Detection of Distributed Denial-of-Service Attacks with Machine Learning Algorithms
Abstract
This paper proposes a methodology to detect and classify distributed denial-of-service (DDoS) attacks. The proposed methodology employs data balancing techniques, preprocessing, and attribute selection that differ from those found in related work. We evaluate five machine learning algorithms, and we use the dataset CIC-DDoS2019 for training, validation, and evaluation. Experiments show that the Random Forest (RF) algorithm achieves the best results in both binary and multiclass classification. In the binary scenario without synthetic data, RF achieved 99.8% accuracy, while in multiclass classification, it reached a 100% detection rate for SYN attacks and 98% or higher for other types of attacks.
References
Agiollo, A., Bardhi, E., Conti, M., Lazzeretti, R., Losiouk, E. e Omicini, A. (2023). GNN4IFA: Interest flooding attack detection with graph neural networks. Em IEEE European Symposium on Security and Privacy (EuroS&P), p. 615–630.
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L. e Rieck, K. (2022). Dos and don’ts of machine learning in computer security. Em USENIX Security Symposium.
Bala, B. e Behal, S. (2024). AI techniques for IoT-based DDoS attack detection: Taxonomies, comprehensive review and research challenges. Computer science review, 52:100631.
Chawla, N. V., Bowyer, K. W., Hall, L. O. e Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Elsayed, M. S., Le-Khac, N.-A., Dev, S. e Jurcut, A. D. (2020). DDoSNet: A deep-learning model for detecting network attacks. Em IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), p. 391–396.
Fister Jr, I., Yang, X.-S., Fister, I., Brest, J. e Fister, D. (2013). A brief review of nature-inspired algorithms for optimization. arXiv preprint arXiv:1307.4186.
Horchulhack, P., Viegas, E., Santin, A. e Geremias, J. (2022). Atualização de modelo baseado em aumento de dados e transferência de aprendizagem para detecção de intrusão em redes. Em Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), p. 223–235.
Kaggle (2024). Level up with the largest AI & ML community. [link]. (Acesso em 19 de junho de 2024).
Kurniabudi, Stiawan, D., Darmawijoyo, Idris, M. Y. B., Bamhdi, A. M. e Budiarto, R. (2020). CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access, 8:132911–132921.
Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., Cunha, D. O., Costa, L. H. M. K. e Duarte, O. C. M. B. (2005). Negação de serviço: Ataques e contramedidas. Em Minicursos do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), p. 1–63.
Li, Z., Kong, Y. e Jiang, C. (2023). A transfer double deep Q network based DDoS detection method for internet of vehicles. IEEE Transactions on Vehicular Technology, 72(4):5317–5331.
Liashchynskyi, P. e Liashchynskyi, P. (2019). Grid search, random search, genetic algorithm: a big comparison for nas. arXiv preprint arXiv:1912.06059.
Lima, M., Neira, A., Borges, L. e Nogueira, M. (2023). Predição não-supervisionada de ataques DDoS por sinais precoces e one-class SVM. Em Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), p. 403–416.
Nazarudeen, F. e Sundar, S. (2022). Efficient DDoS attack detection using machine learning techniques. Em IEEE International Power and Renewable Energy Conference (IPRECON), p. 1–6.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., , Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M. e Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. The Journal of machine Learning research, 12:2825–2830.
Polat, H., Polat, O. e Cetin, A. (2020). Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability, 12(3):1035.
Sharafaldin, I., Lashkari, A. H., Hakak, S., e Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. Em IEEE 53rd International Carnahan Conference on Security Technology.
Yoachimik, O., Desgats, J. e Forster, A. (2023). Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack. [link]. (Acesso em 25 de agosto 2023).
Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L. e Rieck, K. (2022). Dos and don’ts of machine learning in computer security. Em USENIX Security Symposium.
Bala, B. e Behal, S. (2024). AI techniques for IoT-based DDoS attack detection: Taxonomies, comprehensive review and research challenges. Computer science review, 52:100631.
Chawla, N. V., Bowyer, K. W., Hall, L. O. e Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16:321–357.
Elsayed, M. S., Le-Khac, N.-A., Dev, S. e Jurcut, A. D. (2020). DDoSNet: A deep-learning model for detecting network attacks. Em IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), p. 391–396.
Fister Jr, I., Yang, X.-S., Fister, I., Brest, J. e Fister, D. (2013). A brief review of nature-inspired algorithms for optimization. arXiv preprint arXiv:1307.4186.
Horchulhack, P., Viegas, E., Santin, A. e Geremias, J. (2022). Atualização de modelo baseado em aumento de dados e transferência de aprendizagem para detecção de intrusão em redes. Em Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), p. 223–235.
Kaggle (2024). Level up with the largest AI & ML community. [link]. (Acesso em 19 de junho de 2024).
Kurniabudi, Stiawan, D., Darmawijoyo, Idris, M. Y. B., Bamhdi, A. M. e Budiarto, R. (2020). CICIDS-2017 dataset feature analysis with information gain for anomaly detection. IEEE Access, 8:132911–132921.
Laufer, R. P., Moraes, I. M., Velloso, P. B., Bicudo, M. D. D., Campista, M. E. M., Cunha, D. O., Costa, L. H. M. K. e Duarte, O. C. M. B. (2005). Negação de serviço: Ataques e contramedidas. Em Minicursos do Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), p. 1–63.
Li, Z., Kong, Y. e Jiang, C. (2023). A transfer double deep Q network based DDoS detection method for internet of vehicles. IEEE Transactions on Vehicular Technology, 72(4):5317–5331.
Liashchynskyi, P. e Liashchynskyi, P. (2019). Grid search, random search, genetic algorithm: a big comparison for nas. arXiv preprint arXiv:1912.06059.
Lima, M., Neira, A., Borges, L. e Nogueira, M. (2023). Predição não-supervisionada de ataques DDoS por sinais precoces e one-class SVM. Em Simpósio Brasileiro de Segurança da Informação e de Sistemas Computacionais (SBSeg), p. 403–416.
Nazarudeen, F. e Sundar, S. (2022). Efficient DDoS attack detection using machine learning techniques. Em IEEE International Power and Renewable Energy Conference (IPRECON), p. 1–6.
Pedregosa, F., Varoquaux, G., Gramfort, A., Michel, V., Thirion, B., , Grisel, O., Blondel, M., Prettenhofer, P., Weiss, R., Dubourg, V., Vanderplas, J., Passos, A., Cournapeau, D., Brucher, M., Perrot, M. e Duchesnay, E. (2011). Scikit-learn: Machine learning in Python. The Journal of machine Learning research, 12:2825–2830.
Polat, H., Polat, O. e Cetin, A. (2020). Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability, 12(3):1035.
Sharafaldin, I., Lashkari, A. H., Hakak, S., e Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. Em IEEE 53rd International Carnahan Conference on Security Technology.
Yoachimik, O., Desgats, J. e Forster, A. (2023). Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack. [link]. (Acesso em 25 de agosto 2023).
Published
2024-09-16
How to Cite
SILVA, Rodrigo R.; HENRIQUES, Felipe da R.; MORAES, Igor M.; MASCARENHAS, Dalbert M..
Detection of Distributed Denial-of-Service Attacks with Machine Learning Algorithms. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 226-241.
DOI: https://doi.org/10.5753/sbseg.2024.241684.
