Automation of Model Selection for Unsupervised DDoS Attack Prediction
Abstract
Machine learning (ML) techniques assist in the automation of various cybersecurity tasks. Given the vast number of algorithms and hyperparameters, one of the biggest challenges is identifying the model that minimizes errors. Therefore, selecting the appropriate ML algorithm is crucial for effectively handling each attack and scenario. Thus, this article presents the ALTO technique, which autonomously selects the outlier detector that maximizes the separation of malicious network traffic from benign traffic without the use of labels (unsupervised) in the context of predicting distributed denial-of-service (DDoS) attacks. The results indicate that the ALTO technique selects models capable of outperforming manually configured models and generating up to 500% more true positives.References
Brito, D., de Neira, A. B., Borges, L. F., and Nogueira, M. (2023). An autonomous system for predicting ddos attacks on local area networks and the internet. In 2023 IEEE Latin-American Conference on Communications (LATINCOM), pages 1–6. IEEE.
Devi, D., Biswas, S. K., and Purkayastha, B. (2019). Learning in presence of class imbalance and class overlapping by using One-Class SVM and undersampling technique. Connection Science, 31(2):105–142.
Fernandes, C. A. F. S. (2017). Algoritmo do tipo filter-wrapper de seleção de features para utilização na seleção de genes. Master’s thesis, Universidade de Coimbra.
Feurer, M., Klein, A., Eggensperger, K., Springenberg, J. T., Blum, M., and Hutter, F. (2015). Efficient and robust automated machine learning. In NIPS, page 2755–2763, USA. MIT Press.
Forum, W. E. (2024). The global risks report 2024 Acesso em: 06/2024. [link].
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Halkidi, M. and Vazirgiannis, M. (2001). Clustering validity assessment: finding the optimal partitioning of a data set. In ICDM, pages 187–194.
Halkidi, M. and Vazirgiannis, M. (2008). A density-based cluster validity approach using multi-representatives. Pattern Recognit. Lett., 29(6):773–786.
Hecht, L. (2019). Add it up: How long does a machine learning deployment take? [link].
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kiner, E. and April, T. (2023). Google mitigated the largest DDoS attack to date, peaking above 398 million rps Acesso 10/23. [link].
Lima, M. H., de Neira, A. B., Borges, L. F., and Nogueira, M. (2023). Predição não-supervisionada de ataques ddos por sinais precoces e one-class svm. In SBSeg, pages 403–416. SBC.
Liu, Y., Li, Z., Xiong, H., Gao, X., and Wu, J. (2010). Understanding of internal clustering validation measures. In 2010 IEEE ICDM, pages 911–916. IEEE.
Liu, Z., Qian, L., and Tang, S. (2022). The prediction of DDoS attack by machine learning. In ECNCT, volume 12167, pages 681–686. SPIE.
Mohmand, M. I., Hussain, H., Khan, A. A., Ullah, U., Zakarya, M., Ahmed, A., Raza, M., Rahman, I. U., Haleem, M., et al. (2022). A machine learning-based classification and prediction technique for DDoS attacks. IEEE Access, 10:21443–21454.
Oliveira, J. M., Almeida, J., Macedo, D., and Nogueira, J. M. (2023). Comparative analysis of unsupervised machine learning algorithms for anomaly detection in network data. In 2023 LATINCOM, pages 1–6. IEEE.
Poulakis, G. (2020). Unsupervised AutoML: a study on automated machine learning in the context of clustering. Master’s thesis, Πανεπιστ ήµιo Πειραιώς .
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Devi, D., Biswas, S. K., and Purkayastha, B. (2019). Learning in presence of class imbalance and class overlapping by using One-Class SVM and undersampling technique. Connection Science, 31(2):105–142.
Fernandes, C. A. F. S. (2017). Algoritmo do tipo filter-wrapper de seleção de features para utilização na seleção de genes. Master’s thesis, Universidade de Coimbra.
Feurer, M., Klein, A., Eggensperger, K., Springenberg, J. T., Blum, M., and Hutter, F. (2015). Efficient and robust automated machine learning. In NIPS, page 2755–2763, USA. MIT Press.
Forum, W. E. (2024). The global risks report 2024 Acesso em: 06/2024. [link].
Garcia, S., Grill, M., Stiborek, J., and Zunino, A. (2014). An empirical comparison of botnet detection methods. Computers & Security, 45:100–123.
Halkidi, M. and Vazirgiannis, M. (2001). Clustering validity assessment: finding the optimal partitioning of a data set. In ICDM, pages 187–194.
Halkidi, M. and Vazirgiannis, M. (2008). A density-based cluster validity approach using multi-representatives. Pattern Recognit. Lett., 29(6):773–786.
Hecht, L. (2019). Add it up: How long does a machine learning deployment take? [link].
Jyoti, N. and Behal, S. (2021). A meta-evaluation of machine learning techniques for detection of DDoS attacks. In INDIACom, pages 522–526, India. IEEE.
Kiner, E. and April, T. (2023). Google mitigated the largest DDoS attack to date, peaking above 398 million rps Acesso 10/23. [link].
Lima, M. H., de Neira, A. B., Borges, L. F., and Nogueira, M. (2023). Predição não-supervisionada de ataques ddos por sinais precoces e one-class svm. In SBSeg, pages 403–416. SBC.
Liu, Y., Li, Z., Xiong, H., Gao, X., and Wu, J. (2010). Understanding of internal clustering validation measures. In 2010 IEEE ICDM, pages 911–916. IEEE.
Liu, Z., Qian, L., and Tang, S. (2022). The prediction of DDoS attack by machine learning. In ECNCT, volume 12167, pages 681–686. SPIE.
Mohmand, M. I., Hussain, H., Khan, A. A., Ullah, U., Zakarya, M., Ahmed, A., Raza, M., Rahman, I. U., Haleem, M., et al. (2022). A machine learning-based classification and prediction technique for DDoS attacks. IEEE Access, 10:21443–21454.
Oliveira, J. M., Almeida, J., Macedo, D., and Nogueira, J. M. (2023). Comparative analysis of unsupervised machine learning algorithms for anomaly detection in network data. In 2023 LATINCOM, pages 1–6. IEEE.
Poulakis, G. (2020). Unsupervised AutoML: a study on automated machine learning in the context of clustering. Master’s thesis, Πανεπιστ ήµιo Πειραιώς .
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In ICCST.
Published
2024-09-16
How to Cite
LIMA, Matheus H.; NEIRA, Anderson B. de; BORGES, Ligia F.; NOGUEIRA, Michele.
Automation of Model Selection for Unsupervised DDoS Attack Prediction. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 24. , 2024, São José dos Campos/SP.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2024
.
p. 753-759.
DOI: https://doi.org/10.5753/sbseg.2024.241466.
