Machine Learning for Detection of Distributed Denial-of-Service Attacks from Queries Executed in DBMS

  • Danilo A. M. Chagas UnB
  • Geraldo P. Rocha Filho UESB
  • Rodolfo I. Meneguette USP
  • Rodrigo Bonacin CTI Renato Archer / Unifaccamp
  • Vinícius P. Gonçalves UnB


Denial-of-Service (DoS) attacks have been extensively studied in the literature, especially in their most dangerous form, the Distributed Denial-of-Service (DDoS). Database, a critical infrastructure for services, has mechanisms for recording information (logs) of SQL queries and sessions. Although they are vulnerable to DDoS, they are not entirely covered by commercial tools or research on such a detection. Machine Learning (ML) techniques are highly effective in identifying patterns in data such as database SQL logs. Thus, this work proposes the application of ML to detect DDoS attacks on a database from the logs of queries executed on it. As a result, the classification obtained an F1-score of 94.44%, which indicates the effectiveness of the proposed approach.


Akgun, D., Hizal, S., and Cavusoglu, U. (2022). A new ddos attacks intrusion detection model based on deep learning for cybersecurity. Computers & Security, 118:102748.

Aliero, M. S., Qureshi, K. N., Pasha, M. F., Ghani, I., and Yauri, R. A. (2020). Systematic review analysis on sqlia detection and prevention approaches. Wireless Personal Communications, 112(4):2297–2333.

Alkasassbeh, M., Al-Naymat, G., Hassanat, A. B., and Almseidin, M. (2016). Detecting distributed denial of service attacks using data mining techniques. International Journal of Advanced Computer Science and Applications, 7(1).

Alwan, Z. S. and Younis, M. F. (2017). Detection and prevention of sql injection attack: A survey. International Journal of Computer Science and Mobile Computing, 6(8):5–17.

Berman, D. S., Buczak, A. L., Chavis, J. S., and Corbett, C. L. (2019). A survey of deep learning methods for cyber security. Information, 10(4):122.

Brooks, R. R., Yu, L., Oakley, J., Tusing, N., et al. (2021). Distributed denial of service (ddos): A history. IEEE Annals of the History of Computing.

Burkov, A. (2020). Machine Learning Engineering. Andriy Burkov.

Carrington, A., Manuel, D., Fieguth, P., Ramsay, T., Osmani, V., Wernly, B., Bennett, C., Hawken, S., McInnes, M., Magwood, O., Sheikh, Y., and Holzinger, A. (2022). Deep roc analysis and auc as balanced average accuracy for improved classifier selection, audit and explanation. IEEE transactions on pattern analysis and machine intelligence, PP.

Cavalcante, I. C., Meneguette, R. I., Torres, R. H., Mano, L. Y., Gonçalves, V. P., Ueyama, J., Pessin, G., Nze, G. D. A., and Filho, G. P. R. (2022). Federated system for transport mode detection. Energies, 15(23):9256.

Chadd, A. (2018). Ddos attacks: past, present and future. Network Security, 2018(7):13–15.

Doan, Q. H., Mai, S.-H., Do, Q. T., and Thai, D.-K. (2022). A cluster-based data splitting method for small sample and class imbalance problems in impact damage classification[formula presented]. Applied Soft Computing, 120.

Géron, A. (2017). Hands-on machine learning with scikit-learn and tensorflow: Concepts. Tools, and Techniques to build intelligent systems.

Gormez, Y., Aydin, Z., Karademir, R., and Gungor, V. C. (2020). A deep learning approach with bayesian optimization and ensemble classifiers for detecting denial of service attacks. International Journal of Communication Systems, 33(11):e4401.

Gümüşbaş, D., Yıldırım, T., Genovese, A., and Scotti, F. (2020). A comprehensive survey of databases and deep learning methods for cybersecurity and intrusion detection systems. IEEE Systems Journal, 15(2):1717–1731.

Gurina, A. and Eliseev, V. (2019). Anomaly-based method for detecting multiple classes of network attacks. Information, 10(3):84.

Haider, S., Akhunzada, A., Mustafa, I., Patel, T. B., Fernandez, A., Choo, K.-K. R., and Iqbal, J. (2020). A deep cnn ensemble framework for efficient ddos attack detection in software defined networks. Ieee Access, 8:53972–53983.

Hashem, I., Islam, M., Haque, S. M., Jabed, Z. I., and Sakib, N. (2021). A proposed technique for simultaneously detecting ddos and sql injection attacks. International Journal of Computer Applications, 975:8887.

Kaur, H., Pannu, H. S., and Malhi, A. K. (2019). A systematic review on imbalanced data challenges in machine learning: Applications and solutions. ACM Computing Surveys (CSUR), 52(4):1–36.

Kernbach, J. M. and Staartjes, V. E. (2022). Foundations of machine learning-based clinical prediction modeling: Part ii—generalization and overfitting. Machine Learning in Clinical Neuroscience, pages 15–21.

Lima Filho, F. S. d., Silveira, F. A., de Medeiros Brito Junior, A., Vargas-Solar, G., and Silveira, L. F. (2019). Smart detection: an online approach for dos/ddos attack detection using machine learning. Security and Communication Networks, 2019.

Medeiros, I., Beatriz, M., Neves, N., and Correia, M. (2019). Septic: detecting injection attacks and vulnerabilities inside the dbms. IEEE Transactions on Reliability, 68(3):1168–1188.

Mittal, M., Kumar, K., and Behal, S. (2022). Deep learning approaches for detecting ddos attacks: a systematic review. Soft Computing, pages 1–37.

Molina, A., Gonçalves, V., Jr., R. S., Giuntini, F., Pessin, G., Meneguette, R., and Filho, G. R. (2022). Weapon: Uma arquitetura para detecção de anomalias de comportamento do usuário. In Anais do XI Brazilian Workshop on Social Network Analysis and Mining, pages 121–132, Porto Alegre, RS, Brasil. SBC.

Oracle (2023). Database reference v$session. [link]. [Online; accessed in 03-11-2023].

Pouyanfar, S., Sadiq, S., Yan, Y., Tian, H., Tao, Y., Reyes, M. P., Shyu, M.-L., Chen, S.-C., and Iyengar, S. S. (2018). A survey on deep learning: Algorithms, techniques, and applications. ACM Computing Surveys, 51(5).

Sofi, I., Mahajan, A., and Mansotra, V. (2017). Machine learning techniques used for the detection and analysis of modern types of ddos attacks. Int. Res. J. Eng. Technol.

Souza, A., Nobre, R., Gonçalves, V., and Filho, G. R. (2021). Uma solução em névoa via objetos inteligentes para lidar com a heterogeneidade dos dados em um ambiente residencial. In Anais Estendidos do XXXIX Simpósio Brasileiro de Redes de Computadores e Sistemas Distribuídos, pages 257–264, Porto Alegre, RS, Brasil. SBC.

Thudumu, S., Branch, P., Jin, J., and Singh, J. J. (2020). A comprehensive survey of anomaly detection techniques for high dimensional big data. Journal of Big Data, 7(1):1–30.

Togatorop, P., Sitorus, H. A. T., Sirait, R. M., and Manurung, T. (2022). Database audit system design and implementation. Jurnal Mantik, 5(4):2535–2541.

Tripathi, N. and Hubballi, N. (2021). Application layer denial-of-service attacks and defense mechanisms: a survey. ACM Computing Surveys (CSUR), 54(4):1–33.

Varshney, K. and Ujjwal, R. (2019). Lssqlidp: Literature survey on sql injection detection and prevention techniques. Journal of Statistics and Management Systems, 22(2):257–269.

Vedula, V., Lama, P., Boppana, R. V., and Trejo, L. A. (2021). On the detection of low-rate denial of service attacks at transport and application layers. Electronics, 10(17):2105.

Yu, L., Zhou, R., Chen, R., and Lai, K. K. (2022). Missing data preprocessing in credit classification: One-hot encoding or imputation? Emerging Markets Finance and Trade, 58(2):472–482.
CHAGAS, Danilo A. M.; ROCHA FILHO, Geraldo P.; MENEGUETTE, Rodolfo I.; BONACIN, Rodrigo; GONÇALVES, Vinícius P.. Machine Learning for Detection of Distributed Denial-of-Service Attacks from Queries Executed in DBMS. In: WORKSHOP DE GERÊNCIA E OPERAÇÃO DE REDES E SERVIÇOS (WGRS), 28. , 2023, Brasília/DF. Anais [...]. Porto Alegre: Sociedade Brasileira de Computação, 2023 . p. 57-70. ISSN 2595-2722. DOI: