A Feature Analysis Based Identifying Scheme Using GBDT for DDoS with Multiple Attack Vectors

In recent years, distributed denial of service (DDoS) attacks have increasingly shown the trend of multiattack vector composites, which has significantly improved the concealment and success rate of DDoS attacks. Therefore, improving the ubiquitous detection capability of DDoS attacks and accurately and quickly identifying DDoS attack traffic play an important role in later attack mitigation. This paper proposes a method to efficiently detect and identify multivector DDoS attacks. The detection algorithm is applicable to known and unknown DDoS attacks.

[1]  Farrukh Aslam Khan,et al.  A hybrid technique using binary particle swarm optimization and decision tree pruning for network intrusion detection , 2018, Cluster Computing.

[2]  J. Friedman Greedy function approximation: A gradient boosting machine. , 2001 .

[3]  K. Sundarakantham,et al.  Detecting DDoS attacks using decision tree algorithm , 2017, 2017 Fourth International Conference on Signal Processing, Communication and Networking (ICSCN).

[4]  Muhammad Sher,et al.  Flow-based intrusion detection: Techniques and challenges , 2017, Comput. Secur..

[5]  Ali Selamat,et al.  Adaptive feature selection for denial of services (DoS) attack , 2017, 2017 IEEE Conference on Application, Information and Network Security (AINS).

[6]  I. Sumaiya Thaseen,et al.  Intrusion Detection Model Using Chi Square Feature Selection and Modified Naïve Bayes Classifier , 2016 .

[7]  Sunny Behal,et al.  Characterizing DDoS attacks and flash events: Review, research gaps and future directions , 2017, Comput. Sci. Rev..

[8]  Gabriel Maciá-Fernández,et al.  Hierarchical PCA-based multivariate statistical network monitoring for anomaly detection , 2016, 2016 IEEE International Workshop on Information Forensics and Security (WIFS).

[9]  Paola Zuccolotto,et al.  Variable Selection Using Random Forests , 2006 .

[10]  Xiangji Huang,et al.  Mining network data for intrusion detection through combining SVMs with ant colony networks , 2014, Future Gener. Comput. Syst..

[11]  Ming-Yang Su,et al.  Real-time anomaly detection systems for Denial-of-Service attacks by weighted k-nearest-neighbor classifiers , 2011, Expert Syst. Appl..

[12]  Jie Gu,et al.  An effective intrusion detection framework based on SVM with feature augmentation , 2017, Knowl. Based Syst..

[13]  Balasubramanian Raman,et al.  Anomaly based intrusion detection using filter based feature selection on KDD-CUP 99 , 2017, TENCON 2017 - 2017 IEEE Region 10 Conference.

[14]  Maria Papadaki,et al.  A preliminary two-stage alarm correlation and filtering system using SOM neural network and K-means algorithm , 2010, Comput. Secur..

[15]  Kwangjo Kim,et al.  Machine-Learning-Based Feature Selection Techniques for Large-Scale Network Intrusion Detection , 2014, 2014 IEEE 34th International Conference on Distributed Computing Systems Workshops (ICDCSW).

[16]  Jian Zhu,et al.  SD-Anti-DDoS: Fast and efficient DDoS defense in software-defined networks , 2016, J. Netw. Comput. Appl..

[17]  Wei Wang,et al.  Efficient detection of DDoS attacks with important attributes , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[18]  Siyang Zhang,et al.  A novel hybrid KPCA and SVM with GA model for intrusion detection , 2014, Appl. Soft Comput..

[19]  Liang Lu,et al.  Feature Selection for Machine Learning-Based Early Detection of Distributed Cyber Attacks , 2018, 2018 IEEE 16th Intl Conf on Dependable, Autonomic and Secure Computing, 16th Intl Conf on Pervasive Intelligence and Computing, 4th Intl Conf on Big Data Intelligence and Computing and Cyber Science and Technology Congress(DASC/PiCom/DataCom/CyberSciTech).

[20]  Eşref Adalı,et al.  A feature selection algorithm for IDS , 2017, 2017 International Conference on Computer Science and Engineering (UBMK).

[21]  Yinhui Li,et al.  An efficient intrusion detection system based on support vector machines and gradually feature removal method , 2012, Expert Syst. Appl..

[22]  Daxin Tian,et al.  A Novel Intrusion Detection System Based on Advanced Naive Bayesian Classification , 2017, 5GWN.

[23]  Jugal K. Kalita,et al.  Detecting Distributed Denial of Service Attacks: Methods, Tools and Future Directions , 2014, Comput. J..

[24]  XingHuanlai,et al.  SD-Anti-DDoS , 2016 .

[25]  D. P. Gaikwad,et al.  K-Nearest Neighbor and Boundary Cutting Algorithm for Intrusion Detection System , 2016 .

[26]  Chao Wang,et al.  DDoS Attack Detection Using Flow Entropy and Clustering Technique , 2015, 2015 11th International Conference on Computational Intelligence and Security (CIS).

[27]  Nasser Yazdani,et al.  Mutual information-based feature selection for intrusion detection systems , 2011, J. Netw. Comput. Appl..

[28]  Puja Padiya,et al.  Feature Selection Based Hybrid Anomaly Intrusion Detection System Using K Means and RBF Kernel Function , 2015 .

[29]  Mohamed Rida,et al.  A novel architecture combined with optimal parameters for back propagation neural networks applied to anomaly network intrusion detection , 2018, Comput. Secur..

[30]  Yang Li,et al.  Building lightweight intrusion detection system using wrapper-based feature selection mechanisms , 2009, Comput. Secur..

[31]  Myung-Sup Kim,et al.  Traffic Flooding Attack Detection on SNMP MIB Using SVM , 2008 .

[32]  Stefan C. Kremer,et al.  Network intrusion detection system based on recursive feature addition and bigram technique , 2018, Comput. Secur..

[33]  Said El Kafhali,et al.  DDoS attack detection using machine learning techniques in cloud computing environments , 2017, 2017 3rd International Conference of Cloud Computing Technologies and Applications (CloudTech).

[34]  Michel Dagenais,et al.  An SVM-based framework for detecting DoS attacks in virtualized clouds under changing environment , 2018, Journal of Cloud Computing.

[35]  Wathiq Laftah Al-Yaseen,et al.  Multi-level hybrid support vector machine and extreme learning machine based on modified K-means for intrusion detection system , 2017, Expert Syst. Appl..

[36]  Chaouki Khammassi,et al.  A GA-LR wrapper approach for feature selection in network intrusion detection , 2017, Comput. Secur..

[37]  Mark Crovella,et al.  Diagnosing network-wide traffic anomalies , 2004, SIGCOMM '04.

[38]  Gang Wang,et al.  Detecting TCP-Based DDoS Attacks in Baidu Cloud Computing Data Centers , 2017, 2017 IEEE 36th Symposium on Reliable Distributed Systems (SRDS).

[39]  Mohammad Sohel Rahman,et al.  A Random Forest based predictor for medical data classification using feature ranking , 2019, Informatics in Medicine Unlocked.

[40]  Aboul Ella Hassanien,et al.  Comparison of classification techniques applied for network intrusion detection and classification , 2017, J. Appl. Log..

[41]  Jean-Michel Poggi,et al.  Variable selection using random forests , 2010, Pattern Recognit. Lett..

[42]  Baojiang Cui,et al.  Multi-layer Anomaly Detection for Internet Traffic Based on Data Mining , 2015, 2015 9th International Conference on Innovative Mobile and Internet Services in Ubiquitous Computing.

[43]  Kensuke Fukuda,et al.  A taxonomy of anomalies in backbone network traffic , 2014, 2014 International Wireless Communications and Mobile Computing Conference (IWCMC).

[44]  R. Vijayanand,et al.  Intrusion detection system for wireless mesh network using multiple support vector machine classifiers with genetic-algorithm-based feature selection , 2018, Comput. Secur..