Portal de Periódicos da CAPES

Real-Time DDoS Attack Detection Based on Machine Learning Algorithms

2021; RELX Group (Netherlands); Linguagem: Inglês

10.2139/ssrn.3974241

1556-5068

S. Rajesh, Marvin Clement, S Sooraj, Al Shifan S. H., Jyothi Johnson,

Advanced Malware Detection Techniques

With the development of network technology, Distributed Denial of Service (DDoS) attacks have increasingly become a significant security risk that endangers the network. It uses standard protocols and services when attacking, so it is difficult to detect through traditional methods. Given the idea of rational thinking, DDoS attack detection can be simulated as a classification problem that distinguishes between "attack" and "normal" network flow states. This paper analyses the common attacks such as User Datagram Protocol flood attacks, Internet Control Message Protocol ping flood attacks, Transmission Control Protocol-SYN flood attacks and Land attacks to generalize attack behaviour. A DDoS attack detection method based on various machine learning algorithms are proposed and the classification model established. After training and testing, the model predicts whether new unlabelled network traffic is benign or malicious. Experimental results show that Decision Tree (DT), Random Forest (RF) and K-Nearest Neighbours (KNN) can more accurately distinguish between normal traffic and attack traffic. KNN is computationally rigorous due to the evaluation of the distance between the detected node and every other node in the training set, followed by sorting the distances. Hence, KNN may add to the computational burden of the Software- Defined Networking architecture’s detection devices and may cause a considerable delay in detection. DT has a lower learning time than RF and is hence selected to be the classification model. The proposed work has been found to illustrate high detection accuracy and can guarantee normal communication within the network with the detection being achieved in real-time.