Research Article
PDF Mendeley EndNote BibTex Cite

DETECTION OF DDOS ATTACKS WITH MACHINE LEARNING ALGORITHMS

Year 2021, Volume 1, Issue 3, 221 - 232, 30.10.2021

Abstract

DDoS attacks are the most common type of attack among network attacks. As a result of these attacks, individuals and companies have to deal with problems such as loss of money, reputation and time. Although different methods and systems have been tried to prevent attacks, it cannot be said that the problems have been completely eliminated. One of the solutions to problems is to detect attacks early. This study aims to classify attacks with machine learning methods to detect DDoS attacks. In the study, the data in the selected data set was optimized and K-Nearest Neighbors, Multi Layer Perceptron, Support Vector Machine and Random Forest classifier models were developed. ROC curves and Precision, Recall, F1-Score and Accuracy metrics were used in the evaluation. The highest accuracy rate of 99% was reached in the Multi Layer Perceptron model.

References

  • Aamir, M., & Zaidi, S. A., “Clustering based semi-supervised machine learning for DDoS attack classification”, Journal of King Saud University, Feb. 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S131915781831067X?via%3Dihub
  • Arivudainambi, D., Varun, K. K., Sibi, C. S., & Visu, P., “Malware traffic classification using principal component analysis and artificial neural network for extreme surveillance”, Computer Communications, vol. 147, pp. 50-57, Nov. 2019, doi: 10.1016/j.comcom.2019.08.003
  • Branitskiy, A., & Kotenko, I., “Hybridization of computational intelligence methods for attackdetection in computer networks”, Journal of Computational Science, vol. 23, pp. 145-156, Nov. 2017, doi: 10.1016/j.jocs.2016.07.010
  • Cao, Y., Wang, Z., Qian, Z., Song, C., Krisnamurhy, S., & Yu, P., “Principled Unearthing of TCP Side Channel Vulnerabilities”, presented at 2019 ACM SIGSAG Conference on Computer and Communication Security, London, UK, Nov. 11-15, 2019
  • DDoS attack network logs dataset, www.kaggle.com, [Online]. Available: https://www.kaggle.com/jacobvs/ddos-attack-network-logs (Erişim 1 Ocak 2021)
  • Deka, R. K., Bhattacharyya, D. K., & Kalita, J. K., “Active learning to detect DDoS attack using ranked features”, Computer Communications, vol. 145, pp. 203-222, Sep. 2019, doi: 10.1016/j.comcom.2019.06.010
  • Deore, S., & Patil, A., “Survey Denial of Service classification and attack with Protect Mechanism for TCP SYN Flooding Attacks.”, International Research Journal of Engineering and Technology (IRJET) , vol. 3, no. 5, pp. 1736-1739, May, 2016.
  • Dimitrios, K., Apostolos, P., Maglaras, L., Moschoyiannis, S., Aparicio-Navarro, F. .., Argyriou, A., & Janicke, H., “A novel Intrusion Detection System against spoofing attacks in connected Electric Vehicles”, Array, vol. 5, March 2020, Art. no. 100013.
  • Gavaskar, S., Surendiran, R., & Ramaraj, D., “Three Counter Defense Mechanism for TCP SYN Flooding Attacks”, International Journal of Computer Applications, vol. 6, no.6 Sep, 2010
  • Hoo, Z. H., Candlish, J., & Teare, D., “What is an ROC curve?”, Emergency Medicine J, vol. 34, Mar. 2017, Art. no. 206735. doi: 10.1136/emermed-2017-206735
  • Kariyer Uygulama ve Araştırma Merkezi. “FileHandler2.ashx”. http://kariyer.istanbul.edu.tr. http://cdn.istanbul.edu.tr/FileHandler2.ashx?f=bilisimdekariyer2.pdf (Erişim 3 Ocak 2021)
  • Kothari, N., Mahajan, R., Millstein, T., Govindan, R., & Musuvathi, M., “Finding Protocol Manipulation Attacks”, Association for Computing Machinery , presented at SIGCOMM'11 , Toronto, Aug. 2011, pp. 26-37, doi: 10.1145/2018436.2018440
  • Kührer, M., Hupperich, T., Rossow, C., & Holz, “Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.”, presented at Woot'14, San Diego CA, USA, Aug 19, 2014
  • Li, W., Meng, W., Kwok, L.-F., & Ip, H., “Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model”, Journal of Network and Computer Applications, vol. 77, pp. 135-145, Jan, 2017, doi: 10.1016/j.jnca.2016.09.014
  • Liu, H., Lang, B., Liu, M., & Yan, H., “CNN and RNN based payload classification methods for attack detection”, Knowledge-Based Systems, vol. 163, pp. 332-341, Jan. 2019, doi: 10.1016/j.knosys.2018.08.036
  • LoDDoS, “DDoS Saldırıları Değerlendirme Raporu”, barikat.com.tr, https://www.barikat.com.tr/docs/LoDDoS_ddos_degerlendirme_raporu.pdf (Erişim 6 Ocak 2021)
  • Lonea, A., Popescu, D., & Tianfield, H., “Detecting DDoS Attacks in Cloud Computing Environment”, International Journal of Computers Communications & Control, vol. 8, no. 1, pp. 70-78, Feb. 2013, doi: 10.15837/ijccc.2013.1.170
  • Maregeli, C. N., “A Study On TCP {SYN Attacks And Their Effects on A Network Infrastructure.”, M.S. Thesis, Dept. Computer Engineering, Delft Unv. of Tech., Delft, Netherlands, 2010
  • Muraleedharan, N., & Janet, B., “A deep learning based HTTP slow DoS classification approach using flow data.”, ICT Express Available:https://www.sciencedirect.com/science/article/pii/S2405959520300965?via%3Dihub (Erişim 10 Ocak 2021)
  • Patel, S. “Chapter 2: SVM (Support Vector Machine) — Theory”. medium.com. https://medium.com/machine-learning-101/chapter-2-svm-support-vector-machine-theory-f0812effc72 (Erişim 24 Aralık 2020)
  • SaiSindhuTheja, R., & Shyam, G. K., “An efficient metaheuristic algorithm based feature selection and recurrent neural network for DoS attack detection in cloud computing environment”, Applied Soft Computing, vol. 100, Mar. 2021, Art. no. 106997, doi: 10.1016/j.asoc.2020.106997
  • Schott, M. “K-Nearest Neighbors (KNN) Algorithm for Machine Learning”. medium.com. https://medium.com/capital-one-tech/k-nearest-neighbors-knn-algorithm-for-machine-learning-e883219c8f26 (Erişim 6 Ocak 2021)
  • Schott, M. “Random Forest Algorithm for Machine Learning”. medium.com. https://medium.com/capital-one-tech/random-forest-algorithm-for-machine-learning-c4b2c8cc9feb (Erişim 4 Ocak 2021)
  • Silva, L., & Coury, D., “Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks”, Computers and Electrical Engineering, vol. 87, Oct. 2020, Art. no. 106793, doi: 10.1016/j.compeleceng.2020.106793
  • Singh, K., Singh, P., & Kumar, K., “User behavior analytics-based classification of application layer HTTP-GET flood attacks”, Journal of Network and Computer Applications, vol. 112, pp. 97-114, June. 2018, doi: 10.1016/j.jnca.2018.03.030
  • Skalski, P. “Deep Dive into Math Behind Deep Networks”. towardsdatascience.com. https://towardsdatascience.com/https-medium-com-piotr-skalski92-deep-dive-into-deep-networks-math-17660bc376ba (Erişim 8 Ocak 2021)
  • Tekerek, A., “A novel architecture for web-based attack detection using convolutional network”, Computers&Security, vol. 100, Jan. 2021, Art. no. 102096.
  • Tertytchny, G., Nicolaou, N., & Michael, M., “ Classifying network abnormalities into faults and attacks in IoT-based cyber physical systems using machine learning”, Microprocessors and Microsystems, vol. 77, Sep. 2020, Art. no. 103121, doi: 10.1016/j.micpro.2020.103121
  • Volkov, S. S., & Kurochkinc, I. I., “Network attacks classification using Long Short-term memory based neural networks in Software-Defined Networks”, Procedia Computer Science, vol. 178, pp. 394-403, Nov. 2020, doi: 10.1016/j.procs.2020.11.041
  • Zubair, A., Surasak, S., Firdous, S. N., Vo, V. N., Nguyen, T. G., & Chachai, S.-I., “Averaged dependence estimators for DoS attack detection in IoT networks”, Future Generation Computer Systems, vol. 102, pp. 198-209, Jan. 2020, doi: 10.1016/j.future.2019.08.007

DDOS SALDIRILARININ MAKİNE ÖĞRENİMİ ALGORİTMALARIYLA TESPİTİ

Year 2021, Volume 1, Issue 3, 221 - 232, 30.10.2021

Abstract

DDoS saldırıları, network saldırıları içerisinde en sık rastlanan saldırı türüdür. Bu saldırılar sonucunda bireyler ve şirketler para, itibar ve zaman kaybı gibi sorunlarla uğraşmak zorunda kalmaktadırlar. Saldırıları önleme amaçlı farklı yöntem ve sistemler denenmekle birlikte sorunların tamamen ortadan kalktığı söylenemez. Sorunlara çözüm önerilerinden birisi saldırıların erken tespit edilmesidir. Bu çalışma; DDoS saldırılarının tespiti için saldırıların makine öğrenmesi yöntemleriyle sınıflandırılmasını amaçlamaktadır. Çalışmada, seçilen veri setindeki veriler optimize edilmiş ve K-Nearest Neighbours, Multi Layer Perceptron, Support Vector Machine ve Random Forest sınıflayıcı modelleri geliştirilmiştir. Değerlendirmede ROC eğrileri ile Precision, Recall, F1-Score ve Accuracy metriklerinden yararlanılmıştır. En yüksek doğruluk oranı olan %99’a Multi Layer Perceptron modelinde ulaşılmıştır.

References

  • Aamir, M., & Zaidi, S. A., “Clustering based semi-supervised machine learning for DDoS attack classification”, Journal of King Saud University, Feb. 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S131915781831067X?via%3Dihub
  • Arivudainambi, D., Varun, K. K., Sibi, C. S., & Visu, P., “Malware traffic classification using principal component analysis and artificial neural network for extreme surveillance”, Computer Communications, vol. 147, pp. 50-57, Nov. 2019, doi: 10.1016/j.comcom.2019.08.003
  • Branitskiy, A., & Kotenko, I., “Hybridization of computational intelligence methods for attackdetection in computer networks”, Journal of Computational Science, vol. 23, pp. 145-156, Nov. 2017, doi: 10.1016/j.jocs.2016.07.010
  • Cao, Y., Wang, Z., Qian, Z., Song, C., Krisnamurhy, S., & Yu, P., “Principled Unearthing of TCP Side Channel Vulnerabilities”, presented at 2019 ACM SIGSAG Conference on Computer and Communication Security, London, UK, Nov. 11-15, 2019
  • DDoS attack network logs dataset, www.kaggle.com, [Online]. Available: https://www.kaggle.com/jacobvs/ddos-attack-network-logs (Erişim 1 Ocak 2021)
  • Deka, R. K., Bhattacharyya, D. K., & Kalita, J. K., “Active learning to detect DDoS attack using ranked features”, Computer Communications, vol. 145, pp. 203-222, Sep. 2019, doi: 10.1016/j.comcom.2019.06.010
  • Deore, S., & Patil, A., “Survey Denial of Service classification and attack with Protect Mechanism for TCP SYN Flooding Attacks.”, International Research Journal of Engineering and Technology (IRJET) , vol. 3, no. 5, pp. 1736-1739, May, 2016.
  • Dimitrios, K., Apostolos, P., Maglaras, L., Moschoyiannis, S., Aparicio-Navarro, F. .., Argyriou, A., & Janicke, H., “A novel Intrusion Detection System against spoofing attacks in connected Electric Vehicles”, Array, vol. 5, March 2020, Art. no. 100013.
  • Gavaskar, S., Surendiran, R., & Ramaraj, D., “Three Counter Defense Mechanism for TCP SYN Flooding Attacks”, International Journal of Computer Applications, vol. 6, no.6 Sep, 2010
  • Hoo, Z. H., Candlish, J., & Teare, D., “What is an ROC curve?”, Emergency Medicine J, vol. 34, Mar. 2017, Art. no. 206735. doi: 10.1136/emermed-2017-206735
  • Kariyer Uygulama ve Araştırma Merkezi. “FileHandler2.ashx”. http://kariyer.istanbul.edu.tr. http://cdn.istanbul.edu.tr/FileHandler2.ashx?f=bilisimdekariyer2.pdf (Erişim 3 Ocak 2021)
  • Kothari, N., Mahajan, R., Millstein, T., Govindan, R., & Musuvathi, M., “Finding Protocol Manipulation Attacks”, Association for Computing Machinery , presented at SIGCOMM'11 , Toronto, Aug. 2011, pp. 26-37, doi: 10.1145/2018436.2018440
  • Kührer, M., Hupperich, T., Rossow, C., & Holz, “Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.”, presented at Woot'14, San Diego CA, USA, Aug 19, 2014
  • Li, W., Meng, W., Kwok, L.-F., & Ip, H., “Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model”, Journal of Network and Computer Applications, vol. 77, pp. 135-145, Jan, 2017, doi: 10.1016/j.jnca.2016.09.014
  • Liu, H., Lang, B., Liu, M., & Yan, H., “CNN and RNN based payload classification methods for attack detection”, Knowledge-Based Systems, vol. 163, pp. 332-341, Jan. 2019, doi: 10.1016/j.knosys.2018.08.036
  • LoDDoS, “DDoS Saldırıları Değerlendirme Raporu”, barikat.com.tr, https://www.barikat.com.tr/docs/LoDDoS_ddos_degerlendirme_raporu.pdf (Erişim 6 Ocak 2021)
  • Lonea, A., Popescu, D., & Tianfield, H., “Detecting DDoS Attacks in Cloud Computing Environment”, International Journal of Computers Communications & Control, vol. 8, no. 1, pp. 70-78, Feb. 2013, doi: 10.15837/ijccc.2013.1.170
  • Maregeli, C. N., “A Study On TCP {SYN Attacks And Their Effects on A Network Infrastructure.”, M.S. Thesis, Dept. Computer Engineering, Delft Unv. of Tech., Delft, Netherlands, 2010
  • Muraleedharan, N., & Janet, B., “A deep learning based HTTP slow DoS classification approach using flow data.”, ICT Express Available:https://www.sciencedirect.com/science/article/pii/S2405959520300965?via%3Dihub (Erişim 10 Ocak 2021)
  • Patel, S. “Chapter 2: SVM (Support Vector Machine) — Theory”. medium.com. https://medium.com/machine-learning-101/chapter-2-svm-support-vector-machine-theory-f0812effc72 (Erişim 24 Aralık 2020)
  • SaiSindhuTheja, R., & Shyam, G. K., “An efficient metaheuristic algorithm based feature selection and recurrent neural network for DoS attack detection in cloud computing environment”, Applied Soft Computing, vol. 100, Mar. 2021, Art. no. 106997, doi: 10.1016/j.asoc.2020.106997
  • Schott, M. “K-Nearest Neighbors (KNN) Algorithm for Machine Learning”. medium.com. https://medium.com/capital-one-tech/k-nearest-neighbors-knn-algorithm-for-machine-learning-e883219c8f26 (Erişim 6 Ocak 2021)
  • Schott, M. “Random Forest Algorithm for Machine Learning”. medium.com. https://medium.com/capital-one-tech/random-forest-algorithm-for-machine-learning-c4b2c8cc9feb (Erişim 4 Ocak 2021)
  • Silva, L., & Coury, D., “Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks”, Computers and Electrical Engineering, vol. 87, Oct. 2020, Art. no. 106793, doi: 10.1016/j.compeleceng.2020.106793
  • Singh, K., Singh, P., & Kumar, K., “User behavior analytics-based classification of application layer HTTP-GET flood attacks”, Journal of Network and Computer Applications, vol. 112, pp. 97-114, June. 2018, doi: 10.1016/j.jnca.2018.03.030
  • Skalski, P. “Deep Dive into Math Behind Deep Networks”. towardsdatascience.com. https://towardsdatascience.com/https-medium-com-piotr-skalski92-deep-dive-into-deep-networks-math-17660bc376ba (Erişim 8 Ocak 2021)
  • Tekerek, A., “A novel architecture for web-based attack detection using convolutional network”, Computers&Security, vol. 100, Jan. 2021, Art. no. 102096.
  • Tertytchny, G., Nicolaou, N., & Michael, M., “ Classifying network abnormalities into faults and attacks in IoT-based cyber physical systems using machine learning”, Microprocessors and Microsystems, vol. 77, Sep. 2020, Art. no. 103121, doi: 10.1016/j.micpro.2020.103121
  • Volkov, S. S., & Kurochkinc, I. I., “Network attacks classification using Long Short-term memory based neural networks in Software-Defined Networks”, Procedia Computer Science, vol. 178, pp. 394-403, Nov. 2020, doi: 10.1016/j.procs.2020.11.041
  • Zubair, A., Surasak, S., Firdous, S. N., Vo, V. N., Nguyen, T. G., & Chachai, S.-I., “Averaged dependence estimators for DoS attack detection in IoT networks”, Future Generation Computer Systems, vol. 102, pp. 198-209, Jan. 2020, doi: 10.1016/j.future.2019.08.007

Details

Primary Language Turkish
Subjects Computer Science, Information System
Journal Section Research Articles
Authors

Serdar ASARKAYA (Primary Author)
SİVAS BİLİM VE TEKNOLOJİ ÜNİVERSİTESİ
0000-0002-4790-1709
Türkiye


Oğuz KAYNAR This is me
SİVAS CUMHURİYET ÜNİVERSİTESİ
0000-0003-2387-4053
Türkiye


İlkay YELMEN This is me
Turkcell Teknoloji
0000-0002-1684-9717
Türkiye


Fazlı YILDIRIM This is me
FENERBAHÇE ÜNİVERSİTESİ
0000-0002-8142-0466
Türkiye


Metin ZONTUL This is me
İSTANBUL AREL ÜNİVERSİTESİ
0000-0002-7557-2981
Türkiye

Publication Date October 30, 2021
Application Date October 20, 2021
Acceptance Date October 28, 2021
Published in Issue Year 2021, Volume 1, Issue 3

Cite

APA Asarkaya, S. , Kaynar, O. , Yelmen, İ. , Yıldırım, F. & Zontul, M. (2021). DDOS SALDIRILARININ MAKİNE ÖĞRENİMİ ALGORİTMALARIYLA TESPİTİ . Tasarım Mimarlık ve Mühendislik Dergisi , 1 (3) , 221-232 . Retrieved from https://dergipark.org.tr/en/pub/dae/issue/65809/1024382