Detection of DDoS Attack and Classification Using a Hybrid Approach

2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP) Pub Date : 2020-02-01 DOI:10.1109/ISEA-ISAP49340.2020.234999

Suman Nandi, S. Phadikar, K. Majumder

{"title":"Detection of DDoS Attack and Classification Using a Hybrid Approach","authors":"Suman Nandi, S. Phadikar, K. Majumder","doi":"10.1109/ISEA-ISAP49340.2020.234999","DOIUrl":null,"url":null,"abstract":"In the area of cloud security, detection of DDoS attack is a challenging task such that legitimate users use the cloud resources properly. So in this paper, detection and classification of the attacking packets and normal packets are done by using various machine learning classifiers. We have selected the most relevant features from NSL KDD dataset using five (Information gain, gain ratio, chi-squared, ReliefF, and symmetrical uncertainty) commonly used feature selection methods. Now from the entire selected feature set, the most important features are selected by applying our hybrid feature selection method. Since all the anomalous instances of the dataset do not belong to DDoS category so we have separated only the DDoS packets from the dataset using the selected features. Finally, the dataset has been prepared and named as KDD DDoS dataset by considering the selected DDoS packets and normal packets. This KDD DDoS dataset has been discretized using discretize tool in weka for getting better performance. Finally, this discretize dataset has been applied on some commonly used (Naive Bayes, Bayes Net, Decision Table, J48 and Random Forest) classifiers for determining the detection rate of the classifiers. 10 fold cross validation has been used here for measuring the robustness of the system. To measure the efficiency of our hybrid feature selection method, we have also applied the same set of classifiers on the NSL KDD dataset, where it gives the best anomaly detection rate of 99.72% and average detection rate 98.47% similarly, we have applied the same set of classifiers on NSL DDoS dataset and obtain the average DDoS detection of 99.01% and the best DDoS detection rate of 99.86%. In order to compare the performance of our proposed hybrid method, we have also applied the existing feature selection methods and measured the detection rate using the same set of classifiers. Finally, we have seen that our hybrid approach for detecting the DDoS attack gives the best detection rate compared to some existing methods.","PeriodicalId":235855,"journal":{"name":"2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)","volume":"67 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2020-02-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ISEA-ISAP49340.2020.234999","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 15

Abstract

In the area of cloud security, detection of DDoS attack is a challenging task such that legitimate users use the cloud resources properly. So in this paper, detection and classification of the attacking packets and normal packets are done by using various machine learning classifiers. We have selected the most relevant features from NSL KDD dataset using five (Information gain, gain ratio, chi-squared, ReliefF, and symmetrical uncertainty) commonly used feature selection methods. Now from the entire selected feature set, the most important features are selected by applying our hybrid feature selection method. Since all the anomalous instances of the dataset do not belong to DDoS category so we have separated only the DDoS packets from the dataset using the selected features. Finally, the dataset has been prepared and named as KDD DDoS dataset by considering the selected DDoS packets and normal packets. This KDD DDoS dataset has been discretized using discretize tool in weka for getting better performance. Finally, this discretize dataset has been applied on some commonly used (Naive Bayes, Bayes Net, Decision Table, J48 and Random Forest) classifiers for determining the detection rate of the classifiers. 10 fold cross validation has been used here for measuring the robustness of the system. To measure the efficiency of our hybrid feature selection method, we have also applied the same set of classifiers on the NSL KDD dataset, where it gives the best anomaly detection rate of 99.72% and average detection rate 98.47% similarly, we have applied the same set of classifiers on NSL DDoS dataset and obtain the average DDoS detection of 99.01% and the best DDoS detection rate of 99.86%. In order to compare the performance of our proposed hybrid method, we have also applied the existing feature selection methods and measured the detection rate using the same set of classifiers. Finally, we have seen that our hybrid approach for detecting the DDoS attack gives the best detection rate compared to some existing methods.

查看原文本刊更多论文

基于混合方法的DDoS攻击检测与分类

在云安全领域，检测DDoS攻击是一项具有挑战性的任务，可以保证合法用户正确使用云资源。因此，本文使用各种机器学习分类器对攻击报文和正常报文进行检测和分类。我们使用五种常用的特征选择方法(信息增益、增益比、卡方、ReliefF和对称不确定性)从NSL KDD数据集中选择了最相关的特征。然后利用混合特征选择方法从整个特征集中选择出最重要的特征。由于数据集的所有异常实例都不属于DDoS类别，因此我们使用选定的特征仅从数据集中分离DDoS数据包。最后，将选择的DDoS报文和正常报文进行比较，将数据集命名为KDD DDoS数据集。为了获得更好的性能，使用weka中的离散化工具对该KDD DDoS数据集进行了离散化。最后，将该离散化数据集应用于一些常用的分类器(朴素贝叶斯、贝叶斯网络、决策表、J48和随机森林)，以确定分类器的检测率。这里使用10倍交叉验证来测量系统的稳健性。为了衡量混合特征选择方法的效率，我们还在NSL KDD数据集上应用了相同的分类器，得到了99.72%的最佳异常检测率和98.47%的平均异常检测率，同样，我们在NSL DDoS数据集上应用了相同的分类器，得到了99.01%的平均异常检测率和99.86%的最佳异常检测率。为了比较我们提出的混合方法的性能，我们还应用了现有的特征选择方法，并使用相同的分类器集测量检测率。最后，我们已经看到，与一些现有方法相比，我们用于检测DDoS攻击的混合方法提供了最佳的检测率。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP)

自引率

0.00%

发文量