Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy

Distributed Denial of Service (DDoS) attack is a menace to network security that aims at exhausting the target networks with malicious traffic. Although many statistical methods have been designed for DDoS attack detection, designing a real-time detector with low computational overhead is still one of the main concerns. On the other hand, the evaluation of new detection algorithms and techniques heavily relies on the existence of well-designed datasets. In this paper, first, we review the existing datasets comprehensively and propose a new taxonomy for DDoS attacks. Secondly, we generate a new dataset, namely CICDDoS2019, which remedies all current shortcomings. Thirdly, using the generated dataset, we propose a new detection and family classificaiton approach based on a set of network flow features. Finally, we provide the most important feature sets to detect different types of DDoS attacks with their corresponding weights.

[1]  Paramvir Singh,et al.  Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges , 2017, Comput. Secur..

[2]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[3]  Mohammad Masdari,et al.  A survey and taxonomy of DoS attacks in cloud computing , 2016, Secur. Commun. Networks.

[4]  Tanmay De,et al.  An Approach of DDOS Attack Detection Using Classifiers , 2015 .

[5]  S. Mercy Shalinie,et al.  Detection of DDoS attacks using Enhanced Support Vector Machines with real time generated dataset , 2011, 2011 Third International Conference on Advanced Computing.

[6]  K. Venugopal Rao,et al.  DoS and DDoS Attacks: Defense, Detection and Traceback Mechanisms - A Survey , 2014 .

[7]  Abbass Asosheh,et al.  A comprehensive taxonomy of DDOS attacks and defense mechanism applying in a smart classification , 2008 .

[8]  Anil Somayaji,et al.  Analysis of the 1999 DARPA/Lincoln Laboratory IDS evaluation data with NetADHICT , 2009, 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications.

[9]  J. Ross Quinlan,et al.  Induction of Decision Trees , 1986, Machine Learning.

[10]  Vinay Avasthi,et al.  DDoS attacks, new DDoS taxonomy and mitigation solutions — A survey , 2016, 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES).

[11]  Ali A. Ghorbani,et al.  Toward developing a systematic approach to generate benchmark datasets for intrusion detection , 2012, Comput. Secur..

[12]  Ali A. Ghorbani,et al.  Characterization of Tor Traffic using Time based Features , 2017, ICISSP.

[13]  Song Guo,et al.  Discriminating DDoS Attacks from Flash Crowds Using Flow Correlation Coefficient , 2012, IEEE Transactions on Parallel and Distributed Systems.

[14]  Daniel S. Yeung,et al.  A covariance analysis model for DDoS attack detection , 2004, 2004 IEEE International Conference on Communications (IEEE Cat. No.04CH37577).

[15]  Ali A. Ghorbani,et al.  Towards a Reliable Intrusion Detection Benchmark Dataset , 2017 .

[16]  Leo Breiman,et al.  Random Forests , 2001, Machine Learning.