Wireless Personal Communications

, Volume 99, Issue 4, pp 1639–1659 | Cite as

Ensemble Classifiers with Drift Detection (ECDD) in Traffic Flow Streams to Detect DDOS Attacks

  • K. Munivara Prasad
  • A. Rama Mohan Reddy
  • K. Venugopal Rao


Malfunction of internet networking systems might directly and the adverse effect in one way or the other, wherein aspects of contemporary information and communication technologies. In such conditions, DDoS attacks are prevalent threat, wherein flooding of requests related to computation and communication resources for ordering the service that is unavailable for legitimate users. DDOS attacks to be defend to guard the Critical resources. The contribution of this manuscript is an ensemble classifier model to defend the DDOS attacks. The Proposed model is based on ensemble classifier with drift detection ability at the service request stream level. The proposed model incorporates the process of defining service request streaming characteristics, enables the drift detection ability that uses the defined service request stream characteristics. The experimental study carried out from the setup established using synthesized service request stream, and the result obtained are explored using statistical metrics such as true negative rate, positive predictive value, accuracy. Moreover, the significance of the model elevated by comparing the obtained results with results obtained from other benchmark models depicted in contemporary literature.


Denial of service (DoS) attacks Distributed DoS (DDoS) attacks Application layer DDoS (APP-DDoS) Ensemble classifier model 


  1. 1.
    Palmieri, F., et al. (2015). Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures. The Journal of Supercomputing, 71(5), 1620–1641.CrossRefGoogle Scholar
  2. 2.
    Yan, Q., et al. (2016). Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: A survey, some research issues, and challenges. IEEE Communications Surveys & Tutorials, 18(1), 602–622.CrossRefGoogle Scholar
  3. 3.
    Najafabadi, M. M., et al. (2016). RUDY attack: Detection at the network level and its important features. In The twenty-ninth international flairs conference (pp. 288–293). Marco Island: Hilton.Google Scholar
  4. 4.
    Prasad, K. M., Rama Mohan Reddy, A., & Venugopal Rao, K. (2017). BIFAD: Bio-inspired anomaly based HTTP-flood attack detection. Wireless Personal Communications, 97, 1–28.CrossRefGoogle Scholar
  5. 5.
    VivinSandar, S., & Shenai, S. (2012). Economic denial of sustainability (EDoS) in cloud services using HTTP and XML based DDoS attacks. International Journal of Computer Applications, 41(20), 11–16.CrossRefGoogle Scholar
  6. 6.
    Iglesias, F., & Zseby, T. (2015). Analysis of network traffic features for anomaly detection. Machine Learning, 101(1-3), 59–84.MathSciNetCrossRefGoogle Scholar
  7. 7.
    Claise, B., Trammell, B., & Aitken, P. (2013). Specification of the IP flow information export (IPFIX) protocol for the exchange of flow information. No. RFC 7011.Google Scholar
  8. 8.
    Cambiaso, E., Papaleo, G., & Aiello, M. (2012). Taxonomy of slow DoS attacks to web applications. Recent Trends in Computer Networks and Distributed Systems Security, 335, 195–204.CrossRefGoogle Scholar
  9. 9.
    Akamai: Akamai’s [State of the Internet]/Security Q1/2016 Report. State of The Internet (2016).
  10. 10.
    Alkasassbeh, M., et al. (2016). Detecting distributed denial of service attacks using data mining techniques. International Journal of Advanced Computer Science and Applications 7(1).Google Scholar
  11. 11.
    Loukas, Georgios, & Öke, Gülay. (2009). Protection against denial of service attacks: A survey. The Computer Journal, 53(7), 1020–1037.CrossRefGoogle Scholar
  12. 12.
    Bivens, A., et al. (2002). Network-based intrusion detection using neural networks. Intelligent Engineering Systems through Artificial Neural Networks, 12(1), 579–584.Google Scholar
  13. 13.
    Apale, S., et al. (2014). Defense mechanism for DDoS attack through machine learning. International Journal of Research in Engineering and Technology, 3(10), 291–294.CrossRefGoogle Scholar
  14. 14.
    Vijayasarathy, R., Raghavan, S. V., & Ravindran, B. (2011). A system approach to network modeling for DDoS detection using a Naive Bayesian classifier. In IEEE third international conference on communication systems and networks (COMSNETS) (pp. 1–10), Bangalore.Google Scholar
  15. 15.
    Lu, K., et al. (2007). Robust and efficient detection of DDoS attacks for large-scale internet. Computer Networks, 51(18), 5036–5056.CrossRefzbMATHGoogle Scholar
  16. 16.
    Pan, W., & Weihua, L. (2005). A hybrid neural network approach to the classification of novel attacks for intrusion detection. In International symposium on parallel and distributed processing and applications. Springer: Berlin.Google Scholar
  17. 17.
    Norouzian, M. R., & Merati, S. (2011). Classifying attacks in a network intrusion detection system based on artificial neural networks. In IEEE 13th international conference on advanced communication technology (ICACT), Republic of Korea, (pp. 868–873).Google Scholar
  18. 18.
    Haddadi, F., et al. (2010). Intrusion detection and attack classification using feed-forward neural network. In Second International Conference on Computer and Network Technology, Minneapolis, MN, USA (pp. 262–266).Google Scholar
  19. 19.
    Zhang, Z., Li, J., Manikopoulos, C. N., Jorgenson, J., & Ucles, J. (2001). HIDE: A hierarchical network intrusion detection system using statistical preprocessing and neural network classification. In Proceedings of IEEE Workshop on Information Assurance and Security, United States, (pp. 85–90).Google Scholar
  20. 20.
    Karimazad, R., & Faraahi, A. (2011). An anomaly-based method for DDoS attacks detection using RBF neural networks. In Proceedings of the international conference on network and electronics engineering , Singapore (pp. 16–18).Google Scholar
  21. 21.
    Jawale, M. D. R., & Bhusari, V. (2014). Technique to detect and classify attacks in nids using ann, pp. 75–81.Google Scholar
  22. 22.
    Barford, P., & Plonka, D. (2001). Characteristics of network traffic flow anomalies. In Proceedings of the 1st ACM SIGCOMM workshop on internet measurement. Cambridge: ACM.Google Scholar
  23. 23.
    Kalliola, A., Lee, K., Lee, H., & Aura, T. (2015). Flooding DDoS mitigation and traffic management with software defined networking. In IEEE 4th international conference on cloud networking (CloudNet), Canada (pp. 248–254).Google Scholar
  24. 24.
    Seufert, S., & O’Brien, D. (2007). Machine learning for automatic defence against distributed denial of service attacks. In IEEE international conference on communications, ICC’07, Scotland (pp. 1217–1222).Google Scholar
  25. 25.
    Berral, Josep L., et al. (2008). Adaptive distributed mechanism against flooding network attacks based on machine learning. In Proceedings of the 1st ACM workshop on Workshop on AISec, ACM.Google Scholar
  26. 26.
    Huang, G.-B., et al. (2012). Extreme learning machine for regression and multiclass classification. IEEE Transactions on Systems, Man, and Cybernetics, Part B (Cybernetics), 42(2), 513–529.CrossRefGoogle Scholar
  27. 27.
    Srimuang, W., & Intarasothonchun, S. (2015). Classification model of network intrusion using weighted extreme learning machine. In 12th IEEE international joint conference on computer science and software engineering (JCSSE), Thailand (pp. 190–194).Google Scholar
  28. 28.
    Fossaceca, John M., Mazzuchi, Thomas A., & Sarkani, Shahram. (2015). MARK-ELM: Application of a novel multiple kernel learning framework for improving the robustness of network intrusion detection. Expert Systems with Applications, 42(8), 4062–4080.CrossRefGoogle Scholar
  29. 29.
    Kumar, P. A. R., & Selvakumar, S. (2013). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications, 36(3), 303–319.CrossRefGoogle Scholar
  30. 30.
    Ghasemi, Asghar, & Zahediasl, Saleh. (2012). Normality tests for statistical analysis: A guide for non-statisticians. International Journal of Endocrinology and Metabolism, 10(2), 486.CrossRefGoogle Scholar
  31. 31.
    Revathi, S., & Malathi, A. (2013). A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. International Journal of Engineering 2(12).Google Scholar
  32. 32.
  33. 33.
    The CAIDA, ‘‘DDoS Attack 2007’’, Dataset Paul Hick, Emile Aben, kc claffy, Josh Polterock. Available from
  34. 34.
    CAIDA UCSD Network telescope, ‘‘Three days of conficker’’ – November 2008, Paul Hick, Emile Aben, Dan Andersen, kcclaffy. Available from
  35. 35.
    Sommer, R., & Paxson, V. (2010). Outside the closed world: On using machine learning for network intrusion detection. In IEEE symposium on security and privacy (SP).Google Scholar
  36. 36.
    Behal, Sunny, & Kumar, Krishan. (2017). Characterization and comparison of DDoS attack tools and traffic generators: A review. IJ Network Security, 19(3), 383–393.Google Scholar
  37. 37.
    Badve, O. P., & Gupta, B. B. (2016). Taxonomy of recent DDoS attack prevention, detection, and response schemes in cloud environment. In Proceedings of the international conference on recent cognizance in wireless communication & image processing. Springer: New Delhi.Google Scholar
  38. 38.
    Kiran, S., Mohapatra, A., & Swamy, R. (2015). Experiences in performance testing of web applications with Unified Authentication platform using Jmeter. In International symposium on technology management and emerging technologies (ISTMET).Google Scholar
  39. 39.
    Powers, D. M. (2011). Evaluation: From precision, recall and F-measure to ROC, informedness, markedness and correlation.Google Scholar
  40. 40.
    An, T. K., & Kim, M. H. (2010). A new diverse AdaBoost classifier. In IEEE computer society proceedings of the international conference on artificial intelligence and computational intelligence, China (Vol. 01, pp. 359–363).Google Scholar

Copyright information

© Springer Science+Business Media, LLC, part of Springer Nature 2018

Authors and Affiliations

  • K. Munivara Prasad
    • 1
  • A. Rama Mohan Reddy
    • 2
  • K. Venugopal Rao
    • 3
  1. 1.Department of CSEJNTUHHyderabadIndia
  2. 2.Department of CSESVUCE, SV UniversityTirupatiIndia
  3. 3.Department of CSEGNITSHyderabadIndia

Personalised recommendations