Abstract
Enterprise networks face a large number of threats that are managed and mitigated with a combination of proprietary and third-party security tools and services. However, the techniques and principles employed by the said tools, processes, and services are quite conventional. They lack the rapid evolution, as required to protect against modern, state-of-the-art threats faced, specifically, against distributed denial of service (DDoS) attacks. The lack of efficiency of a network is directly proportional to the number of applications and services it hosts, mainly to protect against external and internal threats. Moreover, the effectiveness of such security mechanisms relies on their independent and proactive approach, which is useful for known malware and their attack vectors, but become obsolete when there is a new malware or zero-day vulnerability is exploits. This paper presents an intelligent, highly responsive, and scalable security framework for enterprise networks. The proposed framework incorporates Apache Spark Framework for security analytics. It accurately identifies anomalies related to DDoS attacks from real-time network traffic by using customized machine learning algorithms, meticulously trained against selected feature-set. Encouraging results are obtained when tested against different scenarios and bench-marked with the results achieved by related studies in similar scenarios.
Highlights
T HE heterogeneity in modern enterprise networks has enabled organizations to expand their business operations, but it has provided an opportunity for businesses to efficiently use their skilled resources to optimize the effectiveness of every operation
This paper initially presents a comparative analysis for streaming NetFlow traffic, including KDD, and UNSW-NB15, and later it is used for training supervised machine learning models for early anomaly detection
The results show that the proposed S-distributed denial of service (DDoS) detection system efficiently detects the DDoS attack from network traffic flows with higher detection accuracy 98%
Summary
T HE heterogeneity in modern enterprise networks has enabled organizations to expand their business operations, but it has provided an opportunity for businesses to efficiently use their skilled resources to optimize the effectiveness of every operation. The inclusion of a diverse set of devices and tools in regular enterprise networks has significantly increased the efficacy of the majority of related operations. This level of heterogeneity has diminished physical and geographical boundaries generally faced by enterprises in the past [1]. The benefits of loosely coupled infrastructure to modern enterprises outweighed the regular network policies and compliance, which were followed by such enterprises to enhance performance and security [2]. The technique of exploiting enterprise networks without triggering security alerts with malicious activities is used by attackers with an intent of distributed denial of service (DDoS) attacks [4]
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.