DDoS Intrusion Detection Through Machine Learning Ensemble

Distributed Denial of Service (DDoS) attacks have been the prominent attacks over the last decade. A Network Intrusion Detection System (NIDS) should seamlessly configure to fight against these attackers' new approaches and patterns of DDoS attack. In this paper, we propose a NIDS which can detect existing as well as new types of DDoS attacks. The key feature of our NIDS is that it combines different classifiers using ensemble models, with the idea that each classifier can target specific aspects/types of intrusions, and in doing so provides a more robust defense mechanism against new intrusions. Further, we perform a detailed analysis of DDoS attacks, and based on this domain-knowledge verify the reduced feature set [27, 28] to significantly improve accuracy. We experiment with and analyze NSL-KDD dataset with reduced feature set and our proposed NIDS can detect 99.1% of DDoS attacks successfully. We compare our results with other existing approaches. Our NIDS approach has the learning capability to keep up with new and emerging DDoS attack patterns.

[1]  Dan Wang,et al.  An Effective Feature Selection Approach for Network Intrusion Detection , 2013, 2013 IEEE Eighth International Conference on Networking, Architecture and Storage.

[2]  Xiaohong Huang,et al.  A DDoS Attack Detection Method Based on Hybrid Heterogeneous Multiclassifier Ensemble Learning , 2017, J. Electr. Comput. Eng..

[3]  Gabriel Maciá-Fernández,et al.  Anomaly-based network intrusion detection: Techniques, systems and challenges , 2009, Comput. Secur..

[4]  Ali Borji,et al.  Combining Heterogeneous Classifiers for Network Intrusion Detection , 2007, ASIAN.

[5]  Ian H. Witten,et al.  WEKA: a machine learning workbench , 1994, Proceedings of ANZIIS '94 - Australian New Zealnd Intelligent Information Systems Conference.

[6]  Mamun Bin Ibne Reaz,et al.  A survey of intrusion detection systems based on ensemble and hybrid classifiers , 2017, Comput. Secur..

[7]  Noureldien A. Noureldien,et al.  Accuracy of Machine Learning Algorithms in Detecting DoS Attacks Types , 2016 .

[8]  Andrew H. Sung,et al.  Intrusion detection using an ensemble of intelligent paradigms , 2005, J. Netw. Comput. Appl..

[9]  Stefan Axelsson,et al.  Intrusion Detection Systems: A Survey and Taxonomy , 2002 .

[10]  Faisal Muhammad Shah,et al.  An ensemble framework of anomaly detection using hybridized feature selection approach (HFSA) , 2015, 2015 SAI Intelligent Systems Conference (IntelliSys).

[11]  Ravindra C. Thool,et al.  Intrusion Detection System Using Bagging Ensemble Method of Machine Learning , 2015, 2015 International Conference on Computing Communication Control and Automation.

[12]  D. S. Yeung,et al.  Comparison of different fusion approaches for network intrusion detection using ensemble of RBFNN , 2005, 2005 International Conference on Machine Learning and Cybernetics.

[13]  R. Anitha,et al.  Evaluating Machine Learning Algorithms for Detecting DDoS Attacks , 2011 .

[14]  Seemab Latif,et al.  Handling intrusion and DDoS attacks in Software Defined Networks using machine learning techniques , 2014, 2014 National Software Engineering Conference.

[15]  Saikat Das,et al.  CoRuM: Collaborative Runtime Monitor Framework for Application Security , 2018, 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion).

[16]  Thomas G. Dietterich Multiple Classifier Systems , 2000, Lecture Notes in Computer Science.

[17]  Sara Matzner,et al.  An application of machine learning to network intrusion detection , 1999, Proceedings 15th Annual Computer Security Applications Conference (ACSAC'99).

[18]  Todd L. Heberlein,et al.  Network intrusion detection , 1994, IEEE Network.

[19]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[20]  Sajjan G. Shiva,et al.  Comparative Analysis of ML Classifiers for Network Intrusion Detection , 2019, ICICT.

[21]  Eleazar Eskin,et al.  Anomaly Detection over Noisy Data using Learned Probability Distributions , 2000, ICML.

[22]  Gary B. Wills,et al.  Application of Bagging, Boosting and Stacking to Intrusion Detection , 2012, MLDM.

[23]  Chou-Yuan Lee,et al.  An intelligent algorithm with feature selection and decision rules applied to anomaly intrusion detection , 2012, Appl. Soft Comput..

[24]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP Journal on Wireless Communications and Networking.

[25]  Pedro Casas,et al.  Ensemble-learning Approaches for Network Security and Anomaly Detection , 2017, Big-DAMA@SIGCOMM.

[26]  Adetunmbi A. Olusola,et al.  Analysis of KDD '99 Intrusion Detection Dataset for Selection of Relevance Features , 2010 .