As more organizations and businesses in different sectors are moving to a digital transformation, there is a steady increase in malware, facing data theft or service interruptions caused by cyberattacks on network or application that impact their customer experience. Bot and Distributed Denial of Service (DDoS) attacks consistently challenge every industry relying on the internet. In this paper, we focus on Machine Learning techniques to detect DDoS attack in network communication flows using continuous learning algorithm that learns the normal pattern of network traffic, behavior of the network protocols and identify a compromised network flow. Detection of DDoS attack will help the network administrators to take immediate action and mitigate the impact of such attacks. DDoS attacks are costing enterprises anywhere between $50,000 to $2.3 million per year. We performed experiments with Intrusion Detection Evaluation Dataset (CICIDS2017) available from Canadian Institute for Cybersecurity to detect anomalies in network traffic. We use flow based traffic characteristics to analyze the difference in pattern between normal vs anomaly packet.We evaluate several supervised classification algorithms using metrics like maximum detection accuracy, lowest false negatives prediction, time taken to train and run. We prove that decision tree based Random Forest is the most promising algorithm whereas Dense Neural network performs equally well on certain DDoS types but require more samples to improve the accuracy of low sampled attacks.
Lopez, Alma D.; Mohan, Asha P.; and Nair, Sukumaran
"Network Traffic Behavioral Analytics for Detection of DDoS Attacks,"
SMU Data Science Review: Vol. 2:
1, Article 14.
Available at: https://scholar.smu.edu/datasciencereview/vol2/iss1/14
Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 4.0 License