Detection of Distributed Denial of Service Attacks based on Machine Learning Algorithms
AUTHORS
Md Abdur Rahman,Associate Professor of Computer science, Department of Mathematics, Jahangirnagar university, Savar, Dhaka, Bangladesh
ABSTRACT
Distributed Denial of Service (DDoS) attacks make the challenges to provide the services of the data resources to the web clients. In this paper, we concern to study and apply different Machine Learning (ML) techniques to separate the DDoS attack instances from benign instances. Our experimental results show that forward and backward data bytes of our dataset are observed more similar for DDoS attacks compared to the data bytes for benign attempts. This paper uses different machine learning techniques for the detection of the attacks efficiently in order to make sure the offered services from web servers available. This results from the proposed approach suggest that 97.1% of DDoS attacks are successfully detected by the Support Vector Machine (SVM). These accuracies are better while comparing to the several existing machine learning approaches.
KEYWORDS
Machine learning, Machine learning algorithms, DDoS attack, Benign Attempts, Confusion matrix
REFERENCES
[1] S. C. Lin and S. S. Tseng, “Constructing detection knowledge for DDoS intrusion tolerance”, Expert Systems with Applications, vol.27, no.3, pp.379-390, (2004) DOI: 10.1016/j.eswa.2004.05.016 (CrossRef)(Google Scholar)
[2] D. Anstee, D. Bussiere, G. Sockrider, and C. Morales, "Worldwide infrastructure security report", Arbor Netw., Burlington, MA, USA, Tech. Rep 9, (2014)
[3] R. Miao, R. Potharaju, M. Yu, and N. Jain, “The dark menace: Characterizing network-based attacks in the cloud”, Proceedings of the ACM Conference on Internet Measurement Conference, pp.169-182, (2015) DOI: 10.1145/2815675.2815707 (CrossRef)(Google Scholar)
[4] H. Ma, L. Liu, A. Zhou, and D. Zhao, “On networking of Internet of Things: Explorations and challenges”, IEEE Internet Things J., vol.3, no.4, pp.441-452, Aug, (2016) DOI: 10.1109/JIOT.2015.2493082 (CrossRef)(Google Scholar)
[5] P. G. Neumann, “Risks of automation: A cautionary total-system perspective of our cyber future”, Commun. ACM, vol.59, no.10, pp.26-30, Oct, (2016) DOI: 10.1145/2988445 (CrossRef)(Google Scholar)
[6] X. Liu, S. Zhao, A. Liu, N. Xiong, and A. V. Vasilakos, “Knowledge aware proactive nodes selection approach for energy management in Internet of Things”, Future generation computer systems, vol.92, pp.1142-1156, (2019) DOI: 10.1016/j.future.2017.07.022 (CrossRef)(Google Scholar)
[7] Y. Liu, A. Liu, S. Guo, Z. Li, Y.-J. Choi, and H. Sekiya, “Context-aware collect data with energy efficient in cyber physical cloud systems”, Future generation computer systems, vol.105, pp.932-947, (2020) DOI: 10.1016/j.future.2017.05.029(CrossRef)(Google Scholar)
[8] R. T. Kokila, S. T. Selvi, and K. Govindarajan, “DDoS detection and analysis in SDN based environment using support vector machine classifier”, In 2014 IEEE Sixth International Conference on Advanced Computing (ICoAC), pp.205-210, (2014) DOI: 10.1109/ICoAC.2014.7229711(CrossRef)(Google Scholar)
[9] N.-N. Dao, J. Park, M. Park, and S. Cho, “A feasible method to combat against DDoS attack in SDN network”, In 2015 IEEE International Conference on Information Networking (ICOIN), pp.309-311, (2015) DOI: 10.1109/ICOIN.2015.7057902(CrossRef)(Google Scholar)
[10] O. Flauzac, C. Gonzalez, A. Hachani, and F. Nolot, “SDN based architecture for IoT and improvement of the security”, In 2015 IEEE 29th international conference on advanced information networking and applications workshops, pp.688-693, (2015) DOI: 10.1109/WAINA.2015.110 (CrossRef)(Google Scholar)
[11] C. Li, Z. Qin, E. Novak, and Q. Li, "Securing SDN infrastructure of IoT–fog networks from MitM attacks", IEEE Internet of Things Journal, vol.4, no.5, pp.1156-1164, (2017) DOI: 10.1109/JIOT.2017.2685596 (CrossRef)(Google Scholar)
[12] M. E. Ahmed and H. Kim, “DDoS attack mitigation in Internet of Things using software defined networking", In 2017 IEEE third international conference on big data computing service and applications (BigDataService), pp.271-276, (2017) DOI: 10.1109/BigDataService.2017.41 (CrossRef)(Google Scholar)
[13] W. Hu, Wenjie, Y. Liao, and V. R. Vemuri, “Robust Support Vector Machines for Anomaly Detection in Computer Security”, In ICMLA, pp.168-174, (2003)
[14] S. Ranjan, R. Swaminathan, M. Uysal, and E. W. Knightly, “DDoS resilient scheduling to counter application layer attacks under imperfect detection” In INFOCOM, Citeseer, (2006) DOI: 10.1109/INFOCOM.2006.127 (CrossRef)(Google Scholar)
[15] Mcafee lab threat report, http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2015.pdf
[16] S. Noh, C. Lee, K. Choi, and G. Jung. “Detecting distributed denial of service (ddos) attacks through inductive learning”, in International Conference on Intelligent Data Engineering and Automated Learning, Springer, pp.286-295, (2003) DOI: 10.1007/978-3-540-45080-1_38 (CrossRef)(Google Scholar)
[17] T. Shon and J. Moon. “A hybrid machine learning approach to network anomaly detection”, Information Sciences, vol.177, no.18, pp.3799-3821, (2007) DOI: 10.1016/j.ins.2007.03.025 (CrossRef)(Google Scholar)
[18] N. B. Amor, S. Benferhat, and Z. Elouedi, “Naive bayes vs decision trees in intrusion detection systems”, in Proceedings of the 2004 ACM symposium on Applied computing, ACM, pp.420-424, (2004) DOI: 10.1145/967900.967989 (CrossRef)(Google Scholar)
[19] J. Mirkovic, G. Prier, and P. Reiher, "Attacking ddos at the source”, In 10th IEEE International Conference on Network Protocols”, pp.312-321, (2002) DOI: 10.1109/ICNP.2002.1181418 (CrossRef)(Google Scholar)
[20] “Source-end ddos defense”, In Second IEEE International Symposium on Network Computing and Applications, pp.171178, (2003) DOI: 10.1109/NCA.2003.1201153 (CrossRef)(Google Scholar)
[21] Application of Machine Learning. https://medium.com/app-affairs/9-applications-of-machine-learning- from-day-to-day-life-112a47a429d0, (2018)
[22] A. Dey, “Machine learning algorithms: A review”, International Journal of Computer Science and Information Technologies, vol.7, no.3, pp.1174–1179, (2016) DOI: 10.21275/ART20203995 (CrossRef)(Google Scholar)
[23] Logistic Regression, https://machinelearningmastery.com/logistic-regression-for-machine-learning/, December, (2017)
[24] P. K. Agrawal, B. B. Gupta, and S. Jain, “SVM based scheme for predicting number of zombies in a DDoS attack”. 2011 European Intelligence and Security Informatics Conference, Athens, pp.178-182, (2011) DOI: 10.1109/EISIC.2011.19 (CrossRef)(Google Scholar)
[25] N. Bindra and M. Sood. “Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset”, Automatic Control and Computer Sciences, vol.53, no.5, pp.419-428, (2019) DOI: 10.3103/S0146411619050043 (CrossRef)(Google Scholar)
[26] S. Bharathidason and C.J. Venkataeswaran, “Improving classification accuracy based on random forest model with uncorrelated high performing trees”, Int. J. Comput. Appl., vol.101, no.13, pp.26-30, (2014) DOI: 10.5120/17749-8829 (CrossRef)(Google Scholar)
[27] A. Mellor, A. Haywood, C. Stone, and S. Jones, “The performance of random forests in an operational setting for large area sclerophyll forest classification”, Remote Sens., vol.5, no.6, pp.2838–2856, (2013) DOI: 10.3390/rs5062838 (CrossRef)(Google Scholar)
[28] M. Almseidin, S. Alzubi, and K. M. Alkasassbeh, “Evaluation of machine learning algorithms for intrusion detection system”, 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), pp.277-282, (2017) DOI: 10.1109/SISY.2017.8080566 (CrossRef)(Google Scholar)
[29] I. Sreeram and V. P. K. Vuppala, “HTTP flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm”, Applied computing and informatics, vol.15, no.1, pp.59-66, (2019) DOI: 10.1016/j.aci.2017.10.003 (CrossRef)(Google Scholar)
[30] R. Patgiri, U. Varshney, T. Akutota T., and R. Kunde, “An investigation on intrusion detection system using machine learning”, In 2018 IEEE Symposium Series on Computational Intelligence (SSCI), pp.1684-1691, (2018) DOI: 10.1109/SSCI.2018.8628676 (CrossRef)(Google Scholar)