A robust ensemble of neuro-fuzzy classifiers for DDoS attack detection

Recent studies show that Distributed Denial of Service (DDoS) attacks play an important role in the security of computers because they can decrease the efficiency of victim resources within a short period of time. In this paper, an innovative ensemble of Sugeno type adaptive neuro-fuzzy classifiers has been proposed for attack detection using an effective boosting technique named Marliboost. Detection accuracy and false positive alarms are two measurements used to evaluate the performance of the proposed technique. Experimental results on the optimized randomly selected subset of NSL-KDD confirm that the proposed ensemble of classifiers has higher detection accuracy (96%) in comparison with the other widely used machine learning techniques. Moreover, false positive alarms have been greatly reduced by applying the presented technique.

[1]  Darragh O'Brien,et al.  Machine Learning for Automatic Defence Against Distributed Denial of Service Attacks , 2007, 2007 IEEE International Conference on Communications.

[2]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1997, EuroCOLT.

[3]  Yongsun Choi,et al.  Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework , 2010 .

[4]  Thomas G. Dietterich What is machine learning? , 2020, Archives of Disease in Childhood.

[5]  Ali A. Ghorbani,et al.  Network Intrusion Detection and Prevention - Concepts and Techniques , 2010, Advances in Information Security.

[6]  R. Schapire The Strength of Weak Learnability , 1990, Machine Learning.

[7]  George Kesidis,et al.  Denial-of-service attack-detection techniques , 2006, IEEE Internet Computing.

[8]  Yoav Freund,et al.  A decision-theoretic generalization of on-line learning and an application to boosting , 1995, EuroCOLT.

[9]  Asif Ekbal Improvement of Prediction Accuracy Using Discretization and Voting Classifier , 2006, 18th International Conference on Pattern Recognition (ICPR'06).

[10]  Leo Breiman,et al.  Bagging Predictors , 1996, Machine Learning.

[11]  S. Selvakumar,et al.  Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems , 2013, Comput. Commun..

[12]  John McHugh,et al.  Testing Intrusion detection systems: a critique of the 1998 and 1999 DARPA intrusion detection system evaluations as performed by Lincoln Laboratory , 2000, TSEC.

[13]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[14]  Vern Paxson,et al.  Outside the Closed World: On Using Machine Learning for Network Intrusion Detection , 2010, 2010 IEEE Symposium on Security and Privacy.