Search engine for discovering works of Art, research articles, and books related to Art and Culture
Javascript must be enabled to continue!
A lightweight machine learning approach for DDoS detection and classification
View through CrossRef
Abstract
With the development of network technology, more and more protocols and devices are used in DDoS reflection and exploitation attacks. Different DDoS attacks often require different responses, so in order to protect against DDoS attacks; it requires not only DDoS detection, but also the classification of the detected DDoS traffic. Traditional machine learning approaches are typically ineffective and unable to cope with actual traffic properties when used to identify DDoS attacks. This paper introduces a novel and lightweight machine learning approach for DDoS detection and classification. The proposed approach aims to detect all types of DDoS attacks with their specific subcategory. Our approach implements different machine learning models, including Complement Naïve Bayes (CNB), k-Nearest-Neighbour (kNN), Random Forest (RF), and Logistic Regression (LR). We aim to find a universal approach whose performance is not limited to a specific dataset, so the proposed approach uses the universal features set and some minimal universal features subsets when training and testing our models. Moreover, we apply under-sampling method (NearMiss) to produce balanced and small sized samples. Extensive experiments are performed on the CIC-DDoS2019 dataset to validate the effectiveness of the proposed approach. In our experiments, we considered the multiclass classification configurations. The results demonstrated that the proposed approach is effective and causes a significant reduction in time and memory usage, as the random forest algorithm achieved the best performance compared to other models. The KNN algorithm came in second place, with performance values close to those achieved by the RF algorithm. More precisely, we found that KNN with NearMiss achieved better time than RF with NearMiss, but RF still outperformed KNN in terms of memory usage. Therefore, we recommend using KNN with NearMiss when time is a limitation for this network. We also recommend using RF with NearMiss when memory usage is limited in the network environment in which this approach will be applied.
Title: A lightweight machine learning approach for DDoS detection and classification
Description:
Abstract
With the development of network technology, more and more protocols and devices are used in DDoS reflection and exploitation attacks.
Different DDoS attacks often require different responses, so in order to protect against DDoS attacks; it requires not only DDoS detection, but also the classification of the detected DDoS traffic.
Traditional machine learning approaches are typically ineffective and unable to cope with actual traffic properties when used to identify DDoS attacks.
This paper introduces a novel and lightweight machine learning approach for DDoS detection and classification.
The proposed approach aims to detect all types of DDoS attacks with their specific subcategory.
Our approach implements different machine learning models, including Complement Naïve Bayes (CNB), k-Nearest-Neighbour (kNN), Random Forest (RF), and Logistic Regression (LR).
We aim to find a universal approach whose performance is not limited to a specific dataset, so the proposed approach uses the universal features set and some minimal universal features subsets when training and testing our models.
Moreover, we apply under-sampling method (NearMiss) to produce balanced and small sized samples.
Extensive experiments are performed on the CIC-DDoS2019 dataset to validate the effectiveness of the proposed approach.
In our experiments, we considered the multiclass classification configurations.
The results demonstrated that the proposed approach is effective and causes a significant reduction in time and memory usage, as the random forest algorithm achieved the best performance compared to other models.
The KNN algorithm came in second place, with performance values close to those achieved by the RF algorithm.
More precisely, we found that KNN with NearMiss achieved better time than RF with NearMiss, but RF still outperformed KNN in terms of memory usage.
Therefore, we recommend using KNN with NearMiss when time is a limitation for this network.
We also recommend using RF with NearMiss when memory usage is limited in the network environment in which this approach will be applied.
Related Results
Drift Adaptive Online DDoS Attack Detection Framework for IoT System
Drift Adaptive Online DDoS Attack Detection Framework for IoT System
Internet of Things (IoT) security is becoming important with the growing popularity of IoT devices and their wide applications. Recent network security reports revealed a sharp inc...
DETECTING DISTRIBUTED DENIAL OF SERVICES USING MACHINE LANGUAGE LEARNING TECHNIQUES
DETECTING DISTRIBUTED DENIAL OF SERVICES USING MACHINE LANGUAGE LEARNING TECHNIQUES
Vulnerabilities caused by cyberattacks impact negatively on the increased dependence of society on information and communication technologies (ICT) to conduct personal and business...
A Framework for Detecting Distributed Denial of Services Attack in Cloud Enviorment using Machine Learning Techniques
A Framework for Detecting Distributed Denial of Services Attack in Cloud Enviorment using Machine Learning Techniques
Distributed Denial of Service (DDoS) persists in Online Applications as One of those significant threats. Attackers can execute DDoS by the more natural steps. Then with the high p...
Detection & Mitigation of DDOS Attack
Detection & Mitigation of DDOS Attack
Abstract
The DDoS (Distributed Denial of Service) attack is a type of Cyberattack in which multiple attackers aim to attack different network resources like a server or a w...
Timely Detection of DDoS Attacks with Dimenstionality Reduction
Timely Detection of DDoS Attacks with Dimenstionality Reduction
Due to the interconnectedness and exponential proliferation of IoT devices, the technology is more susceptible to network attacks like Distributed Denial of Service (DDoS), which d...
An enhanced federated machine learning for secure DDOS detection in IOT network
An enhanced federated machine learning for secure DDOS detection in IOT network
The rapid growth of Internet of Things (IoT) devices has created new opportunities for automation and connectivity, but it has also increased exposure to cyber-attacks especially D...
Designing of Blockchain-Based Cyber Security for the Protection of Distributed Denial of Service (DDoS) Attacks on Client-Server Networks
Designing of Blockchain-Based Cyber Security for the Protection of Distributed Denial of Service (DDoS) Attacks on Client-Server Networks
Abstract
The complexity and difficulty of the ongoing and unstoppable cybercrimes in the traditional or conventional Artificial Intelligence (AI) system create the worst pr...
Mitigating DDoS Attacks in Cloud Networks
Mitigating DDoS Attacks in Cloud Networks
Distributed Denial of Service (DDoS) attacks represent a significant and growing threat to cloud networks, capable of causing extensive service disruptions and substantial financia...