Hosny M. Ibrahim

Work place: Faculty of Computers and Information, Assiut University, Assiut, Egypt

E-mail: hibrahim@aun.edu.eg

Website:

Research Interests:

Biography

Prof. Hosny M. Ibrahim received the B.Sc., and M.Sc. degrees in Electrical Engineering from the Faculty of Engineering, Assiut University, Assiut, Egypt, in 1973, and 1977 respectively. He received the Ph.D. degree in Electrical Engineering from Iowa State University, Ames, Iowa, U.S.A. in 1982. He was the Dean of the Faculty of Computers and Information, Assiut University, Assiut, Egypt from September 2002 to August 2011. He was the head of the Information Technology Department, Faculty of Computers and Information, Assiut University, Assiut, Egypt from July 2010 to May 2015. He is currently Professor at the Information Technology Department, Faculty of Computers and Information, Assiut University, Assiut, Egypt.

Author Articles
Machine Learning-based Distributed Denial of Service Attacks Detection Technique using New Features in Software-defined Networks

By Waheed G. Gadallah Nagwa M. Omar Hosny M. Ibrahim

DOI: https://doi.org/10.5815/ijcnis.2021.03.02, Pub. Date: 8 Jun. 2021

Software-Defined Networking is a new network architecture that separates control and data planes. It has central network control and programmability facilities, so it improves manageability, scaling, and performance. However, it may suffer from creating a single point of failure against the controller, which represents the network control plane. So, defending the controller against attacks such as a distributed denial of service attack is a valuable and urgent issue. The advances of this paper are to implement an accurate and significant method to detect this attack with high accuracy using machine learning-based algorithms exploiting new advanced features obtained from traffic flow information and statistics. The developed model is trained with kernel radial basis function. The technique uses advanced features such as unknown destination addresses, packets inter-arrival time, transport layer protocol header, and type of service header. To the best knowledge of the authors, the proposed approach of the paper had not been used before. The proposed work begins with generating both normal and attack traffic flow packets through the network. When packets reach the controller, it extracts their headers and performs necessary flow calculations to get the needed features. The features are used to create a dataset that is used as an input to linear support vector machine classifier. The classifier is used to train the model with kernel radial basis function. Methods such as Naive Bayes, K-Nearest Neighbor, Decision Tree, and Random Forest are also utilized and compared with the SVM model to improve the detection operation. Hence, suspicious senders are blocked and their information is stored. The experimental results prove that the proposed technique detects the attack with high accuracy and low false alarm, compared to other related techniques.

[...] Read more.
Other Articles