A hybrid machine learning approach for detecting unprecedented DDoS attacks

Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attack...

Descripción completa

Detalles Bibliográficos
Autores principales: Najafimehr, Mohammad, Zarifzadeh, Sajjad, Mostafavi, Seyedakbar
Formato: Online Artículo Texto
Lenguaje:English
Publicado: Springer US 2022
Materias:
Article
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8739683/
https://www.ncbi.nlm.nih.gov/pubmed/35017789
http://dx.doi.org/10.1007/s11227-021-04253-x
Descripción
Sumario:Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attacks. However, they are almost incapable of detecting unknown malicious traffic. This paper proposes a novel method combining both supervised and unsupervised algorithms. First, a clustering algorithm separates the anomalous traffic from the normal data using several flow-based features. Then, using certain statistical measures, a classification algorithm is used to label the clusters. Employing a big data processing framework, we evaluate the proposed method by training on the CICIDS2017 dataset and testing on a different set of attacks provided in the more up-to-date CICDDoS2019. The results demonstrate that the Positive Likelihood Ratio (LR+) of our method is approximately 198% higher than the ML classification algorithms.

Ejemplares similares