IMPROVING THE DISCRIMINATION ACCURACY RATE OF FLASH EVENTS AND DDOS ATTACKS

Welcome to DSpace BU Repository

Welcome to the Bahria University DSpace digital repository. DSpace is a digital service that collects, preserves, and distributes digital material. Repositories are important tools for preserving an organization's legacy; they facilitate digital preservation and scholarly communication.

Show simple item record

dc.contributor.author Agha, Sahareesh Enroll # 02-241172-002
dc.date.accessioned 2023-05-09T05:15:07Z
dc.date.available 2023-05-09T05:15:07Z
dc.date.issued 2020
dc.identifier.uri http://hdl.handle.net/123456789/15401
dc.description Supervised by Dr. Osama Rehman en_US
dc.description.abstract In our modem age oftechnologies, Distributed Denial ofService (DDoS) attacks the most common type of cyber-attacks in communication networks. This is due to the availability of open source and freeware tools. The purpose of the DDoS attacks is to cause interruptions in services availability provided by different network systems, such as web servers. This in-turn results into legitimate users not being able to access the servers and hence facing denial of services. On other hand, flash events are high amount of legitimate requests over a server that occur at specific time periods in result of large number of users visiting a website due to a specific event. As a result, huge amount of network traffic arrived on their servers. Flash events are common network phenomenon which usually occur whenever new/discounted products are launched on companies’ site or when an important news is announced. To deal with Flash events, websites use load balancers. However, when DDoS attacks are combined with flash events, they can cause noticeable harm due to the superimposed load on web servers. Hence, it is considered as the best time for attackers to launch a DDoS attack is during flash events. On top of that, DDoS attacks are known to have similar properties to those of normal server requests by mimicking legitimate user traffic, including flash events. As a result, many DDoS packets are failed to be detected by the deployed security mechanisms. Therefore, security mechanism should be intelligent enough to discriminate between DDoS attacks and flash events as its a challenging issue. The purpose of this study is to build an intelligent network traffic classification model to improve the discrimination accuracy rale of DDoS attack from flash events traffic. . Weka is adopted as the platform for evaluating the performance of random forest algorithm. are ; : : i ; Experiments executed involve evaluating performance of classifier on 41 attributes present in NSL KDD dataset and with 6 most significant attributes (with threshold of> 0.5) selected using feature selection technique symmetric uncertainty. To get more confidence on selected attributes (and on threshold value), 3 more experiments performed, one with 5 most significant attributes, other with 7 most significant attributes and last one without 6 most significant attributes (i.e. the remaining 35 attributes). Experiment results show that Random forest is providing good accuracy of 97.6 with 6 attributes and significant reduction in false positives, false negatives and testing time is observed. Whereas decision tree performance decreases when number of attributes are reduced. en_US
dc.language.iso en_US en_US
dc.publisher Bahria University Karachi Campus en_US
dc.relation.ispartofseries MS SE;MFN MS 06
dc.title IMPROVING THE DISCRIMINATION ACCURACY RATE OF FLASH EVENTS AND DDOS ATTACKS en_US
dc.type Thesis en_US


Files in this item

This item appears in the following Collection(s)

Show simple item record

Search DSpace


Advanced Search

Browse

My Account