Your search keyword '"Desmond Chambers"' showing total 6 results

1. Recurrent autonomous autoencoder for intelligent DDoS attack mitigation within the ISP domain

Author

Ili Ko, Desmond Chambers, and Enda Barrett

Subjects

Network security, Computer science, Denial-of-service attack, 02 engineering and technology, Random walk, UDP flood attack, computer.software_genre, DDoS mitigation, Cyber security, Unsupervised learning, Internet Control Message Protocol, Artificial Intelligence, Machine learning, 0202 electrical engineering, electronic engineering, information engineering, Cluster analysis, business.industry, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Deep learning, Autoencoder, Scalability, 020201 artificial intelligence & image processing, Original Article, Evaluation metrics for unsupervised learning, Computer Vision and Pattern Recognition, Data mining, business, computer, Software

Abstract

The continuous advancement of DDoS attack technology and an increasing number of IoT devices connected on 5G networks escalate the level of difficulty for DDoS mitigation. A growing number of researchers have started to utilise Deep Learning algorithms to improve the performance of DDoS mitigation systems. Real DDoS attack data has no labels, and hence, we present an intelligent attack mitigation (IAM) system, which takes an ensemble approach by employing Recurrent Autonomous Autoencoders (RAA) as basic learners with a majority voting scheme. The RAA is a target-driven, distributionenabled, and imbalanced clustering algorithm, which is designed to work with the ISP’s blackholing mechanism for DDoS flood attack mitigation. It can dynamically select features, decide a reference target (RT), and determine an optimal threshold to classify network traffic. A novel Comparison-Max Random Walk algorithm is used to determine the RT, which is used as an instrument to direct the model to classify the data so that the predicted positives are close or equal to the RT. We also propose Estimated Evaluation Metrics (EEM) to evaluate the performance of unsupervised models. The IAM system is tested with UDP flood, TCP flood, ICMP flood, multi-vector and a real UDP flood attack data. Additionally, to check the scalability of the IAM system, we tested it on every subdivided data set for distributed computing. The average Recall on all data sets was above 98%.

Published

2021

2. Improved Jitter Buffer Management for WebRTC

Author

Desmond Chambers, Peter Pocta, Hugh Melvin, and Yusuf Cinar

Subjects

Voice over IP, Computer Networks and Communications, business.industry, Network packet, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 02 engineering and technology, WebRTC, Buffer (optical fiber), Management algorithm, Hardware and Architecture, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, Network conditions, business, Computer network, Jitter

Abstract

This work studies the jitter buffer management algorithm for Voice over IP in WebRTC. In particular, it details the core concepts of WebRTC’s jitter buffer management. Furthermore, it investigates how jitter buffer management algorithm behaves under network conditions with packet bursts. It also proposes an approach, different from the default WebRTC algorithm, to avoid distortions that occur under such network conditions. Under packet bursts, when the packet buffer becomes full, the WebRTC jitter buffer algorithm may discard all the packets in the buffer to make room for incoming packets. The proposed approach offers a novel strategy to minimize the number of packets discarded in the presence of packet bursts. Therefore, voice quality as perceived by the user is improved. ITU-T Rec. P.863, which also confirms the improvement, is employed to objectively evaluate the listening quality.

Published

2021

3. Self-supervised network traffic management for DDoS mitigation within the ISP domain

Author

Desmond Chambers, Ili Ko, and Enda Barrett

Subjects

Dynamic network analysis, business.product_category, Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Service provider, UDP flood attack, DDoS mitigation, Internet Control Message Protocol, Egress filtering, Hardware and Architecture, NetFlow, 0202 electrical engineering, electronic engineering, information engineering, Internet access, 020201 artificial intelligence & image processing, The Internet, business, Software, Computer network

Abstract

The continuing development of 5G technology increases the number of devices connected to the internet, this provides an increasing potential for cybercriminals to orchestrate detrimental Distributed Denial of Service (DDoS) attacks. The research community continues to develop new techniques to respond to the growing demand for DDoS mitigation. The internet service provider (ISP) provides internet access for users, so the attack traffic arrives at this location before reaching the victim. Deploying the mitigation system within the ISP domain offers an efficient solution. Therefore, we propose a dynamic network traffic managing (DNTM) system, which encompasses an Attack Detector, an IP Prioritiser, a Traffic Manager, and a Netflow Classifier, for the ISP. The IP prioritiser categorises IP addresses into normal and suspicious classes. The Traffic Manager makes use of the existing ISP mechanisms including ingress & egress filtering, rate limiting, blackholing and normal routing to take different mitigation actions. The Netflow Classifier is a hybrid ensemble model that utilises both unsupervised and supervised learning techniques. The classifier employs two self-organising maps (SOMs) to label data to train a supervised ensemble unit, which includes Random Forests, Decision Trees, and Gradient Boosted Trees (SRDG), to get the final classification. The Netflow Classifier achieved over 96% average on recall, precision and F1 score on UDP flood, ICMP flood and TCP flood attack data sets.

Published

2020

4. Feature dynamic deep learning approach for DDoS mitigation within the ISP domain

Author

Enda Barrett, Ili Ko, and Desmond Chambers

Subjects

021110 strategic, defence & security studies, Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 0211 other engineering and technologies, Botnet, Denial-of-service attack, Cloud computing, 02 engineering and technology, computer.software_genre, Computer security, DDoS mitigation, Server, NetFlow, Malware, The Internet, Safety, Risk, Reliability and Quality, business, computer, Software, Information Systems

Abstract

The emergence of the Mirai malware facilitated a DDoS attack vector to surge to almost 1 Tbps in 2016, instigated by less than 150,000 infected IoT devices. With the infection of five new IoT devices per minute, the size of Mirai botnet was enlarged to 2.5 millions devices by the end of 2016. The continuous adaptation of the Mirai malware enables the modern variant to dynamically update its malware scripts on the fly to launch even more advanced and malevolent DDoS attacks, which dramatically escalates the level of difficulty with mitigating DDoS attacks. Many researchers endeavour to develop mitigation systems to keep up with the increasing security threats. Nonetheless, most presented models provide inefficient solutions either by utilising auxiliary servers at the host site, on the cloud or at dedicated data scrubbing centres. Since internet service providers (ISPs) connect the internet with users, the mitigation system should be deployed within the ISP domain to deliver a more efficient solution. Accordingly, we propose a stacked self-organising map, which is a feature dynamic deep learning approach that utilises netflow data collected by the ISP to combat the dynamic nature of novel DDoS attacks.

Published

2019

5. Adaptable feature-selecting and threshold-moving complete autoencoder for DDoS flood attack mitigation

Author

Enda Barrett, Ili Ko, and Desmond Chambers

Subjects

Exploit, Computer Networks and Communications, business.industry, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Service provider, UDP flood attack, Autoencoder, DDoS mitigation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, The Internet, Safety, Risk, Reliability and Quality, business, F1 score, Software, Computer network

Abstract

DDoS attacks remain one of the top cyber threats targeting the financial, health care, retail, gaming, and political sectors, which affects Internet service disruption, data or monetary loss. Security experts have predicted that the development of 5G technology will increase the frequency and the vector of DDoS attacks. Moreover, enhanced DDoS attack technology utilises artificial intelligence [1], which will escalate the level of difficulty to identify malicious traffic correctly to mitigate the attack effectively. The Internet service provider (ISP) is the connector between the users and the Internet. Deploying DDoS mitigation systems within the ISP domain can offer an efficient solution. Therefore, we propose a dynamic learning system (DLS) for the ISP. The DLS is an unsupervised ensemble model using the Complete Autoencoder (CA) as base learners to classify network traffic. The utmost difference between the CA and the regular Autoencoder is that the CA exploits the imbalanced characteristic of the attack data to generate a binary classification via a class switch. When the predicted number of normal IP addresses is over 50% of the total IP addresses, the CA swaps the class of the IP addresses. The CA is directed by a reference object (RO), which is either a reference limit or the mean of a reference error function ( R L 1 ¯ ), to furnish the automation to the DLS. The DLS was trained with a TCP-ICMP flood attack and tested with a UDP-TCP and a UDP-TCP-ICMP flood attack data set. The average Recall, Precision and F1 Score are all above 0.97. Additionally, the DLS outperformed the K-means and the Self-Organising Map models on a UDP flood attack data set.

Published

2020

6. A Lightweight DDoS Attack Mitigation System within the ISP Domain Utilising Self-organizing Map

Author

Ili Ko, Desmond Chambers, and Enda Barrett

Subjects

Self-organizing map, Access network, Computer science, ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS, 020206 networking & telecommunications, Denial-of-service attack, 02 engineering and technology, Intrusion detection system, Computer security, computer.software_genre, Software deployment, Scalability, NetFlow, 0202 electrical engineering, electronic engineering, information engineering, Bandwidth (computing), 020201 artificial intelligence & image processing, computer

Abstract

Disruption precipitated by Distributed Denial of Service (DDoS) attacks has escalated drastically in recent years. This is due to the deployment of faster network access technologies, innovative network reliant applications and leading edge devices like smart phones, tablets and Internet of Things (IoT). Applications running on these devices are increasing the dependency of high speed network services. Nonetheless, the main objective of DDoS attacks are to deprive legitimate users of network services by exhausting a victim’s bandwidth or hardware resources. Most current approaches offer centralized detection and mitigation. However, few proposals focus on deploying DDoS defense and mitigation systems within the ISP’s domain, which has the potential to provide scalable and distributed solutions for these attacks. This paper presents a lightweight DDoS attack mitigation system utilising self-organizing map algorithm to classify near real time netflow data collected by the ISP.

Published

2018