ENHANCED DDoS ATTACK DETECTION THROUGH HYBRID MACHINE LEARNING TECHNIQUES

Yıl 2025, Cilt: 7 Sayı: 2, 275 - 307, 28.02.2025

Feraidoon Farahmandnia , Serhat Özekes

https://doi.org/10.56809/icujtas.1513881

Öz

This research focuses on enhancing the detection mechanisms for Distributed Denial of Service (DDoS) attacks using advanced machine learning techniques. We explore two innovative approaches: a metaclassifier stacking model and a transfer learning model, utilizing the CICDDoS2019 and CICIDS2017 datasets for training and evaluation. The first approach integrates K-Nearest Neighbors (KNN), Support Vector Machine (SVM), and Random Forest (RF) algorithms through a logistic regression metaclassifier. This ensemble method harnesses the strengths of each algorithm, leading to improved metrics such as accuracy, precision, recall, and F1-score. The second approach employs transfer learning, where a pre-trained Artificial Neural Network (ANN) on the CICIDS2017 dataset is fine-tuned with the CICDDoS2019 dataset. This technique demonstrates the benefits of knowledge transfer, achieving high detection performance with reduced training time. Our findings reveal that both methods significantly enhance DDoS detection. The metaclassifier approach delivers superior performance metrics but requires more computational resources. In contrast, the transfer learning approach provides an efficient balance between performance and computational demand, ideal for rapid deployment scenarios. In summary, this study highlights the efficacy of combining multiple algorithms and leveraging pre-trained models to improve DDoS detection accuracy and efficiency. These approaches offer promising directions for developing robust and effective DDoS detection systems.

Anahtar Kelimeler

DDoS Detection, Machine Learning, Metaclassifier, Transfer Learning, Cybersecurity

HİBRİT MAKİNE ÖĞRENME TEKNİKLERİYLE GELİŞTİRİLMİŞ DDoS SALDIRISI TESPİTİ

Öz

Bu araştırma, Dağıtılmış Hizmet Engelleme (DDoS) saldırılarının tespit mekanizmalarını ileri makine öğrenme teknikleri kullanarak geliştirmeyi amaçlamaktadır. CICDDoS2019 ve CICIDS2017 veri setleri kullanılarak eğitim ve değerlendirme için iki yenilikçi yaklaşım araştırılmıştır: metaklasifikatör yığma modeli ve transfer öğrenme modeli. İlk yaklaşım, Lojistik Regresyon metaklasifikatörü aracılığıyla K-En Yakın Komşu (KNN), Destek Vektör Makinesi (SVM) ve Rastgele Orman (RF) algoritmalarını birleştirir. Bu topluluk yöntemi, her algoritmanın güçlü yönlerinden yararlanarak doğruluk, kesinlik, geri çağırma ve F1-skoru gibi performans metriklerini iyileştirir. İkinci yaklaşım, CICIDS2017 veri setinde önceden eğitilmiş bir Yapay Sinir Ağı (ANN) modelinin CICDDoS2019 veri seti ile ince ayarlandığı transfer öğrenmeyi kullanır. Bu teknik, bilgi aktarımının faydalarını göstererek yüksek tespit performansına ve azaltılmış eğitim süresine ulaşır. Bulgularımız, her iki yöntemin de DDoS tespitini önemli ölçüde iyileştirdiğini ortaya koymaktadır. Metaklasifikatör yaklaşımı daha yüksek performans metrikleri sunar, ancak daha fazla hesaplama kaynağı gerektirir. Buna karşılık, transfer öğrenme yaklaşımı performans ve hesaplama talebi arasında verimli bir denge sağlar ve hızlı dağıtım senaryoları için idealdir. Sonuç olarak, bu çalışma, DDoS tespit doğruluğunu ve verimliliğini artırmada birden fazla algoritmanın kombinasyonunun ve önceden eğitilmiş modellerin kullanılmasının etkinliğini vurgulamaktadır. Bu yaklaşımlar, sağlam ve etkili DDoS tespit sistemleri geliştirmek için umut verici yönler sunar.

Anahtar Kelimeler

DDoS Tespiti, Makine Öğrenimi, Metaklasifikasyon, Transfer Öğrenme, Siber Güvenlik

Kaynakça

• Bhushan, B., Chaganti, R., & Ravi, V. (2022). A survey on Blockchain solutions in DDoS attacks mitigation: Techniques, open challenges and future directions. Computer Communications, 197. https://doi.org/10.1016/j.comcom.2022.10.026
• Chong, Y.-W., Ali, T. E., & Manickam, S. (2023). Comparison of ML/DL Approaches for Detecting DDoS Attacks in SDN. Applied Sciences, 13. https://doi.org/10.3390/app13053033
• Elsayed, M. S., Le-Khac, N.-A., Dev, S., & Jurcut, A. D. (2020). DDoSNet: A Deep-Learning Model for Detecting Network Attacks (arXiv:2006.13981). arXiv. http://arxiv.org/abs/2006.13981
• Gaur, V., & Kumar, R. (2022). Analysis of Machine Learning Classifiers for Early Detection of DDoS Attacks on IoT Devices. Arabian Journal for Science and Engineering, 47(2), 1353–1374. https://doi.org/10.1007/s13369-021-05947-3
• Gopinaath, V., Amrish, R., Kumar, C. V., Jawahar, A., & Bavapriyan, K. (2022). DDoS Detection using Machine Learning Techniques. Journal of ISMAC, 4. https://doi.org/10.36548/jismac.2022.1.003
• Halladay, J., Cullen, D., Briner, N., Warren, J., Fye, K., Basnet, R., Bergen, J., & Doleck, T. (2022). Detection and Characterization of DDoS Attacks Using Time-Based Features. IEEE Access, 10, 49794–49807. https://doi.org/10.1109/ACCESS.2022.3173319
• Hossain, M. A. (2023). Enhanced Ensemble-Based Distributed Denial-of-Service (DDoS) Attack Detection with Novel Feature Selection: A Robust Cybersecurity Approach. Artificial Intelligence Evolution. https://doi.org/10.37256/aie.4220233337
• Kasture, P. (2023). DDoS Attack Detection using ML. International Journal for Research in Applied Science and Engineering Technology, 11. https://doi.org/10.22214/ijraset.2023.53133
• Khan, M. A. (2021). HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System. Processes, 9(5), Article 5. https://doi.org/10.3390/pr9050834
• Li, S., & Wang, D. (2022, December 2). Automated DDoS Attack Mitigation for Software Defined Network. https://doi.org/10.1109/asid56930.2022.9996013
• Ojha, S. P., Qureshi, Z., Kumar, S. P., & Sadhu, A. (2023, April 19). Detection and Prevention of Distributed Denial of Service in Mobile ADHOC Network. https://doi.org/10.1109/raeeucci57140.2023.10134098
• Seifousadati, A., Ghasemshirazi, S., & Fathian, M. (2021). A Machine Learning Approach for DDoS Detection on IoT Devices (arXiv:2110.14911). arXiv. https://doi.org/10.48550/arXiv.2110.14911
• Shakya, H. K., & Karnani, S. (2022). Mitigation strategies for distributed denial of service (DDoS) in SDN: A survey and taxonomy. Information Security Journal: A Global Perspective, 32. https://doi.org/10.1080/19393555.2022.2111004
• Singh, D. N. P., Kumar, D. N., & Kumar, S. (2022). Literature Review of Distributed Denial of Service (DDoS) Attacks, its Detection Techniques and Prevention Mechanisms. International Journal for Research in Applied Science and Engineering Technology, 10. https://doi.org/10.22214/ijraset.2022.46882
• Suhag, A., & Daniel, A. (2022). Study of statistical techniques and artificial intelligence methods in distributed denial of service (DDOS) assault and defense. Journal of Cyber Security Technology, 7. https://doi.org/10.1080/23742917.2022.2135856
• T, R., E, A., U, D., Sumathi, A. C., Yuvaraj, N., & Ghazali, N. H. (2023). Improved Intrusion Detection System That Uses Machine Learning Techniques to Proactively Defend DDoS Attack. ITM Web of Conferences, 56. https://doi.org/10.1051/itmconf/20235605011
• Umamaheswari, K., Subramanian, N., & Subramaniyan, M. (2023). Distributed Denial of Service Attack Detection Using Hyper Calls Analysis in Cloud. International Journal of Computer Network and Information Security, 15. https://doi.org/10.5815/ijcnis.2023.04.06
• Wang, C., Zheng, J., & Li, X. (2017). Research on DDoS Attacks Detection Based on RDF-SVM. 2017 10th International Conference on Intelligent Computation Technology and Automation (ICICTA), 161–165. https://doi.org/10.1109/ICICTA.2017.43
• Jia, Y., Zhong, F., Alrawais, A., Gong, B., & Cheng, X. (2020). FlowGuard: an intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet of Things Journal, 7(10), 9552–9562.
• Cheema, A., Khan, M.M., Anwar, M., Tariq, M., Ahmad, F., & Hafiz, A. (2022). Prevention Techniques against Distributed Denial of Service Attacks in Heterogeneous Networks: A Systematic Review. Security and Communication Networks, 2022. https://doi.org/10.1155/2022/8379532
• Rajendran, N.A., & Vincent, D.R. (2021). Heart Disease Prediction System using Ensemble of Machine Learning Algorithms. Recent Patents on Engineering, 15. https://doi.org/10.2174/1872212113666190328220514
• Sultana, N., & Islam, M.M. (2019). Meta Classifier-Based Ensemble Learning For Sentiment Classification. https://doi.org/10.1007/978-981-13-7564-4_7
• Islam, M.M. (2024). The Impact of Transfer Learning on AI Performance Across Domains. Journal of Artificial Intelligence General Science (JAIGS), 1. https://doi.org/10.60087/jaigs.v1i1.37
• Sharafaldin, I., Lashkari, A.H., Hakak, S., & Ghorbani, A.A. (2019). CICDDoS2019 Dataset. Canadian Institute for Cybersecurity, University of New Brunswick. Available at: http://www.unb.ca/cic/datasets/CICDDoS2019
• Canadian Institute for Cybersecurity. (2017). CICIDS2017 Dataset. University of New Brunswick. Available at: https://www.unb.ca/cic/datasets/ids-2017.html
• Gurjar, A., Voditel, P., 2022. Transfer Learning: A Paradigm for Machine Assisted Knowledge Transfer. ECS Transactions 107. https://doi.org/10.1149/10701.7179ecst