Abstract
Recently, as the serious damage caused by DDoS attacks increases, the rapid detection of the attack and the proper response mechanisms are urgent. Signature based DDoS detection systems cannot detect new attacks. Current anomaly based detection systems are also unable to detect all kinds of new attacks, because they are designed to restricted applications on limited environments. However, existing security mechanisms do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method. Also lot of research work has been done in detecting the attacks using machine learning techniques. Still what are the relevant features and which technique will be more suitable one for the attack detection is an open question. In this paper, we use the chi-square and Information gain feature selection mechanisms for selecting the important attributes. With the selected attributes, various machine learning models, like Navies Bayes, C4.5, SVM, KNN, K-means and Fuzzy c-means clustering are developed for efficient detection of DDoS attacks. Then our experimental results show that Fuzzy c-means clustering gives better accuracy in identifying the attacks.
This work is a part of the Collaborative Directed Basic Research on Smart and Secure Environment project, funded by NTRO and AISRF.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
References
Anitha, N.: An Investigation into the detection and Mitigation of Denial of Service (DoS) Attacks, Monograph. Springer, Heidelberg (in press, 2011)
A Tutorial on Clustering Algorithms, http://Clustering-FuzzyC-means.htm
Cheng, J., Yin, J., Liu, Y., Cai, Z., Li, M.: DDoS Attack Detection Algorithm Using IP Address Features. In: Deng, X., Hopcroft, J., Xue, J. (eds.) FAW 2009. LNCS, vol. 5598, pp. 207–215. Springer, Heidelberg (2009)
Erskin, E., Arnold, A., Prerau, M., Portnoy, L.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbará, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security, pp. 77–102. Kluwer, Dordrecht (2002)
Jin, S., Yeung, D.S.: A covariance analysis model for ddos attack detection. In: Proceedings of IEEE International Conference on Communications, June 20-24, vol. 4, pp. 1882–1886. IEEE, Los Alamitos (2004)
Jang, J.-S.R., Sun, C.-T., Mizutani, E.: Data Clustering Algorithms. In: Neuro-Fuzzy and Soft Computing – A Computational Approach to Learning and Machine Intelligence. ch.15, pp. 423–433. Prentice-Hall, Inc., Englewood Cliffs (1997)
Kim, D., Park, J.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)
KNIME, http://www.knime.org (accessed February 7, 2011)
Jalil, K.A., Masrek, M.N.: Comparison of Machine Learning Algorithms Performance in Detection Network Intrusion. In: International Conference on Networking and Information Technology, pp. 221–226. IEEE, Los Alamitos (2010)
Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS Attack Detection Method using Cluster Analysis. Expert Systems with Applications 34, 1659–1665 (2008)
Panda, M., Patra, M.R.: Evaluating Machine Learning Algorithms for Detecting Network Intrusions. International Journal of Recent Trends in Engineering 1(1), 472–477 (2009)
Kim, M., Na, H., Chae, K., Bang, H., Na, H.: A Combine Datamining Approach for DDoS Attack Detection. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 943–950. Springer, Heidelberg (2004)
Mitchell, T.: Machine Learning. McGraw Hill, New York (1997)
Nguyen, H.V., Choi, Y.: Proactive Detection of DDoS Attacks Utilizing K-NN Classifier in an Anti-DDos Framework. International Journal of Electrical and Electronics Engineering 4(4), 247–252 (2009)
Paruchuri, V., Durresi, A., Chellappan, S.: TTL based Packet Marking for IP Traceback. In: Proceedings of the IEEE Global Telecommunications Conference, November 30 - Decmber 4, pp. 2552–2556. IEEE, LA (2008)
Kabiri, P., Zargar, G.R.: Category-Based Selection of Effective Parameters for Intrusion Detection. IJCSNS International Journal of Computer Science and Network Security 9(9) (September 2009)
Seo, J., Lee, C., Shon, T., Cho, K.H., Moon, J.: A New DDoS Detection Model Using Multiple SVMs and TRA. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 976–985. Springer, Heidelberg (2005)
Xu, T., He, D., Luo, Y.: DDoS Attack Detection Based on RLT Features. In: Proceedings of the International Conference on Computational Intelligence and Security, China, December 15-19, pp. 697–701 (2007)
Xu, T., He, D.K., Zheng, Y.: Detecting DDoS Attack Based on One-Way Connection Density. In: Proceedings of IEEE International Conference on Communications, Singapore, pp. 1–5 (October 2006)
UCSD Network Telescope – Code-Red Worms Dataset. The Cooperative As-sociation for Internet Data Analysis (2001), http://www.caida.org/data/passive/codered_worms_dataset.xml: (accessed February 7, 2009)
Vapnik, V.: The Nature of Statitical Learning Theory. Springer, Heidelberg (1995)
Wang, W., Gombault, S.: Efficient detection of DDoS attacks with important attributes. In: Proceedings of the Third International Conference on Risks and Security of Internet and Systems, pp. 61–67 (October 2008)
Yuan, J., Mills, K.: Monitoring the Macroscopic Effect of DDoS Flooding Attacks. IEEE Transactions on Dependable and Secure Computing 2, 324–335 (2005)
Zargar, G.R., Kabiri, P.: Identification of effective network features for prob-ing attack detection. In: Proceedings of the First International Conference on Networked Digital Technologies, pp. 392–397 (July 2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Suresh, M., Anitha, R. (2011). Evaluating Machine Learning Algorithms for Detecting DDoS Attacks. In: Wyld, D.C., Wozniak, M., Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Advances in Network Security and Applications. CNSA 2011. Communications in Computer and Information Science, vol 196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22540-6_42
Download citation
DOI: https://doi.org/10.1007/978-3-642-22540-6_42
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22539-0
Online ISBN: 978-3-642-22540-6
eBook Packages: Computer ScienceComputer Science (R0)