DDoS Attack Detection with Machine Learning
Main Article Content
Abstract
Nowadays, Distributed Denial of Service (DDoS) attacks are a major issue in internet security. These attacks target servers or network infrastructure. Similar to an unanticipated traffic jam on highway (lagging/crash) that prevent normal traffic reach to destination. DDoS may prevent users to access any system services. Researchers and scientists have developed numerous methods and algorithms to improve the performance of DDoS detection. In this paper, a DDoS detection method utilizing machine learning is proposed. There are three type of supervised machine learning classification methods which are K-Nearest Neighbor, Multilayer Perceptron and Random Forest, are applied in the proposed work to assess the accuracy of the model in training and testing processes. RF classification provides robustness and interpretability, MLP offers deep learning capabilities for complex patterns, and K-NN delivers simplicity and adaptability for instance-based learning. Together, these methods can contribute to a comprehensive DDoS attack detection system using machine learning. There are two types of classification setups: binary and multi-class classification. Binary classification involves identifying traffic as either a DDoS attack or normal using the NSL-KDD dataset. Multi-class classification, on the other hand, distinguishes between various types of DDoS attacks (such as DoS, Probe, U2R, and Sybil) and normal traffic using the NSL-KDD dataset. Feature engineering is also involved in this experiment to convert the categorical features into numerical values for detecting DDoS attack. Our model's performance was effective compared to other machine learning methods. RF achieved the highest accuracy rates: 99.35% in binary classification and 97.71% in multi-class classification. K-NN followed with 99.15% in binary and 97.35% in multi-class classification, while MLP achieved 90.63% in binary and 84.33% in multi-class classification.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
All articles published in JIWE are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License. Readers are allowed to
- Share — copy and redistribute the material in any medium or format under the following conditions:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use;
- NonCommercial — You may not use the material for commercial purposes;
- NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.
References
Datasets, Canadian Institute for Cybersecurity, [Online]. Available: https://www.unb.ca/cic/datasets/index.html
A. N. Rimal and R. Praveen, “DDOS Attack Detection Using Machine Learning”, 2020. https://www.jetir.org/view?paper=JETIR2006031.
IBM, "Random Forest.” [Online]. Available: https://www.ibm.com/topics/random-forest.
T. A. Khan, R. Sadiq, Z. Shahid, M. M. Alam, and M. M. Su’ud, “Sentiment Analysis using Support Vector Machine and Random Forest,” Journal of Informatics and Web Engineering, vol. 3, no. 1, pp. 67–75, 2024, doi: 10.33093/jiwe.2024.3.1.5.
L. C. Wei-Jie, S.-C. Chong, and T.-S. Ong, “Masked face recognition with principal random forest convolutional neural network (PRFCNN),” Journal of Intelligent & Fuzzy Systems, vol. 43, no. 6, pp. 8371–8383, 2022, doi: 10.3233/jifs-220667.
H. Nurwarsito and M. F. Nadhif, “DDoS Attack Early Detection and Mitigation System on SDN using Random Forest Algorithm and Ryu Framework,” in Proc. 8th Int. Conf. Computer and Communication Engineering (ICCCE), 2021, pp. 178-183, doi: 10.1109/iccce50029.2021.9467167.
N. Mohapatra, K. Shreya, and A. Chinmay, “Optimization of the Random Forest Algorithm,” in Lecture notes on data engineering and communications technologies, 2020, pp. 201–208. doi: 10.1007/978-981-15-0978-0_19.
M. Alduailij, Q. W. Khan, M. Tahir, M. Sardaraz, M. Alduailij, and F. Malik, “Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method,” Symmetry, vol. 14, no. 6, p. 1095, 2022, doi: 10.3390/sym14061095.
T. S. Chu, W. Si, S. Simoff, and Q. V. Nguyen, “A Machine Learning Classification Model Using Random Forest for Detecting DDoS Attacks,” International Symposium on Networks, Computers and Communications (ISNCC), 2022, doi: 10.1109/isncc55209.2022.9851797.
J. Pei, Y. Chen, and W. Ji, “A DDoS Attack Detection Method Based on Machine Learning,” Journal of Physics Conference Series, vol. 1237, no. 3, p. 032040, 2019, doi: 10.1088/1742-6596/1237/3/032040.
T. E. Ali, Y.-W. Chong, and S. Manickam, “Machine Learning Techniques to Detect a DDoS Attack in SDN: A Systematic Review,” Applied Sciences, vol. 13, no. 5, p. 3183, 2023, doi: 10.3390/app13053183.
Scikit-learn, “Neural network models.” [Online]. Available: https://scikit-learn.org/stable/modules/neural_networks_supervised.html.
M. S. Christo, J. J. Menandas, M. George, and S. V. Nuna, DDoS Detection using Multilayer Perceptron, International Conference on Electronics and Sustainable Communication Systems (ICESC), India, 2023, pp. 688-693, doi: 10.1109/ICESC57686.2023.10193406. d
M. Wang, Y. Lu, and J. Qin, “A dynamic MLP-based DDoS attack detection method using feature selection and feedback,” Computers & Security, vol. 88, p. 101645, Oct. 2019, doi: 10.1016/j.cose.2019.101645.
IBM, “K-Nearest Neighbors (KNN).” [Online]. Available: https://www.ibm.com/topics/knn#:~:text=The%20k%2Dnearest%20neighbors%20(KNN,used%20in%20machine%20learning%20today.
G. G. Priya, S. H. Shriram, S. Jeeva, G. S. Priya, and K. Balasubadra, “Detection of Distributed Denial of Service (DDOS) Attack Using Logistic Regression and K Nearest Neighbor Algorithms,” International Journal of Intelligent Systems and Applications in Engineering, 12(16s), pp. 503–508. https://ijisae.org/index.php/IJISAE/article/view/4863
H. Polat, O. Polat, and A. Cetin, “Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models,” Sustainability, vol. 12, no. 3, p. 1035, 2020, doi: 10.3390/su12031035.
A. V. Kachavimath, S. V. Nazare and S. S. Akki, "Distributed Denial of Service Attack Detection using Naïve Bayes and K-Nearest Neighbor for Network Forensics," 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA), India, 2020, pp. 711-717, doi: 10.1109/ICIMIA48430.2020.9074929.
S. Dong and M. Sarem, “DDoS Attack Detection Method Based on Improved KNN With the Degree of DDoS Attack in Software-Defined Networks,” IEEE Access, vol. 8, pp. 5039–5048, 2019, doi: 10.1109/access.2019.2963077.
S. Ray, “Naive Bayes Classifier Explained: Applications and Practice Problems of Naive Bayes Classifier,” Analytics Vidhya, Aug. 23, 2024. https://www.analyticsvidhya.com/blog/2017/09/naive-bayes-explained/
A. Fadlil, I. Riadi, and S. Aji, “Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics,” Bulletin of Electrical Engineering and Informatics, vol. 6, no. 2, pp. 140–148, 2017, doi: 10.11591/eei.v6i2.605.
K. Kumari and M. Mrunalini, “Detecting Denial of Service attacks using machine learning algorithms,” Journal of Big Data, vol. 9, no. 1, 2022, doi: 10.1186/s40537-022-00616-0.
F. F. Setiadi, M. W. A. Kesiman, and K. Y. E. Aryanto, “Detection of dos attacks using naive bayes method based on internet of things (iot),” Journal of Physics Conference Series, vol. 1810, no. 1, p. 012013, 2021, doi: 10.1088/1742-6596/1810/1/012013.
R. F. Fouladi, C. E. Kayatas, and E. Anarim, "Frequency based DDoS attack detection approach using naive Bayes classification", International Conference on Telecommunications and Signal Processing (TSP), Austria, 2016, pp. 104-107, doi: 10.1109/TSP.2016.7760838.
G. Saporito, “A Deeper Dive into the NSL-KDD Data Set - Towards Data Science,” Medium, Jul. 13, 2023. [Online]. Available: https://towardsdatascience.com/a-deeper-dive-into-the-nsl-kdd-data-set-15c753364657
L. Chen, Y. Zhang, Q. Zhao, G. Geng, and Z. Yan, “Detection of DNS DDoS Attacks with Random Forest Algorithm on Spark,” Procedia Computer Science, vol. 134, pp. 310–315, 2018, doi: 10.1016/j.procs.2018.07.177.
M. S. Christo, J. J. Menandas, M. George, and S. V. Nuna, “DDoS Detection using Multilayer Perceptron,” International Conference of Electronics and Sustainable Communication Systems (ICESC), 2023, doi: 10.1109/icesc57686.2023.10193406.
Z. Ma and B. Li, “A DDoS attack detection method based on SVM and K-nearest neighbour in SDN environment,” International Journal of Computational Science and Engineering, vol. 23, no. 3, p. 224, Jan. 2020, doi: 10.1504/ijcse.2020.111431.