Critical review of machine learning approaches to apply big data analytics in DDoS forensics

Distributed Denial of Service (DDoS) attacks are becoming more frequent and easier to execute. The sharp increase in network traffic presents challenges to conduct DDoS forensics. Despite different tools being developed, few take into account of the increase in network traffic. This research aims to recommend the best learning model for DDoS forensics. To this extend, the paper reviewed different literature to understand the challenges and opportunities of employing big data in DDoS forensics. Multiple simulations were carried out to compare the performance of different models. Two data mining tools WEKA and H2O were used to implement both supervised and unsupervised learning models. The training and testing of the models made use of intrusion dataset from oN-Line System - Knowledge Discovery & Data mining (NSL-KDD). The models are then evaluated according to their efficiency and accuracy. Overall, result shows that supervised learning algorithms perform better than unsupervised learning algorithms. It was found that Naïve Bayes, Gradient Boosting Machine and Distributed Random Forest are the most suitable model for DDoS detection because of its accuracy and time taken to train. Both Gradient Boosting Machine and Distributed Random Forest were further investigated to determine the parameters that can yield better accuracy. Future research can be extended by installing different DDoS detection models in an actual environment and compare their performances in actual attacks.

[1]  Gürsel Serpen,et al.  Application of Machine Learning Algorithms to KDD Intrusion Detection Dataset within Misuse Detection Context , 2003, MLMTA.

[2]  Oluwasola Mary Adedayo Big data and digital forensics , 2016, 2016 IEEE International Conference on Cybercrime and Computer Forensic (ICCCF).

[3]  Kotagiri Ramamohanarao,et al.  Survey of network-based defense mechanisms countering the DoS and DDoS problems , 2007, CSUR.

[4]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[5]  Deokjai Choi,et al.  Application of Data Mining to Network Intrusion Detection: Classifier Selection Model , 2008, APNOMS.

[6]  B. B. Gupta,et al.  ANN Based Scheme to Predict Number of Zombies in a DDoS Attack , 2012, Int. J. Netw. Secur..

[7]  Youngseok Lee,et al.  Toward scalable internet traffic measurement and analysis with Hadoop , 2013, CCRV.

[8]  Darren Anstee Preparing for tomorrow's threat landscape , 2015, Netw. Secur..

[9]  Shams Zawoad,et al.  Digital Forensics in the Age of Big Data: Challenges, Approaches, and Opportunities , 2015, 2015 IEEE 17th International Conference on High Performance Computing and Communications, 2015 IEEE 7th International Symposium on Cyberspace Safety and Security, and 2015 IEEE 12th International Conference on Embedded Software and Systems.

[10]  Ilkyeun Ra,et al.  An efficient and reliable DDoS attack detection using a fast entropy computation method , 2009, 2009 9th International Symposium on Communications and Information Technology.

[11]  Aikaterini Mitrokotsa,et al.  DDoS attacks and defense mechanisms: classification and state-of-the-art , 2004, Comput. Networks.

[12]  Eric R. Ziegel,et al.  The Elements of Statistical Learning , 2003, Technometrics.

[13]  M. N. Masrek,et al.  Comparison of Machine Learning algorithms performance in detecting network intrusion , 2010, 2010 International Conference on Networking and Information Technology.

[14]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[15]  K. Venugopal Rao,et al.  DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey , 2014 .

[16]  Rana Khattak,et al.  DOFUR: DDoS Forensics Using MapReduce , 2011, 2011 Frontiers of Information Technology.

[17]  Jin Huang Performance measures of machine learning , 2006 .

[18]  Noureldien A. Noureldien,et al.  Accuracy of Machine Learning Algorithms in Detecting DoS Attacks Types , 2016 .