Servers getting hacked and crippled with Massive Distributed Denial of Service (DDoS) attacks, the call for early detection systems, and efficient countermeasures are necessary. Signature-based DDoS detection systems are ineffective in detecting new attacks, and modern anomaly-based detection systems have limited application environments and are weak against various new attacks. In addition, most of the existing defense mechanisms offer little or no adequate protection and many are even designed to mitigate a specific type of DDoS attacks. As these attacks remain highly flexible, and the method can easily switch from attacking one port, protocol, or even operation mode, there is an urgent need to study the general parameters of DDoS activity. This paper also employs Chi-square and information gain to select valuable features in the DDoS detection process. Given the selected attributes, we create several machine learning models among which are Naive Bayes and C4. SVM, KNN classifier, K, and possibilistic C-means clustering. Hence, the results of our experiment show that by applying possibilistic C-means clustering, the chance of recognizing DDoS attacks is much higher than using other models. This approach is opposed to most clustering techniques since it can deal more effectively with uncertainty and overlapping clusters making it a good fit in handling the complex nature of DDoS traffic detection.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Optimizing DDoS Detection Using Machine Learning Approach

  • Saswati Chatterjee,
  • Rinku Vedu Patil,
  • Mukesh Choudhary,
  • Rinkal Dharmesh Sarvaiya

摘要

Servers getting hacked and crippled with Massive Distributed Denial of Service (DDoS) attacks, the call for early detection systems, and efficient countermeasures are necessary. Signature-based DDoS detection systems are ineffective in detecting new attacks, and modern anomaly-based detection systems have limited application environments and are weak against various new attacks. In addition, most of the existing defense mechanisms offer little or no adequate protection and many are even designed to mitigate a specific type of DDoS attacks. As these attacks remain highly flexible, and the method can easily switch from attacking one port, protocol, or even operation mode, there is an urgent need to study the general parameters of DDoS activity. This paper also employs Chi-square and information gain to select valuable features in the DDoS detection process. Given the selected attributes, we create several machine learning models among which are Naive Bayes and C4. SVM, KNN classifier, K, and possibilistic C-means clustering. Hence, the results of our experiment show that by applying possibilistic C-means clustering, the chance of recognizing DDoS attacks is much higher than using other models. This approach is opposed to most clustering techniques since it can deal more effectively with uncertainty and overlapping clusters making it a good fit in handling the complex nature of DDoS traffic detection.