Detection of DDoS Flows using Supervised Learning

Abstract

Cyber-attacks have been on the rise especially after the explosive widespread of social networking as it gives cyber criminals a way to break into other's computers and manipulate personal and sensitive data. Many different techniques have been used in the past to minimize the occurrences of cyber-attacks. These techniques focused primarily on traffic in order to look for malicious activity. This research proposes a methodology that can detect early Denial of service (DoS) and distributed denial of service (DDoS) attack. First, we fonnulate the problem in practical sense by comparing flow and non flow based dataset using Mann Whitney U statistical test. For flow based CSE-CIC IDS 2018 and for non flow based NSL-KDD dataset is used. Artificial Neural Network and Support Vector Machine is used as classifier. To keep original features, we use Variance, Correlation, 3A quartile method to eliminate the un-important features. Forward selection wrapper method in feature selection is used to find out best features. To validate the proposed methodology, we take multiple DoS and DDoS single flow and validate it on .l 0 %, 20 %, 30 %, 40 % and 50 %. On validation of DDoS attacks-HOTC, single flow duration was 22 minutes long whereas on 10 % (2.12 minutes) a confidence level of 94.1.1 % is achieved, other results is mentioned in chapter 5.