DDoS Attack Detection Using Machine Learning Techniques

Abstract

Network Traffic analysis is an important part of network security. With the increase in the usage of internet, new kinds of network security threats are becoming prominent. One of the biggest threats to it is the Distributed Denial of Service (DDoS) attack. Objective: The primary objective of our work is to create a DDoS dataset and to classify the attack based on its behavioural analysis. Methods: For creating a DDoS dataset, a proper virtual lab environment is set-up. After setting up the environment and virtual network, DDoS attack is performed on the victim machine and the network traffics are captured. Along with the DDoS data, benign network traffics are captured as well. After creating the dataset, different features are extracted from the network traffics and finally used different Machine Learning approach for classifying the features whether the traffics are benign traffics or DDoS traffics. Findings: From the experimental result, it is clear that the proposed method can create DDoS traffic and classify different types of DDoS attacks in an efficient manner. From the result analysis, it is seen that the KNN clustering algorithm performs better classifications than the other machine learning algorithms. Novelty: The primary novelty in the proposed work is about the dataset that has been created. The DDoS dataset that is used in the proposed work is heterogeneous. The dataset includes DDoS traffics from both the global internet and local network. On this data, among most of the primary machine learning algorithms, Random Forest and K-Nearest Neighbour Classifier performs better with classification accuracy of 99.44% and 99.58%.