A Lightweight Decision-Tree Algorithm for detecting DDoS flooding attacks

Abstract

The development of an accurate, efficient and lightweight distributed solution for the detection and prevention of DDoS attacks provides network designers with new options to monitor and secure networks according to their strategic needs. Here we present, a lightweight architecture that distinguishes attack network flows from normal traffic flows with a detection accuracy of over 99.9%. The architecture presented is optimised for deployment in low-cost environments for efficient, rapid detection and prevention of DDoS attacks. To achieve a computationally efficiency architecture, the system was trained with a minimal number of features using a robust features selection approach and validated against the CIC 2017 and 2019 datasets. Analysis of the design is presented and results shows that the new architecture uses just 7% processing power of the detection system and provides no additional overhead to the monitored network.