The hybrid technique for DDoS detection with supervised learning algorithms

Abstract Distributed denial of service (DDoS) is still one of the main threats of the online services. Attackers are able to run DDoS with simple steps and high efficiency in order to prevent or slow down users' access to services. In this paper, we propose a novel hybrid framework based on data stream approach for detecting DDoS attack with incremental learning. We use a technique which divides the computational load between client and proxy sides based on their resource to organize the task with high speed. Client side contains three steps, first is the data collecting of the client system, second is the feature extraction based on forward feature selection for each algorithm, and the divergence test. Consequently, if divergence got bigger than a threshold, the attack is detected otherwise data processed to the proxy side. We use the naive Bayes, random forest, decision tree, multilayer perceptron (MLP), and k-nearest neighbors (K-NN) on the proxy side to make better results. Different attacks have their specific behavior, and because of different selected features for each algorithm, the appropriate performance for detecting attacks and more ability to distinguish new attack types is achieved. The results show that the random forest produces better results among other mentioned algorithms.

[1]  Imam Riadi,et al.  Review of Detection DDOS Attack Detection Using Naive Bayes Classifier for Network Forensics , 2017 .

[2]  Nur Izura Udzir,et al.  Distributed Denial of Service detection using hybrid machine learning technique , 2014, 2014 International Symposium on Biometrics and Security Technologies (ISBAST).

[3]  B. B. Gupta,et al.  ANN Based Scheme to Predict Number of Zombies in a DDoS Attack , 2012, Int. J. Netw. Secur..

[4]  Qihui Wu,et al.  A survey of machine learning for big data processing , 2016, EURASIP Journal on Advances in Signal Processing.

[5]  Ghazi Al-Naymat,et al.  Detecting Distributed Denial of Service Attacks Using Data Mining Techniques , 2016 .

[6]  S. Mercy Shalinie,et al.  A survey of distributed denial of service attack , 2016, 2016 10th International Conference on Intelligent Systems and Control (ISCO).

[7]  Ali A. Ghorbani,et al.  A detailed analysis of the KDD CUP 99 data set , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[8]  Saman Taghavi Zargar,et al.  A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks , 2013, IEEE Communications Surveys & Tutorials.

[9]  Paul J Criscuolo,et al.  Distributed Denial of Service: Trin00, Tribe Flood Network, Tribe Flood Network 2000, and Stacheldraht CIAC-2319 , 2000 .

[10]  Raouf Boutaba,et al.  FireCol: A Collaborative Protection Network for the Detection of Flooding DDoS Attacks , 2012, IEEE/ACM Transactions on Networking.

[11]  Lidong Wang,et al.  Big Data Analytics for Network Intrusion Detection: A Survey , 2017 .

[12]  Karim Afdel,et al.  Semi-supervised machine learning approach for DDoS detection , 2018, Applied Intelligence.

[13]  S. Mercy Shalinie,et al.  DDAM: Detecting DDoS Attacks Using Machine Learning Approach , 2019 .

[14]  Manuel Mucientes,et al.  STAC: A web platform for the comparison of algorithms using statistical tests , 2015, 2015 IEEE International Conference on Fuzzy Systems (FUZZ-IEEE).

[15]  Vyas Sekar,et al.  LADS: Large-scale Automated DDoS Detection System , 2006, USENIX Annual Technical Conference, General Track.

[16]  Yunhao Liu,et al.  Big Data: A Survey , 2014, Mob. Networks Appl..

[17]  Vincent Lemaire,et al.  A Survey on Supervised Classification on Data Streams , 2014, eBISS.

[18]  Ian H. Witten,et al.  Data mining: practical machine learning tools and techniques, 3rd Edition , 1999 .

[19]  Michael I. Jordan,et al.  Machine learning: Trends, perspectives, and prospects , 2015, Science.

[20]  Zhetao Li,et al.  Machine-Learning-Based Online Distributed Denial-of-Service Attack Detection Using Spark Streaming , 2018, 2018 IEEE International Conference on Communications (ICC).

[21]  Erhan Guven,et al.  A Survey of Data Mining and Machine Learning Methods for Cyber Security Intrusion Detection , 2016, IEEE Communications Surveys & Tutorials.

[22]  Maurizio Vichi,et al.  Studies in Classification Data Analysis and knowledge Organization , 2011 .

[23]  Jorma Rissanen,et al.  MDL-Based Decision Tree Pruning , 1995, KDD.

[24]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[25]  K. Venugopal Rao,et al.  DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey , 2014 .

[26]  Dmitry Namiot,et al.  On Big Data Stream Processing , 2015 .

[27]  Farouk Kamoun,et al.  Joint Entropy Analysis Model for DDoS Attack Detection , 2009, 2009 Fifth International Conference on Information Assurance and Security.

[28]  Mohamad Yusof Darus,et al.  Detection and Defense Algorithms of Different Types of DDoS Attacks Using Machine Learning , 2017 .

[29]  Bharti Nagpal,et al.  DDoS tools: Classification, analysis and comparison , 2015, 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom).

[30]  Zhiyang Li,et al.  Detecting DDoS attacks against data center with correlation analysis , 2015, Comput. Commun..

[31]  Sunny Behal,et al.  D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events , 2018, J. Netw. Comput. Appl..