Abstract
Distributed Denial of Service (DDoS) has been the most prominent attack in cyber-physical system over the last decade. Defending against DDoS attack is not only challenging but also strategic. Tons of new strategies and approaches have been proposed to defend against different types of DDoS attacks. The ongoing battle between the attackers and defenders is full-fledged due to its newest strategies and techniques. Machine learning (ML) has promising outcomes in different research fields including cybersecurity. In this paper, ensemble unsupervised ML approach is used to implement an intrusion detection system which has the noteworthy accuracy to detect DDoS attacks. The goal of this research is to increase the DDoS attack detection accuracy while decreasing the false positive rate. The NSL-KDD dataset and twelve feature sets from existing research are used for experimentation to compare our ensemble results with those of our individual and other existing models.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Lee, Y.-J., Baik, N.-K., Kim, C., Yang, C.-N.: Study of detection method for spoofed ip against DDoS attacks. Pers. Ubiquitous Comput. 22(1), 35–44 (2018)
NETSCOUT Report. https://www.netscout.com/report/. Accessed 10 July 2019
Specht, S.M., Ruby B.L.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems (2004)
Dietterich, T.G.: Ensemble methods in machine learning. In: International Workshop on Multiple Classifier Systems. Springer, Heidelberg (2000)
Aburomman, A.A., Reaz, M.B.I.: A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput. Secur. 65, 135–152 (2017)
Noureldien, N.A., Yousif, I.M.: Accuracy of machine learning algorithms in detecting DoS attacks types. Sci. Technol. 6(4), 89–92 (2016)
Olusola, A.A., Oladele, A.S., Abosede, D.O.: Analysis of KDD’99 intrusion detection dataset for selection of relevance features. In: Proceedings of the World Congress on Engineering and Computer Science, WCECS, vol. 1 (2010)
Osanaiye, O., et al.: Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)
Ambusaidi, M.A., et al.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)
Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging ensemble method of machine learning. In: 2015 International Conference on Computing Communication Control and Automation. IEEE (2015)
Shrivas, A.K., Dewangan, A.K.: An ensemble model for classification of attacks with feature selection based on KDD99 and NSL-KDD data set. Int. J. Comput. Appl. 99(15), 8–13 (2014)
Tesfahun, A., Bhaskari, D.L.: Intrusion detection using random forests classifier with SMOTE and feature reduction. In: 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies. IEEE (2013)
Haq, N.F., et al.: Application of machine learning approaches in intrusion detection system: a survey. IJARAI-Int. J. Adv. Res. Artif. Intell. 4(3), 9–18 (2015)
Yusof, A.R., Udzir, N.I., Selamat, A.: Systematic literature review and taxonomy for DDoS attack detection and prediction. Int. J. Digit. Enterp. Technol. 1(3), 292–315 (2019)
Belavagi, M.C., Muniyal, B.: Performance evaluation of supervised machine learning algorithms for intrusion detection. Procedia Comput. Sci. 89, 117–123 (2016)
Ashfaq, R.A.R., et al.: Fuzziness based semi-supervised learning approach for intrusion detection system. Inf. Sci. 378, 484–497 (2017)
Perez, D., et al.: Intrusion detection in computer networks using hybrid machine learning techniques. In: 2017 XLIII Latin American Computer Conference (CLEI). IEEE (2017)
Villalobos, J.J., Rodero, I., Parashar, M.: An unsupervised approach for online detection and mitigation of high-rate DDoS attacks based on an in-memory distributed graph using streaming data and analytics. In: Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies. ACM (2017)
Jabez, J., Muthukumar, B.: Intrusion detection system (IDS): anomaly detection using outlier detection approach. Procedia Comput. Sci. 48, 338–346 (2015)
Smyth, P., Wolpert, D.: Stacked density estimation. In: Advances in Neural Information Processing Systems (1998)
Hosseini, S., Azizi, M.: The hybrid technique for DDoS detection with supervised learning algorithms. Comput. Netw. 158, 35–45 (2019)
Canadian Institute for Cybersecurity, Datasets/NSL-KDD. https://www.unb.ca/cic/datasets/nsl.html. Accessed 10 July 2019
Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (2009)
Das, S., Mahfouz, A.M., Venugopal, D., Shiva, S.: DDoS intrusion detection through machine learning ensemble. In: 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 471–477. IEEE, July 2019
One-Class classification. https://en.wikipedia.org/wiki/One-class_classification. Accessed 10 July 2019
Microsoft, One-Class Support Vector Machine. https://docs.microsoft.com/en-us/azure/machine-learning/studio-module-reference/one-class-support-vector-machine. Accessed 10 July 2019
Scikit learn, Novelty and Outlier Detection. https://scikit-learn.org/stable/modules/outlier_detection.html. Accessed 10 July 2019
Scikit learn, Isolation Forest. https://scikit-learn.org/stable/modules/generated/sklearn.ensemble.IsolationForest.html. Accessed 10 July 2019
Scikit learn. https://scikit-learn.org. Accessed 10 July 2019
Kanakarajan, N.K., Muniasamy, K.: Improving the accuracy of intrusion detection using GAR-Forest with feature selection. In: Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015. Springer, New Delhi (2016)
Pajouh, H.H., Dastghaibyfard, G.H., Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)
Pervez, M.S., Farid, D.Md.: Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014). IEEE (2014)
Das, S., Shiva, S.: CoRuM: collaborative runtime monitor framework for application security. In: 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion). IEEE (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Das, S., Venugopal, D., Shiva, S. (2020). A Holistic Approach for Detecting DDoS Attacks by Using Ensemble Unsupervised Machine Learning. In: Arai, K., Kapoor, S., Bhatia, R. (eds) Advances in Information and Communication. FICC 2020. Advances in Intelligent Systems and Computing, vol 1130. Springer, Cham. https://doi.org/10.1007/978-3-030-39442-4_53
Download citation
DOI: https://doi.org/10.1007/978-3-030-39442-4_53
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-39441-7
Online ISBN: 978-3-030-39442-4
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)