Live anomaly detection system for ddos attack using machine learning

Abstract

Living in the era of the computerized world and internet network security has become the main concern of users. One of the main threats to network security is DDoS attack. The DDoS attack is the type of attack in which the invader intentions to deny services on a network/server traffic with illegal requests making it impossible to process requests from legitimate users. According to a report published by Cisco in the year, 2019 DDoS attack has become one of the disastrous attacks in network security which destroys reputation of a company and make financial losses as well. In 2018 the number of DDoS attacks was 7.9 million while in 2019 the number of DDoS attacks was 9.5 million.in 2020 the number of DDoS attacks was higher than in 2018 and 2019 numbering 10.08 million DDoS attacks the main objective of DDoS attack is to accumulate multiple systems across the internet with infected scripts making them zombies of the network. The zombies are designed by an attacker to target a specific system by using different types of flooded packets. Capturing or detection of DDoS attack at real time in traditional ways is impossible because of changes in behavior. To overcome this issue, we have proposed a system in this thesis which will detect anomaly based DDoS attack using machine learning algorithms at real time. Machine learning approach is used to detect Anomaly based DDoS attack. For training of our proposed model, we have used dataset of CICDDoS2019 dataset. To obtain a classification model and determine better accuracy and perfect machine learning algorithm for DDoS detection we have selected support vector machine, Neural Network and Decision Tree as our machine learning algorithms. We have used these machine learning algorithms or classifiers for testing and prediction of DDoS attack at real time. To detect DDoS attack at real time we have extracted feature from network at real time using crc flow meter. After extraction of feature, we have normalized values of features to overcome influence of feature with high values. Number of features that we have extracted at real time from network are 78. We have selected large number of features for our proposed systems because in a signature-based system if a single values of feature is changed the system will not detect attack while our proposed system will detect it because it is trained on large number of features. After normalization of features values data is ready to be sent classification model. Based on results of accuracy and confusion matrix at real time prediction we have chosen decision tree as our classification model because decision tree provides accuracy of 98.6%, while Support Vector machine provides 89.5 and Neural Network gives 95.6% accuracy. A web interface has also been designed which help the user to launch DDoS Detector and detect Anomaly based DDoS attack at real time and log Ip’s of attacker system. Web interface also have a user manual that will help any user to use this proposed system without any hurdle.