Detection of DDoS Attack and Classification Using a Hybrid Approach

In the area of cloud security, detection of DDoS attack is a challenging task such that legitimate users use the cloud resources properly. So in this paper, detection and classification of the attacking packets and normal packets are done by using various machine learning classifiers. We have selected the most relevant features from NSL KDD dataset using five (Information gain, gain ratio, chi-squared, ReliefF, and symmetrical uncertainty) commonly used feature selection methods. Now from the entire selected feature set, the most important features are selected by applying our hybrid feature selection method. Since all the anomalous instances of the dataset do not belong to DDoS category so we have separated only the DDoS packets from the dataset using the selected features. Finally, the dataset has been prepared and named as KDD DDoS dataset by considering the selected DDoS packets and normal packets. This KDD DDoS dataset has been discretized using discretize tool in weka for getting better performance. Finally, this discretize dataset has been applied on some commonly used (Naive Bayes, Bayes Net, Decision Table, J48 and Random Forest) classifiers for determining the detection rate of the classifiers. 10 fold cross validation has been used here for measuring the robustness of the system. To measure the efficiency of our hybrid feature selection method, we have also applied the same set of classifiers on the NSL KDD dataset, where it gives the best anomaly detection rate of 99.72% and average detection rate 98.47% similarly, we have applied the same set of classifiers on NSL DDoS dataset and obtain the average DDoS detection of 99.01% and the best DDoS detection rate of 99.86%. In order to compare the performance of our proposed hybrid method, we have also applied the existing feature selection methods and measured the detection rate using the same set of classifiers. Finally, we have seen that our hybrid approach for detecting the DDoS attack gives the best detection rate compared to some existing methods.

[1]  Priyanka Verma,et al.  Distributed Denial-of-Service Attack Detection and Mitigation Using Feature Selection and Intensive Care Request Processing Unit , 2017, Arabian Journal for Science and Engineering.

[2]  Abdelkader H. Ouda,et al.  Cloud-based DDoS attacks and defenses , 2013, International Conference on Information Society (i-Society 2013).

[3]  Ali Dehghantanha,et al.  Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing , 2016, EURASIP Journal on Wireless Communications and Networking.

[4]  Cherukuri Aswani Kumar,et al.  Intrusion detection model using fusion of chi-square feature selection and multi class SVM , 2017, J. King Saud Univ. Comput. Inf. Sci..

[5]  Kunwar Singh Vaisla,et al.  Improved Intrusion Detection in DDoS Applying Feature Selection Using Rank & Score of Attributes in KDD-99 Data Set , 2014, 2014 International Conference on Computational Intelligence and Communication Networks.

[6]  Kim-Kwang Raymond Choo,et al.  Distributed denial of service (DDoS) resilience in cloud: Review and conceptual cloud DDoS mitigation framework , 2016, J. Netw. Comput. Appl..

[7]  Neelam Sharma,et al.  INTRUSION DETECTION USING NAIVE BAYES CLASSIFIER WITH FEATURE REDUCTION , 2012 .

[8]  R. Vinodhini,et al.  Data Discretization Technique Using WEKA Tool , 2016 .

[9]  H. P. Vinutha,et al.  An Ensemble Classifier Approach on Different Feature Selection Methods for Intrusion Detection , 2018 .

[10]  Muna Al-Hawawreh,et al.  An anomaly-based approach for DDoS attack detection in cloud environment , 2018, Int. J. Comput. Appl. Technol..

[11]  Mohamad Yusof Darus,et al.  Detection and Defense Algorithms of Different Types of DDoS Attacks , 2018 .

[12]  M. Tech Controlling various network based ADoS Attacks in cloud computing environment: By Using Port Hopping Technique , 2013 .

[13]  Nashwa Abdelbaki,et al.  Cloud computing security: challenges and future trends , 2017, Int. J. Comput. Appl. Technol..

[14]  S. P. Shantharajah,et al.  A Study on NSL-KDD Dataset for Intrusion Detection System Based on Classification Algorithms , 2015 .

[15]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[16]  Julia Punitha Malar Dhas,et al.  SBS-SDN BASED SOLUTION FOR PREVENTING DDoS ATTACK IN CLOUD COMPUTING ENVIRONMENT , 2017 .

[17]  Tanmay De,et al.  Efficient Classification of DDoS Attacks Using an Ensemble Feature Selection Algorithm , 2017, J. Intell. Syst..

[18]  A. Malathi,et al.  A Detailed Analysis on NSL-KDD Dataset Using Various Machine Learning Techniques for Intrusion Detection , 2013 .

[19]  Mouhammd Alkasassbeh,et al.  An empirical evaluation for the intrusion detection features based on machine learning and feature selection methods , 2017, ArXiv.

[20]  Syed Zainudeen Mohd Said,et al.  A Subset Feature Elimination Mechanism for Intrusion Detection System , 2016 .