Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
A lightweight machine learning approach for DDoS detection and classification
View through CrossRef
Abstract
With the development of network technology, more and more protocols and devices are used in DDoS reflection and exploitation attacks. Different DDoS attacks often require different responses, so in order to protect against DDoS attacks; it requires not only DDoS detection, but also the classification of the detected DDoS traffic. Traditional machine learning approaches are typically ineffective and unable to cope with actual traffic properties when used to identify DDoS attacks. This paper introduces a novel and lightweight machine learning approach for DDoS detection and classification. The proposed approach aims to detect all types of DDoS attacks with their specific subcategory. Our approach implements different machine learning models, including Complement Naïve Bayes (CNB), k-Nearest-Neighbour (kNN), Random Forest (RF), and Logistic Regression (LR). We aim to find a universal approach whose performance is not limited to a specific dataset, so the proposed approach uses the universal features set and some minimal universal features subsets when training and testing our models. Moreover, we apply under-sampling method (NearMiss) to produce balanced and small sized samples. Extensive experiments are performed on the CIC-DDoS2019 dataset to validate the effectiveness of the proposed approach. In our experiments, we considered the multiclass classification configurations. The results demonstrated that the proposed approach is effective and causes a significant reduction in time and memory usage, as the random forest algorithm achieved the best performance compared to other models. The KNN algorithm came in second place, with performance values close to those achieved by the RF algorithm. More precisely, we found that KNN with NearMiss achieved better time than RF with NearMiss, but RF still outperformed KNN in terms of memory usage. Therefore, we recommend using KNN with NearMiss when time is a limitation for this network. We also recommend using RF with NearMiss when memory usage is limited in the network environment in which this approach will be applied.
Title: A lightweight machine learning approach for DDoS detection and classification
Description:
Abstract
With the development of network technology, more and more protocols and devices are used in DDoS reflection and exploitation attacks.
Different DDoS attacks often require different responses, so in order to protect against DDoS attacks; it requires not only DDoS detection, but also the classification of the detected DDoS traffic.
Traditional machine learning approaches are typically ineffective and unable to cope with actual traffic properties when used to identify DDoS attacks.
This paper introduces a novel and lightweight machine learning approach for DDoS detection and classification.
The proposed approach aims to detect all types of DDoS attacks with their specific subcategory.
Our approach implements different machine learning models, including Complement Naïve Bayes (CNB), k-Nearest-Neighbour (kNN), Random Forest (RF), and Logistic Regression (LR).
We aim to find a universal approach whose performance is not limited to a specific dataset, so the proposed approach uses the universal features set and some minimal universal features subsets when training and testing our models.
Moreover, we apply under-sampling method (NearMiss) to produce balanced and small sized samples.
Extensive experiments are performed on the CIC-DDoS2019 dataset to validate the effectiveness of the proposed approach.
In our experiments, we considered the multiclass classification configurations.
The results demonstrated that the proposed approach is effective and causes a significant reduction in time and memory usage, as the random forest algorithm achieved the best performance compared to other models.
The KNN algorithm came in second place, with performance values close to those achieved by the RF algorithm.
More precisely, we found that KNN with NearMiss achieved better time than RF with NearMiss, but RF still outperformed KNN in terms of memory usage.
Therefore, we recommend using KNN with NearMiss when time is a limitation for this network.
We also recommend using RF with NearMiss when memory usage is limited in the network environment in which this approach will be applied.
Related Results
A Framework for Detecting Distributed Denial of Services Attack in Cloud Enviorment using Machine Learning Techniques
A Framework for Detecting Distributed Denial of Services Attack in Cloud Enviorment using Machine Learning Techniques
Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high p...
Detection & Mitigation of DDOS Attack
Detection & Mitigation of DDOS Attack
Abstract
The DDoS (Distributed Denial of Service) attack is a type of Cyberattack in which multiple attackers aim to attack different network resources like a server or a w...
Timely Detection of DDoS Attacks with Dimenstionality Reduction
Timely Detection of DDoS Attacks with Dimenstionality Reduction
Due to the interconnectedness and exponential proliferation of IoT devices, the technology is more susceptible to network attacks like Distributed Denial of Service (DDoS), which d...
Designing of Blockchain-Based Cyber Security for the Protection of Distributed Denial of Service (DDoS) Attacks on Client-Server Networks
Designing of Blockchain-Based Cyber Security for the Protection of Distributed Denial of Service (DDoS) Attacks on Client-Server Networks
Abstract
The complexity and difficulty of the ongoing and unstoppable cybercrimes in the traditional or conventional Artificial Intelligence (AI) system create the worst pr...
Mitigating DDoS Attacks in Cloud Networks
Mitigating DDoS Attacks in Cloud Networks
Distributed Denial of Service (DDoS) attacks represent a significant and growing threat to cloud networks, capable of causing extensive service disruptions and substantial financia...
MITIGATING SLOW HYPERTEXT TRANSFER PROTOCOL DISTRIBUTED DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORKS
MITIGATING SLOW HYPERTEXT TRANSFER PROTOCOL DISTRIBUTED DENIAL OF SERVICE ATTACKS IN SOFTWARE DEFINED NETWORKS
Distributed Denial of Service (DDoS) attacks has been one of the persistent forms of attacks on information technology infrastructure connected to public networks due to the ease o...
On the inference and prediction of DDoS campaigns
On the inference and prediction of DDoS campaigns
AbstractThis work proposes a distributed denial‐of‐service (DDoS) inference and forecasting model that aims at providing insights to organizations, security operators, and emergenc...
A lightweight DDoS detection scheme under SDN context
A lightweight DDoS detection scheme under SDN context
AbstractSoftware-defined networking (SDN), a novel network paradigm, separates the control plane and data plane into different network equipment to realize the flexible control of ...