Exploring the use of machine learning outlier detection algorithms for DDoS identification

  • André L. Ribeiro UFMG
  • Othávio R. C. Araújo UFMG
  • Caio A. C. Maciel UFMG
  • Leonardo B. Oliveira UFMG


Servers and users rely on safe defenses against multiple attacks. Usual practices, however, normally are unable to deal with huge distributed attacks, such as DDoS. This is a malicious practice that aims to interrupt the flow of a network causing data congestion. Moreover, DDoS is a stealthy practice, as its traffic might present similar attributes to usual ones. With this in mind, in this paper, we use unsupervised, semi-supervised, and supervised machine learning algorithms to automatically analyze a selected network, detecting possible DDoS flows using PyOD library. We evaluate each of those types of algorithms and also explore the effects of previous feature selection on them.


Chen, T. and Guestrin, C. (2016). Xgboost: A scalable tree boosting system. In Proceedings of the 22nd acm sigkdd international conference on knowledge discovery and data mining, pages 785–794.

Goldstein, M. and Dengel, A. (2012). Histogram-based outlier score (hbos): A fast unsupervised anomaly detection algorithm.

Goldstein, M. and Uchida, S. (2016). A comparative evaluation of unsupervised anomaly detection algorithms for multivariate data. PloS one, 11(4):e0152173.

He, Z., Zhang, T., and Lee, R. B. (2017). Machine learning based ddos attack detection from source side in cloud. In 2017 IEEE 4th International Conference on Cyber Security and Cloud Computing (CSCloud), pages 114–120. IEEE.

Laskov, P., Düssel, P., Schäfer, C., and Rieck, K. (2005). Learning intrusion detection: supervised or unsupervised? In International Conference on Image Analysis and Processing, pages 50–57. Springer.

Liu, F. T., Ting, K. M., and Zhou, Z.-H. (2008). Isolation forest. In 2008 Eighth IEEE International Conference on Data Mining, pages 413–422. IEEE.

Niyaz, Q., Sun, W., and Javaid, A. Y. (2017). A deep learning based ICST Transactions on ddos detection system in software-defined networking (sdn). Security and Safety, 4(12):153515.

Prasad, M. D. and PBV, C. A. (2019). Machine learning ddos detection using stochastic gradient boosting. International Journal of Computer Sciences and Engineering, 7(4):157–16.

Sakurada, M. and Yairi, T. (2014). Anomaly detection using autoencoders with nonlinear dimensionality reduction. In Proceedings of the MLSDA 2014 2nd Workshop on Machine Learning for Sensory Data Analysis, pages 4–11.

Shyu, M.-L., Chen, S.-C., Sarinnapakorn, K., and Chang, L. (2003). A novel anomaly detection scheme based on principal component classifier. Technical report, MIAMI UNIV CORAL GABLES FL DEPT OF ELECTRICAL AND COMPUTER ENGINEERING.

Sonar, K. and Upadhyay, H. (2014). A survey: Ddos attack on internet of things. International Journal of Engineering Research and Development, 10(11):58–63.

Zhao, Y. and Hryniewicki, M. K. (2018). Xgbod: improvIn 2018 ing supervised outlier detection with unsupervised representation learning. International Joint Conference on Neural Networks (IJCNN), pages 1–8. IEEE.

Zhao, Y., Nasrullah, Z., and Li, Z. (2019). Pyod: A python toolbox for scalable outlier detection. Journal of Machine Learning Research, 20:1–7.
RIBEIRO, André L.; ARAÚJO, Othávio R. C.; MACIEL, Caio A. C.; OLIVEIRA, Leonardo B.. Exploring the use of machine learning outlier detection algorithms for DDoS identification. In: WORKSHOP DE TRABALHOS DE INICIAÇÃO CIENTÍFICA E DE GRADUAÇÃO - SIMPÓSIO BRASILEIRO DE SEGURANÇA DA INFORMAÇÃO E DE SISTEMAS COMPUTACIONAIS (SBSEG), 20. , 2020, Evento Online. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2020 . p. 227-234. DOI: https://doi.org/10.5753/sbseg_estendido.2020.19288.

Artigos mais lidos do(s) mesmo(s) autor(es)