DDOS SALDIRILARININ MAKİNE ÖĞRENİMİ ALGORİTMALARIYLA TESPİTİ

Year 2021, Volume: 1 Issue: 3, 221 - 232, 30.10.2021

Serdar Asarkaya Oğuz Kaynar İlkay Yelmen Fazlı Yıldırım Metin Zontul

Abstract

DDoS saldırıları, network saldırıları içerisinde en sık rastlanan saldırı türüdür. Bu saldırılar sonucunda bireyler ve şirketler para, itibar ve zaman kaybı gibi sorunlarla uğraşmak zorunda kalmaktadırlar. Saldırıları önleme amaçlı farklı yöntem ve sistemler denenmekle birlikte sorunların tamamen ortadan kalktığı söylenemez. Sorunlara çözüm önerilerinden birisi saldırıların erken tespit edilmesidir. Bu çalışma; DDoS saldırılarının tespiti için saldırıların makine öğrenmesi yöntemleriyle sınıflandırılmasını amaçlamaktadır. Çalışmada, seçilen veri setindeki veriler optimize edilmiş ve K-Nearest Neighbours, Multi Layer Perceptron, Support Vector Machine ve Random Forest sınıflayıcı modelleri geliştirilmiştir. Değerlendirmede ROC eğrileri ile Precision, Recall, F1-Score ve Accuracy metriklerinden yararlanılmıştır. En yüksek doğruluk oranı olan %99’a Multi Layer Perceptron modelinde ulaşılmıştır.

Keywords

DDoS, Network Saldırıları, Makine Öğrenimi, Sınıflandırma, Multi Layer Perceptron

DETECTION OF DDOS ATTACKS WITH MACHINE LEARNING ALGORITHMS

Abstract

DDoS attacks are the most common type of attack among network attacks. As a result of these attacks, individuals and companies have to deal with problems such as loss of money, reputation and time. Although different methods and systems have been tried to prevent attacks, it cannot be said that the problems have been completely eliminated. One of the solutions to problems is to detect attacks early. This study aims to classify attacks with machine learning methods to detect DDoS attacks. In the study, the data in the selected data set was optimized and K-Nearest Neighbors, Multi Layer Perceptron, Support Vector Machine and Random Forest classifier models were developed. ROC curves and Precision, Recall, F1-Score and Accuracy metrics were used in the evaluation. The highest accuracy rate of 99% was reached in the Multi Layer Perceptron model.

Keywords

DDoS, Network Attacks, Machine Learning, Classification, Multi Layer Perceptron

References

• Aamir, M., & Zaidi, S. A., “Clustering based semi-supervised machine learning for DDoS attack classification”, Journal of King Saud University, Feb. 2019. [Online]. Available: https://www.sciencedirect.com/science/article/pii/S131915781831067X?via%3Dihub
• Arivudainambi, D., Varun, K. K., Sibi, C. S., & Visu, P., “Malware traffic classification using principal component analysis and artificial neural network for extreme surveillance”, Computer Communications, vol. 147, pp. 50-57, Nov. 2019, doi: 10.1016/j.comcom.2019.08.003
• Branitskiy, A., & Kotenko, I., “Hybridization of computational intelligence methods for attackdetection in computer networks”, Journal of Computational Science, vol. 23, pp. 145-156, Nov. 2017, doi: 10.1016/j.jocs.2016.07.010
• Cao, Y., Wang, Z., Qian, Z., Song, C., Krisnamurhy, S., & Yu, P., “Principled Unearthing of TCP Side Channel Vulnerabilities”, presented at 2019 ACM SIGSAG Conference on Computer and Communication Security, London, UK, Nov. 11-15, 2019
• DDoS attack network logs dataset, www.kaggle.com, [Online]. Available: https://www.kaggle.com/jacobvs/ddos-attack-network-logs (Erişim 1 Ocak 2021)
• Deka, R. K., Bhattacharyya, D. K., & Kalita, J. K., “Active learning to detect DDoS attack using ranked features”, Computer Communications, vol. 145, pp. 203-222, Sep. 2019, doi: 10.1016/j.comcom.2019.06.010
• Deore, S., & Patil, A., “Survey Denial of Service classification and attack with Protect Mechanism for TCP SYN Flooding Attacks.”, International Research Journal of Engineering and Technology (IRJET) , vol. 3, no. 5, pp. 1736-1739, May, 2016.
• Dimitrios, K., Apostolos, P., Maglaras, L., Moschoyiannis, S., Aparicio-Navarro, F. .., Argyriou, A., & Janicke, H., “A novel Intrusion Detection System against spoofing attacks in connected Electric Vehicles”, Array, vol. 5, March 2020, Art. no. 100013.
• Gavaskar, S., Surendiran, R., & Ramaraj, D., “Three Counter Defense Mechanism for TCP SYN Flooding Attacks”, International Journal of Computer Applications, vol. 6, no.6 Sep, 2010
• Hoo, Z. H., Candlish, J., & Teare, D., “What is an ROC curve?”, Emergency Medicine J, vol. 34, Mar. 2017, Art. no. 206735. doi: 10.1136/emermed-2017-206735
• Kariyer Uygulama ve Araştırma Merkezi. “FileHandler2.ashx”. http://kariyer.istanbul.edu.tr. http://cdn.istanbul.edu.tr/FileHandler2.ashx?f=bilisimdekariyer2.pdf (Erişim 3 Ocak 2021)
• Kothari, N., Mahajan, R., Millstein, T., Govindan, R., & Musuvathi, M., “Finding Protocol Manipulation Attacks”, Association for Computing Machinery , presented at SIGCOMM'11 , Toronto, Aug. 2011, pp. 26-37, doi: 10.1145/2018436.2018440
• Kührer, M., Hupperich, T., Rossow, C., & Holz, “Hell of a Handshake: Abusing TCP for Reflective Amplification DDoS Attacks.”, presented at Woot'14, San Diego CA, USA, Aug 19, 2014
• Li, W., Meng, W., Kwok, L.-F., & Ip, H., “Enhancing collaborative intrusion detection networks against insider attacks using supervised intrusion sensitivity-based trust management model”, Journal of Network and Computer Applications, vol. 77, pp. 135-145, Jan, 2017, doi: 10.1016/j.jnca.2016.09.014
• Liu, H., Lang, B., Liu, M., & Yan, H., “CNN and RNN based payload classification methods for attack detection”, Knowledge-Based Systems, vol. 163, pp. 332-341, Jan. 2019, doi: 10.1016/j.knosys.2018.08.036
• LoDDoS, “DDoS Saldırıları Değerlendirme Raporu”, barikat.com.tr, https://www.barikat.com.tr/docs/LoDDoS_ddos_degerlendirme_raporu.pdf (Erişim 6 Ocak 2021)
• Lonea, A., Popescu, D., & Tianfield, H., “Detecting DDoS Attacks in Cloud Computing Environment”, International Journal of Computers Communications & Control, vol. 8, no. 1, pp. 70-78, Feb. 2013, doi: 10.15837/ijccc.2013.1.170
• Maregeli, C. N., “A Study On TCP {SYN Attacks And Their Effects on A Network Infrastructure.”, M.S. Thesis, Dept. Computer Engineering, Delft Unv. of Tech., Delft, Netherlands, 2010
• Muraleedharan, N., & Janet, B., “A deep learning based HTTP slow DoS classification approach using flow data.”, ICT Express Available:https://www.sciencedirect.com/science/article/pii/S2405959520300965?via%3Dihub (Erişim 10 Ocak 2021)
• Patel, S. “Chapter 2: SVM (Support Vector Machine) — Theory”. medium.com. https://medium.com/machine-learning-101/chapter-2-svm-support-vector-machine-theory-f0812effc72 (Erişim 24 Aralık 2020)
• SaiSindhuTheja, R., & Shyam, G. K., “An efficient metaheuristic algorithm based feature selection and recurrent neural network for DoS attack detection in cloud computing environment”, Applied Soft Computing, vol. 100, Mar. 2021, Art. no. 106997, doi: 10.1016/j.asoc.2020.106997
• Schott, M. “K-Nearest Neighbors (KNN) Algorithm for Machine Learning”. medium.com. https://medium.com/capital-one-tech/k-nearest-neighbors-knn-algorithm-for-machine-learning-e883219c8f26 (Erişim 6 Ocak 2021)
• Schott, M. “Random Forest Algorithm for Machine Learning”. medium.com. https://medium.com/capital-one-tech/random-forest-algorithm-for-machine-learning-c4b2c8cc9feb (Erişim 4 Ocak 2021)
• Silva, L., & Coury, D., “Network traffic prediction for detecting DDoS attacks in IEC 61850 communication networks”, Computers and Electrical Engineering, vol. 87, Oct. 2020, Art. no. 106793, doi: 10.1016/j.compeleceng.2020.106793
• Singh, K., Singh, P., & Kumar, K., “User behavior analytics-based classification of application layer HTTP-GET flood attacks”, Journal of Network and Computer Applications, vol. 112, pp. 97-114, June. 2018, doi: 10.1016/j.jnca.2018.03.030
• Skalski, P. “Deep Dive into Math Behind Deep Networks”. towardsdatascience.com. https://towardsdatascience.com/https-medium-com-piotr-skalski92-deep-dive-into-deep-networks-math-17660bc376ba (Erişim 8 Ocak 2021)
• Tekerek, A., “A novel architecture for web-based attack detection using convolutional network”, Computers&Security, vol. 100, Jan. 2021, Art. no. 102096.
• Tertytchny, G., Nicolaou, N., & Michael, M., “ Classifying network abnormalities into faults and attacks in IoT-based cyber physical systems using machine learning”, Microprocessors and Microsystems, vol. 77, Sep. 2020, Art. no. 103121, doi: 10.1016/j.micpro.2020.103121
• Volkov, S. S., & Kurochkinc, I. I., “Network attacks classification using Long Short-term memory based neural networks in Software-Defined Networks”, Procedia Computer Science, vol. 178, pp. 394-403, Nov. 2020, doi: 10.1016/j.procs.2020.11.041
• Zubair, A., Surasak, S., Firdous, S. N., Vo, V. N., Nguyen, T. G., & Chachai, S.-I., “Averaged dependence estimators for DoS attack detection in IoT networks”, Future Generation Computer Systems, vol. 102, pp. 198-209, Jan. 2020, doi: 10.1016/j.future.2019.08.007