]

I try it tomorrow

[jayluxferro]

Alright.

[wang-wyy]

I choose 1, 3, 5, 7 hosts to launch DOS on 9 hosts. Is that right?

[wang-wyy]

use all hosts also failed

[jayluxferro]

use all hosts also failed

Interesting. I suggest you just create your own setup, train the model and use it.

[wang-wyy]

Can you detect it?What are your deployment code steps?

[jayluxferro]

The last time I did run it was last year.

I think it will be easier if you try to gather the data, train and test at your end.

The getSwitchData function in the func.py file collects all the data on the switches. Looking at Tx and Rx data on each switch.

def getSwitchData():
    return getData('/wm/core/switch/all/port/json')

You can just write a simple code to gather a normal tcp, udp and icmp traffic. Use iperf to send small packets. Save the data and also run for a DoS scenario then you can generate your models and use the best for the detection.

If you don't like the approach then you can just do a time-based DoS detection mechanism based on the paper I sent you.