Makine Öğrenimi Tabanlı Hibrit DDoS Saldırı Tahmini

Year 2025, Volume: 15 Issue: 2, 231 - 241, 31.12.2025

Selim Erdaş , Abdullah Erhan Akkaya , Ahmet Arif Aydın

https://doi.org/10.36222/ejt.1670798

https://izlik.org/JA26HZ49NZ

Abstract

Dijitalleşen bu dünyada, çeşitli yazılım sistemlerinin kullanıcıları, veri üretiminden analizine kadar her aşamada bu sistemlerden güvenli bir şekilde yararlanmak istemektedir. Ancak bu hizmetlerin kötü niyetli kişiler tarafından engellenmesi de dünyamızda istenmeyen bir olgudur. Dağıtık Hizmet Engelleme (DDoS) saldırılarının tespiti, artan yaygınlığı nedeniyle önemli olduğundan, bu makale DDoS tespiti için makine öğrenmesi ve hibrit yaklaşımları sunmaktadır. Bu çalışma, DDoS saldırı tespitinde kullanılan popüler CICIDS2017 ve CIC-DDoS2019 veri kümeleri üzerinde gerçekleştirilmiştir. Ayrıca, bu iki veri kümesi birleştirilerek alternatif bir hibrit veri kümesi oluşturulmuştur. Bu çalışmada öncelikle belirtilen veri kümeleri üzerinde Karar Ağaçları (DT), Rastgele Orman (RF), K-En Yakın Komşular (KNN) ve Destek Vektör Makineleri (DVM) makine öğrenimi algoritmaları kullanılmış, ardından her modelin etkinliği kapsamlı bir şekilde değerlendirilmiştir. Ayrıca, kendi güçlü yönlerinden yararlanarak performansı, doğruluğu ve güvenilirliği artırmak için iki makine öğrenimi yöntemini entegre eden hibrit modelleme kullanan veri kümelerini değerlendirdik.Araştırma, hibrit modellerin karmaşık veri setlerinde %99,91'e kadar doğruluk elde edebileceğini göstermiştir.Araştırmamızda, mevcut literatürde kullanılanlara bir alternatif oluşturmak için iki önemli veri kümesini birleştirdik.Makine öğrenimi yöntemlerinin hibrit uygulaması, DDoS tespit doğruluğunu önemli ölçüde artırdı ve yerleşik yaklaşımların hibrit versiyonlarına göre karmaşık veri kümelerinde performansı optimize etti.Ayrıca, sonuçlarımız siber güvenlik tespit tekniklerinin verimliliğini ve esnekliğini artırmayı ve gelecekteki araştırmalar için bir temel oluşturmayı amaçlamaktadır.

Keywords

makine öğrenmesi , DDoS , Hibrit Algoritmalar , CICIDS2017 , CIC-DDoS2019 , Hibrit Veriseti

Machine Learning Based Hybrid DDoS Attack Prediction

https://izlik.org/JA26HZ49NZ

Abstract

In this digitalized world, users of various software systems would like to securely make use of it at every stage from data generation to analysis. However, blocking these services by malicious people is also an undesirable phenomenon in our world. Since Distributed Denial of Service (DDoS) attack detection is important due to its increasing prevalence, this paper presents machine learning and hybrid approaches for DDoS detection. This study was performed on the popular CICIDS2017 and CIC-DDoS2019 datasets used in DDoS attack detection. Also, an alternative hybrid dataset is created by combining these two datasets. This study initially employed Decision Trees (DT), Random Forest (RF), K-Nearest Neighbors (KNN), and Support Vector Machines (SVM) machine learning algorithms on the specified datasets, thereafter conducting a comprehensive assessment of each model's efficacy. We further evaluated the datasets employing hybrid modeling that integrates two machine learning methods to enhance performance, accuracy, and dependability by leveraging their respective strengths. The investigation demonstrated that hybrid models may get an accuracy of up to 99.91% on complex data sets. In our research, we combined two important datasets to construct an alternative to those utilized in existing literature. The hybrid application of machine learning methods markedly enhanced DDoS detection accuracy and optimized performance on complex datasets relative to hybrid versions of established approaches. Moreover, our results aim to improve the efficiency and flexibility of cybersecurity detection techniques and to create a foundation for future research.

Keywords

Machine Learning , Hybrid Algorithms , DDoS , CICIDS2017 , CIC-DDoS2019 , Hybrid Dataset

References

• [1] T. B. Doguc and A. A. Aydin, “CAP-based Examination of Popular NoSQL Database Technologies in Streaming Data Processing,” in 2019 International Artificial Intelligence and Data Processing Symposium (IDAP), IEEE, Sep. 2019, pp. 1–6. doi: 10.1109/IDAP.2019.8875874.
• [2] T. B. DOGUC and A. A. AYDIN, “Designing a platform for Tweet Collection, Analytics and Storage (TweetCASP),” Computer Science, vol. 55, no. 35, pp. 165–171, Aug. 2023, doi: 10.53070/bbd.1344271.
• [3] U. Kekevi and A. A. Aydin, “Real-Time Big Data Processing and Analytics: Concepts, Technologies, and Domains,” Computer Science, vol. 7, no. 2, pp. 111–123, Nov. 2022, doi: 10.53070/bbd.1204112.
• [4] A. A. Aydin, “A Comparative Perspective on Technologies of Big Data Value Chain,” IEEE Access, vol. 11, no. October, pp. 112133–112146, 2023, doi: 10.1109/ACCESS.2023.3323160.
• [5] F. O. Catak and A. F. Mustacoglu, “Distributed denial of service attack detection using autoencoder and deep neural networks,” Journal of Intelligent & Fuzzy Systems, vol. 37, no. 3, pp. 3969–3979, Oct. 2019, doi: 10.3233/JIFS-190159.
• [6] H. A. Alamri and V. Thayananthan, “Bandwidth Control Mechanism and Extreme Gradient Boosting Algorithm for Protecting Software-Defined Networks Against DDoS Attacks,” IEEE Access, vol. 8, pp. 194269–194288, 2020, doi: 10.1109/ACCESS.2020.3033942.
• [7] Amit Dogra and Taqdir, “Enhancing DDoS Attack Detection and Network Resilience Through Ensemble-Based Packet Processing and Bandwidth Optimization,” International Research Journal on Advanced Engineering Hub (IRJAEH), vol. 2, no. 04, pp. 930–937, Apr. 2024, doi: 10.47392/IRJAEH.2024.0130.
• [8] M. A. Aladaileh, M. Anbar, A. J. Hintaw, I. H. Hasbullah, A. A. Bahashwan, and S. Al-Sarawi, “Renyi Joint Entropy-Based Dynamic Threshold Approach to Detect DDoS Attacks against SDN Controller with Various Traffic Rates,” Applied Sciences, vol. 12, no. 12, p. 6127, Jun. 2022, doi: 10.3390/app12126127.
• [9] M. A. Owaid and A. S. Hammoodi, “Evaluating Machine Learning and Deep Learning Models for Enhanced DDoS Attack Detection,” Mathematical Modelling of Engineering Problems, vol. 11, no. 2, pp. 493–499, Feb. 2024, doi: 10.18280/mmep.110221.
• [10] C. Group, “Cyberthreat Defense Report,” 2023. [Online]. Available: https://www.cyberedgegroup.com/wp-content/uploads/2023/04/CyberEdge-2023-CDR-Report-v1.0.pdf
• [11] D. Kumar, R. K. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, “DDoS Detection using Deep Learning,” Procedia Comput Sci, vol. 218, pp. 2420–2429, 2023, doi: 10.1016/j.procs.2023.01.217.
• [12] D. Akgun, S. Hizal, and U. Cavusoglu, “A new DDoS attacks intrusion detection model based on deep learning for cybersecurity,” Comput Secur, vol. 118, p. 102748, Jul. 2022, doi: 10.1016/j.cose.2022.102748.
• [13] A. E. Cil, K. Yildiz, and A. Buldu, “Detection of DDoS attacks with feed forward based deep neural network model,” Expert Syst Appl, vol. 169, no. April 2020, p. 114520, May 2021, doi: 10.1016/j.eswa.2020.114520.
• [14] M. V. O. Assis, L. F. Carvalho, J. Lloret, and M. L. Proença, “A GRU deep learning system against attacks in software defined networks,” Journal of Network and Computer Applications, vol. 177, no. September 2020, p. 102942, Mar. 2021, doi: 10.1016/j.jnca.2020.102942.
• [15] T. Aytac, M. A. Aydin, and A. H. Zaim, “Detection DDOS Attacks Using Machine Learning Methods,” Electrica, vol. 20, no. 2, pp. 159–167, Jun. 2020, doi: 10.5152/electrica.2020.20049.
• [16] M. S. KARAMAN, M. TURAN, and M. A. AYDIN, “Yapay Sinir Ağı Kullanılarak Anomali Tabanlı Saldırı Tespit Modeli Uygulaması,” European Journal of Science and Technology, no. February, pp. 10–17, Feb. 2021, doi: 10.31590/ejosat.1115825.
• [17] H. Ahmetoğlu and R. Daş, “Derin Öğrenme ile Büyük Veri Kumelerinden Saldırı Türlerinin Sınıflandırılması,” in 2019 International Artificial Intelligence and Data Processing Symposium (IDAP), IEEE, Sep. 2019, pp. 1–9. doi: 10.1109/IDAP.2019.8875872.
• [18] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy,” in 2019 International Carnahan Conference on Security Technology (ICCST), IEEE, Oct. 2019, pp. 1–8. doi: 10.1109/CCST.2019.8888419.
• [19] S. Dasari and R. Kaluri, “An Effective Classification of DDoS Attacks in a Distributed Network by Adopting Hierarchical Machine Learning and Hyperparameters Optimization Techniques,” IEEE Access, vol. 12, no. November 2023, pp. 10834–10845, 2024, doi: 10.1109/ACCESS.2024.3352281.
• [20] M. Zhu, K. Ye, and C.-Z. Xu, “Network Anomaly Detection and Identification Based on Deep Learning Methods,” in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10967 LNCS, Springer International Publishing, 2018, pp. 219–234. doi: 10.1007/978-3-319-94295-7_15.
• [21] Md. Z. Hasan, K. M. Z. Hasan, and A. Sattar, “Burst Header Packet Flood Detection in Optical Burst Switching Network Using Deep Learning Model,” Procedia Comput Sci, vol. 143, pp. 970–977, 2018, doi: 10.1016/j.procs.2018.10.337.
• [22] F. M. Aswad, A. M. S. Ahmed, N. A. M. Alhammadi, B. A. Khalaf, and S. A. Mostafa, “Deep learning in distributed denial-of-service attacks detection method for Internet of Things networks,” Journal of Intelligent Systems, vol. 32, no. 1, Jan. 2023, doi: 10.1515/jisys-2022-0155.
• [23] G. Baldini and I. Amerini, “Online Distributed Denial of Service (DDoS) intrusion detection based on adaptive sliding window and morphological fractal dimension,” Computer Networks, vol. 210, no. March, p. 108923, Jun. 2022, doi: 10.1016/j.comnet.2022.108923.
• [24] Y. Liu, T. Zhi, M. Shen, L. Wang, Y. Li, and M. Wan, “Software-defined DDoS detection with information entropy analysis and optimized deep learning,” Future Generation Computer Systems, vol. 129, pp. 99–114, Apr. 2022, doi: 10.1016/j.future.2021.11.009.
• [25] M. S. Elsayed, N.-A. Le-Khac, S. Dev, and A. D. Jurcut, “DDoSNet: A Deep-Learning Model for Detecting Network Attacks,” in 2020 IEEE 21st International Symposium on “A World of Wireless, Mobile and Multimedia Networks” (WoWMoM), IEEE, Aug. 2020, pp. 391–396. doi: 10.1109/WoWMoM49955.2020.00072.
• [26] P. Krishnan, S. Duttagupta, and K. Achuthan, “VARMAN: Multi-plane security framework for software defined networks,” Comput Commun, vol. 148, no. July, pp. 215–239, Dec. 2019, doi: 10.1016/j.comcom.2019.09.014.
• [27] V. K. Jewani, P. E. Ajmire, M. Atique, B. Sharma, I. Ben Dhaou, and S. Awadhesh Chaurasia, “Distributed Denial of Service Attack Detection by Machine Learning Techniques,” in 2025 22nd International Learning and Technology Conference, IEEE, Jan. 2025, pp. 286–291. doi: 10.1109/LT64002.2025.10940799.
• [28] S. Alzahrani and L. Hong, “Detection of Distributed Denial of Service (DDoS) Attacks Using Artificial Intelligence on Cloud,” in 2018 IEEE World Congress on Services (SERVICES), IEEE, Jul. 2018, pp. 35–36. doi: 10.1109/SERVICES.2018.00031.
• [29] F. Ö. Çatak and A. F. Mustaçoglu, “Derin Ögrenme Teknolojileri Kullanarak Dagıtık Hizmet Dısı Bırakma Saldırılarının Tespit Edilmesi,” in The 5th High Performance Computing Conference, 2017.
• [30] O. Yousuf and R. N. Mir, “DDoS attack detection in Internet of Things using recurrent neural network,” Computers and Electrical Engineering, vol. 101, no. May, p. 108034, Jul. 2022, doi: 10.1016/j.compeleceng.2022.108034.
• [31] Ç. Ateş, S. Özdel, M. Yıldırım, and E. Anarım, “Network Anomaly Detection Using Header Information With Greedy Algorithm,” in 2019 27th Signal Processing and Communications Applications Conference (SIU), IEEE, Apr. 2019, pp. 1–4. doi: 10.1109/SIU.2019.8806451.
• [32] Sharafaldin I, L. A, and G. A, “CIC-IDS2017.” Accessed: Dec. 08, 2024. [Online]. Available: https://www.unb.ca/cic/datasets/ids-2017.html
• [33] W. F. Urmi et al., “A stacked ensemble approach to detect cyber attacks based on feature selection techniques,” International Journal of Cognitive Computing in Engineering, vol. 5, no. January, pp. 316–331, 2024, doi: 10.1016/j.ijcce.2024.07.005.
• [34] S. Iman, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “CIC-DDoS2019.” Accessed: Dec. 13, 2024. [Online]. Available: https://www.unb.ca/cic/datasets/ddos-2019.html
• [35] H. S. Sharma and K. J. Singh, “Intrusion detection system: a deep neural network-based concatenated approach,” J Supercomput, vol. 80, no. 10, pp. 13918–13948, Jul. 2024, doi: 10.1007/s11227-024-05994-1.
• [36] A. Ethem, “Introduction to Machine Learning in Adaptive Computation and Machine Learning series,” Massachusetts Institute of Technology, p. 712, 2020.
• [37] Yurong Zhong, “The analysis of cases based on decision tree,” in 2016 7th IEEE International Conference on Software Engineering and Service Science (ICSESS), IEEE, Aug. 2016, pp. 142–147. doi: 10.1109/ICSESS.2016.7883035.
• [38] G. Biau and E. Scornet, “A random forest guided tour,” TEST, vol. 25, no. 2, pp. 197–227, Jun. 2016, doi: 10.1007/s11749-016-0481-7.
• [39] F. Maleki, K. Ovens, K. Najafian, B. Forghani, C. Reinhold, and R. Forghani, “Overview of Machine Learning Part 1,” Neuroimaging Clin N Am, vol. 30, no. 4, pp. e17–e32, Nov. 2020, doi: 10.1016/j.nic.2020.08.007.
• [40] “Supervised learning — scikit-learn 1.6.1 documentation.” Accessed: Apr. 02, 2025. [Online]. Available: https://scikit-learn.org/stable/supervised_learning.html#supervised-learning