Cargando…
A hybrid machine learning approach for detecting unprecedented DDoS attacks
Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attack...
| Autores principales: | , , |
|---|---|
| Formato: | Online Artículo Texto |
| Lenguaje: | English |
| Publicado: |
Springer US
2022
|
| Materias: | |
| Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8739683/ https://www.ncbi.nlm.nih.gov/pubmed/35017789 http://dx.doi.org/10.1007/s11227-021-04253-x |
| _version_ | 1784629154206973952 |
|---|---|
| author | Najafimehr, Mohammad Zarifzadeh, Sajjad Mostafavi, Seyedakbar |
| author_facet | Najafimehr, Mohammad Zarifzadeh, Sajjad Mostafavi, Seyedakbar |
| author_sort | Najafimehr, Mohammad |
| collection | PubMed |
| description | Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attacks. However, they are almost incapable of detecting unknown malicious traffic. This paper proposes a novel method combining both supervised and unsupervised algorithms. First, a clustering algorithm separates the anomalous traffic from the normal data using several flow-based features. Then, using certain statistical measures, a classification algorithm is used to label the clusters. Employing a big data processing framework, we evaluate the proposed method by training on the CICIDS2017 dataset and testing on a different set of attacks provided in the more up-to-date CICDDoS2019. The results demonstrate that the Positive Likelihood Ratio (LR+) of our method is approximately 198% higher than the ML classification algorithms. |
| format | Online Article Text |
| id | pubmed-8739683 |
| institution | National Center for Biotechnology Information |
| language | English |
| publishDate | 2022 |
| publisher | Springer US |
| record_format | MEDLINE/PubMed |
| spelling | pubmed-87396832022-01-07 A hybrid machine learning approach for detecting unprecedented DDoS attacks Najafimehr, Mohammad Zarifzadeh, Sajjad Mostafavi, Seyedakbar J Supercomput Article Service availability plays a vital role on computer networks, against which Distributed Denial of Service (DDoS) attacks are an increasingly growing threat each year. Machine learning (ML) is a promising approach widely used for DDoS detection, which obtains satisfactory results for pre-known attacks. However, they are almost incapable of detecting unknown malicious traffic. This paper proposes a novel method combining both supervised and unsupervised algorithms. First, a clustering algorithm separates the anomalous traffic from the normal data using several flow-based features. Then, using certain statistical measures, a classification algorithm is used to label the clusters. Employing a big data processing framework, we evaluate the proposed method by training on the CICIDS2017 dataset and testing on a different set of attacks provided in the more up-to-date CICDDoS2019. The results demonstrate that the Positive Likelihood Ratio (LR+) of our method is approximately 198% higher than the ML classification algorithms. Springer US 2022-01-07 2022 /pmc/articles/PMC8739683/ /pubmed/35017789 http://dx.doi.org/10.1007/s11227-021-04253-x Text en © The Author(s), under exclusive licence to Springer Science+Business Media, LLC, part of Springer Nature 2021 This article is made available via the PMC Open Access Subset for unrestricted research re-use and secondary analysis in any form or by any means with acknowledgement of the original source. These permissions are granted for the duration of the World Health Organization (WHO) declaration of COVID-19 as a global pandemic. |
| spellingShingle | Article Najafimehr, Mohammad Zarifzadeh, Sajjad Mostafavi, Seyedakbar A hybrid machine learning approach for detecting unprecedented DDoS attacks |
| title | A hybrid machine learning approach for detecting unprecedented DDoS attacks |
| title_full | A hybrid machine learning approach for detecting unprecedented DDoS attacks |
| title_fullStr | A hybrid machine learning approach for detecting unprecedented DDoS attacks |
| title_full_unstemmed | A hybrid machine learning approach for detecting unprecedented DDoS attacks |
| title_short | A hybrid machine learning approach for detecting unprecedented DDoS attacks |
| title_sort | hybrid machine learning approach for detecting unprecedented ddos attacks |
| topic | Article |
| url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8739683/ https://www.ncbi.nlm.nih.gov/pubmed/35017789 http://dx.doi.org/10.1007/s11227-021-04253-x |
| work_keys_str_mv | AT najafimehrmohammad ahybridmachinelearningapproachfordetectingunprecedentedddosattacks AT zarifzadehsajjad ahybridmachinelearningapproachfordetectingunprecedentedddosattacks AT mostafaviseyedakbar ahybridmachinelearningapproachfordetectingunprecedentedddosattacks AT najafimehrmohammad hybridmachinelearningapproachfordetectingunprecedentedddosattacks AT zarifzadehsajjad hybridmachinelearningapproachfordetectingunprecedentedddosattacks AT mostafaviseyedakbar hybridmachinelearningapproachfordetectingunprecedentedddosattacks |