IMPROVING THE DISCRIMINATION ACCURACY RATE OF FLASH EVENTS AND DDOS ATTACKS

Abstract

In our modem age oftechnologies, Distributed Denial ofService (DDoS) attacks the most common type of cyber-attacks in communication networks. This is due to the availability of open source and freeware tools. The purpose of the DDoS attacks is to cause interruptions in services availability provided by different network systems, such as web servers. This in-turn results into legitimate users not being able to access the servers and hence facing denial of services. On other hand, flash events are high amount of legitimate requests over a server that occur at specific time periods in result of large number of users visiting a website due to a specific event. As a result, huge amount of network traffic arrived on their servers. Flash events are common network phenomenon which usually occur whenever new/discounted products are launched on companies’ site or when an important news is announced. To deal with Flash events, websites use load balancers. However, when DDoS attacks are combined with flash events, they can cause noticeable harm due to the superimposed load on web servers. Hence, it is considered as the best time for attackers to launch a DDoS attack is during flash events. On top of that, DDoS attacks are known to have similar properties to those of normal server requests by mimicking legitimate user traffic, including flash events. As a result, many DDoS packets are failed to be detected by the deployed security mechanisms. Therefore, security mechanism should be intelligent enough to discriminate between DDoS attacks and flash events as its a challenging issue. The purpose of this study is to build an intelligent network traffic classification model to improve the discrimination accuracy rale of DDoS attack from flash events traffic. . Weka is adopted as the platform for evaluating the performance of random forest algorithm. are ; : : i ; Experiments executed involve evaluating performance of classifier on 41 attributes present in NSL KDD dataset and with 6 most significant attributes (with threshold of> 0.5) selected using feature selection technique symmetric uncertainty. To get more confidence on selected attributes (and on threshold value), 3 more experiments performed, one with 5 most significant attributes, other with 7 most significant attributes and last one without 6 most significant attributes (i.e. the remaining 35 attributes). Experiment results show that Random forest is providing good accuracy of 97.6 with 6 attributes and significant reduction in false positives, false negatives and testing time is observed. Whereas decision tree performance decreases when number of attributes are reduced.