Semi-Supervised K-Means DDoS Detection Method Using Hybrid Feature Selection Algorithm

Distributed denial of service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Therefore, it is necessary to propose an effective method to detect DDoS attack from massive data traffics. However, the existing schemes have some limitations, including that supervised learning methods, need large numbers of labeled data and unsupervised learning algorithms have relatively low detection rate and high false positive rate. In order to tackle these issues, this paper presents a semi-supervised weighted k-means detection method. Specifically, we firstly present a Hadoop-based hybrid feature selection algorithm to find the most effective feature sets and propose an improved density-based initial cluster centers selection algorithm to solve the problem of outliers and local optimal. Then, we provide the Semi-supervised K-means algorithm using hybrid feature selection (SKM-HFS) to detect attacks. Finally, we exploit DARPA DDoS dataset, CAIDA “DDoS attack 2007” dataset, CICIDS “DDoS attack 2017” dataset and real-world dataset to carry out the verification experiment. The experiment results have demonstrated that the proposed method outperforms the benchmark in the respect of detection performance and technique for order preference by similarity to an ideal solution (TOPSIS) evaluation factor.

[1]  Wesam Bhaya,et al.  DDoS attack detection approach using an efficient cluster analysis in large data scale , 2017, 2017 Annual Conference on New Trends in Information & Communications Technology Applications (NTICT).

[2]  Ebrahim A. Gharavol,et al.  A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks , 2016, IEEE Communications Letters.

[3]  Yonghong Chen,et al.  DDoS Detection Method Based on Chaos Analysis of Network Traffic Entropy , 2014, IEEE Communications Letters.

[4]  Wei Guo,et al.  Flow Correlation Degree Optimization Driven Random Forest for Detecting DDoS Attacks in Cloud Computing , 2018, Secur. Commun. Networks.

[5]  Yonghong Chen,et al.  Validation of Chaos Hypothesis in NADA and Improved DDoS Detection Algorithm , 2013, IEEE Communications Letters.

[6]  Dhruba Kumar Bhattacharyya,et al.  Real-time DDoS attack detection using FPGA , 2017, Comput. Commun..

[7]  Jianping Yin,et al.  Detecting DDoS attacks using conditional entropy , 2010, 2010 International Conference on Computer Application and System Modeling (ICCASM 2010).

[8]  Yi Lin,et al.  Preventing DDoS attacks by identifier/locator separation , 2013, IEEE Network.

[9]  T. Gnanasekaran,et al.  Adaptive IP traceback mechanism for detecting low rate DDoS attacks , 2013, 2013 IEEE International Conference ON Emerging Trends in Computing, Communication and Nanotechnology (ICECCN).

[10]  John Yearwood,et al.  Adaptive Clustering with Feature Ranking for DDoS Attacks Detection , 2010, 2010 Fourth International Conference on Network and System Security.

[11]  Sunny Behal,et al.  Detection of DDoS attacks and flash events using novel information theory metrics , 2017, Comput. Networks.

[12]  Frédéric Cuppens,et al.  Detecting Known and Novel Network Intrusions , 2006, SEC.

[13]  Tomasz Andrysiak,et al.  DDoS Attacks Detection by Means of Greedy Algorithms , 2012, IP&C.

[14]  Tanmay De,et al.  Detection of DDoS DNS Amplification Attack Using Classification Algorithm , 2016, ICIA.

[15]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[16]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP Journal on Wireless Communications and Networking.

[17]  H. M. Nehi,et al.  A complex method based on TOPSIS and Choquet integral to solve multi attribute group decision making problems with interval type-2 fuzzy numbers , 2015, 2015 4th Iranian Joint Congress on Fuzzy and Intelligent Systems (CFIS).

[18]  Sunny Behal,et al.  Detection of DDoS attacks and flash events using information theory metrics-An empirical investigation , 2017, Comput. Commun..

[19]  Xiaoguo Liu,et al.  Application research of improved K-means algorithm in intrusion detection , 2015, ICCSE 2015.

[20]  Mark Crovella,et al.  Mining anomalies using traffic feature distributions , 2005, SIGCOMM '05.

[21]  Safaa O. Al-mamory,et al.  A modified DBSCAN clustering algorithm for proactive detection of DDoS attacks , 2017, 2017 Annual Conference on New Trends in Information & Communications Technology Applications (NTICT).

[22]  Chao Wang,et al.  DDoS Attack Detection Using Flow Entropy and Clustering Technique , 2015, 2015 11th International Conference on Computational Intelligence and Security (CIS).

[23]  Jin Li,et al.  DDoS attack detection based on neural network , 2010, 2010 2nd International Symposium on Aware Computing.

[24]  Tanmay De,et al.  Distributed denial of service attack detection using Naive Bayes Classifier through Info Gain Feature Selection , 2016, ICIA.

[25]  Rajagopalan Vijayasarathy,et al.  A system approach to network modeling for DDoS detection using a Naìve Bayesian classifier , 2011, 2011 Third International Conference on Communication Systems and Networks (COMSNETS 2011).

[26]  Krishan Kumar,et al.  A comprehensive approach to discriminate DDoS attacks from flash events , 2016, J. Inf. Secur. Appl..

[27]  N Hoque,et al.  Denial of Service Attack Detection using Multivariate Correlation Analysis , 2016, ICTCS.

[28]  Yongsun Choi,et al.  Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework , 2010 .

[29]  Yudha Purwanto,et al.  DDoS detection using modified K-means clustering with chain initialization over landmark window , 2015, 2015 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC).

[30]  Khelchandra Thongam,et al.  Entropy-Based Application Layer DDoS Attack Detection Using Artificial Neural Networks , 2016, Entropy.

[31]  Guo Li-j The Research of Application Layer DDoS Attack Detection based the Model of Human Access , 2014 .

[32]  A. Nur Zincir-Heywood,et al.  Supervised learning to detect DDoS attacks , 2014, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS).

[33]  S. Selvakumar,et al.  Distributed denial of service attack detection using an ensemble of neural classifier , 2011, Comput. Commun..

[34]  Wanlei Zhou,et al.  Chaos theory based detection against network mimicking DDoS attacks , 2009, IEEE Communications Letters.

[35]  Jie Yu,et al.  A Detection and Offense Mechanism to Defend Against Application Layer DDoS Attacks , 2007, International Conference on Networking and Services (ICNS '07).

[36]  Ali Selamat,et al.  Adaptive feature selection for denial of services (DoS) attack , 2017, 2017 IEEE Conference on Application, Information and Network Security (AINS).

[37]  V. Srihari,et al.  DDoS Detection System Using Wavelet Features and Semi-supervised Learning , 2014, SSCC.

[38]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[39]  Tao Ban,et al.  Detection of DDoS Backscatter Based on Traffic Features of Darknet TCP Packets , 2014, 2014 Ninth Asia Joint Conference on Information Security.

[40]  Malcolm I. Heywood,et al.  Feature selection for robust backscatter DDoS detection , 2015, 2015 IEEE 40th Local Computer Networks Conference Workshops (LCN Workshops).