Evaluating Machine Learning Algorithms for Detecting DDoS Attacks

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection of the attack and the proper response mechanisms are urgent. Signature based DDoS detection systems cannot detect new attacks. Current anomaly based detection systems are also unable to detect all kinds of new attacks, because they are designed to restricted applications on limited environments. However, existing security mechanisms do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method. Also lot of research work has been done in detecting the attacks using machine learning techniques. Still what are the relevant features and which technique will be more suitable one for the attack detection is an open question. In this paper, we use the chi-square and Information gain feature selection mechanisms for selecting the important attributes. With the selected attributes, various machine learning models, like Navies Bayes, C4.5, SVM, KNN, K-means and Fuzzy c-means clustering are developed for efficient detection of DDoS attacks. Then our experimental results show that Fuzzy c-means clustering gives better accuracy in identifying the attacks.

[1]  Shi Ying,et al.  Frontiers in Algorithmics , 2010, Lecture Notes in Computer Science.

[2]  Manas Ranjan Patra,et al.  EVALUATING MACHINE LEARNING ALGORITHMS FOR DETECTING NETWORK INTRUSIONS , 2009 .

[3]  Peyman Kabiri,et al.  Identification of effective network features for probing attack detection , 2009, 2009 First International Conference on Networked Digital Technologies.

[4]  Laurence T. Yang,et al.  Embedded and Ubiquitous Computing - EUC 2005 Workshops, EUC 2005 Workshops: UISW, NCUS, SecUbiq, USN, and TAUES, Nagasaki, Japan, December 6-9, 2005, Proceedings , 2005, EUC Workshops.

[5]  Daniel S. Yeung,et al.  A covariance analysis model for DDoS attack detection , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[6]  Dake He,et al.  DDoS Attack Detection Based on RLT Features , 2007 .

[7]  Wei Wang,et al.  Efficient detection of DDoS attacks with important attributes , 2008, 2008 Third International Conference on Risks and Security of Internet and Systems.

[8]  Guojun Gan,et al.  Data Clustering Algorithms , 2011 .

[9]  Ed Dawson,et al.  An Investigation into the Detection and Mitigation of Denial of Service (DoS) Attacks , 2011 .

[10]  E. Mizutani,et al.  Neuro-Fuzzy and Soft Computing-A Computational Approach to Learning and Machine Intelligence [Book Review] , 1997, IEEE Transactions on Automatic Control.

[11]  Vamsi Paruchuri,et al.  TTL Based Packet Marking for IP Traceback , 2008, IEEE GLOBECOM 2008 - 2008 IEEE Global Telecommunications Conference.

[12]  M. N. Masrek,et al.  Comparison of Machine Learning algorithms performance in detecting network intrusion , 2010, 2010 International Conference on Networking and Information Technology.

[13]  Sushil Jajodia,et al.  Applications of Data Mining in Computer Security , 2002, Advances in Information Security.

[14]  Mihui Kim,et al.  A Combined Data Mining Approach for DDoS Attack Detection , 2004, ICOIN.

[15]  Salvatore J. Stolfo,et al.  A Geometric Framework for Unsupervised Anomaly Detection , 2002, Applications of Data Mining in Computer Security.

[16]  Ki Hoon Kwon,et al.  DDoS attack detection method using cluster analysis , 2008, Expert Syst. Appl..

[17]  Yongsun Choi,et al.  Proactive Detection of DDoS Attacks Utilizing k-NN Classifier in an Anti-DDos Framework , 2010 .

[18]  Vladimir N. Vapnik,et al.  The Nature of Statistical Learning Theory , 2000, Statistics for Engineering and Information Science.

[19]  Tu Xu,et al.  Detecting DDOS Attack Based on One-Way Connection Density , 2006, 2006 10th IEEE Singapore International Conference on Communication Systems.

[20]  Xin Lin,et al.  A Novel Trust Community Based on Direct Certifying for Pervasive Computing Systems , 2007 .

[21]  Jung-Taek Seo,et al.  A New DDoS Detection Model Using Multiple SVMs and TRA , 2005, EUC Workshops.

[22]  Dong Seong Kim,et al.  Network-Based Intrusion Detection with Support Vector Machines , 2003, ICOIN.

[23]  Peyman Kabiri,et al.  Category-Based Selection of Effective Parameters for Intrusion Detection , 2009 .

[24]  Eleazar Eskin,et al.  A GEOMETRIC FRAMEWORK FOR UNSUPERVISED ANOMALY DETECTION: DETECTING INTRUSIONS IN UNLABELED DATA , 2002 .

[25]  Jian Yuan,et al.  Monitoring the macroscopic effect of DDoS flooding attacks , 2005, IEEE Transactions on Dependable and Secure Computing.

[26]  Clifford A. Lynch,et al.  Information Networking , 1994 .

[27]  Jianping Yin,et al.  DDoS Attack Detection Algorithm Using IP Address Features , 2009, FAW.