Abstract:
As the use of the Internet is increasing day-by-day, cyber-attacks over user’s
personal data and network resources are also increasing. Cyber-attacks are becoming
quite common, especially distributed denial-of-service (DDoS) attacks due to availability
offreely accessible tools that generate such attacks along with the rapid spread ofbotnets.
The main purpose ofthese types of attacks is to deny the services availability to legitimate
users by increasing the rate of the request to the server. Intruders are using new and
advanced techniques for executing cyber-attacks hence making it difficult for the security
mechanism to block such attacks. Intrusion Detection Systems (IDS) are used to detect
such cyber-attacks. However, it is becoming quite easy for intruders to mimic authentic
users while accessing network resources, hence becoming difficult to stop such attacks.
This in-tum can result in damaging targeted website or server.
It is possible to improve the detection ofDDoS attacks through a machine learning
vital role in based classification modules, where machine learning can play a
identification ofsuch attacks. Hence, improving the overall accuracy rate in classifying
DDoS attacks from normal traffic. This research aims to study the performance ofseveral
machine learning algorithms, namely Naive Bayes, Decision Tree, Random Forest and
Vector Machine. Performance is evaluated in-terms of their classification
DDoS attacks and normal network traffic. For this purpose, several
developed than can be utilized with an IDS.
Support
accuracy between
machine learning-based classifiers are
focus on DDoS attack identification for which multi class data
set is used which contains four different types ofDDoS attacks which are Smurf, SIDDoS,
HTTP-Flood and UDP-Flood. Balanced datasets are used for both training and testing
the end result would be biased free. In this research, we use Weka platform
classification models and also for executing the different test
In this research, we
purposes so
for training the
scenarios.
different set of conducted in which each experiment contains Four experiments are
attributes. Result of each experiment is computed individually and the best algorithm
of its accuracy rate and the detection rates (i.e.
among the four is highlighted by
positive, false negative, true positive and true negative), and finally by the
build and test the classifiers. Analysis has been performed on
different dale nets, in data set we have reduced the number of.he attributes b, removing attributes on
accuracy, false positive, false negative we have observed that NB have the highest rate of
false positive and SVM have the highest rate of false negative
observed that DT have lowest rate of false positive and RF have the lowest rate of false
on the other end we have
negative these is a slight difference between RF and DT for rate of false negative, RF
time taken to test model, rate of have accuracy rate similar to DT but when it
false positive RF is not good classification algorithm for detection of intrusion as
pared to other classification algorithms, From all experimental results
that Decision tree (J48) is the best classification algorithm on the basis ofthe parameters
comes on
we concluded
com
time taken to test the model, accuracy percentage %, rate offalse positive, rate false alarm
rate.
