dc.description.abstract |
Distributed denial-of-service attack, also known as DDoS attack is one of the most
dangerous cyber-security threats posed at present. The term itself describes the technique
nicely. A distributed network of devices send junk information to a target to deny access
to the target from its intended users. The mechanisms for building that traffic and sending
vary, but the end goal is the same take the target down. DDoS makes a large amount of
packet requests to be sent to the victim machine making it difficult for the defender to
distinguish and protect itself from an attack. Meanwhile, legitimate users can’t access the
recourse. Our proposed work aims to fill this gap by providing real time open-source
robust system for DDoS attack detection and prediction which can be used by enterprise
and industries to keep their networks and servers secure from malicious DDoS attacks.
A Machine learning techniques is used to identify DDoS attacks and provides protection
in a network with a maximum accuracy of 99.86%. Our paper uses machine learning
techniques to select most adaptive features and a dynamic attribute selection techniques is
used. We collected our own dataset and used only 1.1 Million packets from over all 32
GB of dataset. Our proposed machine learning for DDoS detection and classification
technique is categorized into three modules. First is pre-processing in which features of
the dataset are selected and normalized. In the second module we selected our feature
which is the most correlated features of the dataset. This technique reduces the number of
features from 10 to 1. In the last module, different classifier are used to classify DDoS
and normal traffic. Artificial neural network (ANN), Decision Tree (DTs), Gradient
Boosting, k-nearest neighbors (KNN), Logistic Regression, Naive Bayes, Gaussian NB
and Random Forest classifiers are used in our research work. KNN, Decision Tree,
Random Forest, Gradient Boosting, ANN, Gaussian NB has produced high attack
detection rate greater than 99% with very low misclassified rate. Further, selected
attributes are also classified on the basis of protocol ICMP, TCP and UDP. ANN has the
highest attack detection rate with 99.86 % with very low misclassified rate. We
demonstrate the effect of DDoS attack on the performance network using a test bed. We
use ANN model to analyze the feasibility of DDoS attacks detection, keeping in view the
attacker’s objective. Our analysis will help security experts to propose countermeasures. |
en_US |