Automatic Control and Computer Sciences

, Volume 53, Issue 5, pp 419–428 | Cite as

Detecting DDoS Attacks Using Machine Learning Techniques and Contemporary Intrusion Detection Dataset

  • Naveen BindraEmail author
  • Manu SoodEmail author


Recent trends have revealed that DDoS attacks contribute to the majority of overall network attacks. Networks face challenges in distinguishing between legitimate and malicious flows. The testing and implementation of DDoS strategies are not easy to deploy due to many factors like complexities, rigidity, cost, and vendor specific architecture of current networking equipment and protocols. Work is being done to detect DDoS attacks by application of Machine Learning (ML) models but to find out the best ML model among the given choices, is still an open question. This work is motivated by two research questions: 1) which supervised learning algorithm will give the best outcomes to detect DDoS attacks. 2) What would be the accuracy of training these algorithms on a real-life dataset? We achieved more than 96% accuracy in the case of Random Forest Classifier and validated our results using two metrics. The outcome was also compared with the other works to confirm its adequacy. We also present a detailed analysis to support our findings.


DDoS detection DDoS attack Machine Learning security network threats Scikit-learn classification 



The authors declare that there is no conflict of interest regarding the publication of this paper.


  1. 1.
    Cybersecurity Trends, 2018. Accessed February 5, 2018.Google Scholar
  2. 2.
    DDoS Attack, 2018. Accessed February 8, 2018.Google Scholar
  3. 3.
    Hacking Incidents, 2018. Accessed February 15, 2018.Google Scholar
  4. 4.
    Transformation of DDoS attacks in Global warefare, 2018. Accessed January 1, 2018.Google Scholar
  5. 5.
    DDoS attacks Trend Report, 2018. 20Trends%20Report_EN_201712.pdf. Accessed February 26, 2018.Google Scholar
  6. 6.
    Robinson, R. and Thomas, C., Ranking of machine learning algorithms based on the performance in classifying DDoS attacks, Proceedings of the IEEE Recent Advances in Intelligent Computational Systems (RAICS), Trivandrum, 2015, pp. 185–190.Google Scholar
  7. 7.
    Azab, A., Alazab, M., and Aiash, M., Machine learning based Botnet identification traffic, 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin, 2016, pp. 1788–1794.Google Scholar
  8. 8.
    Agrawal, P.K., Gupta, B.B., and Jain, S., SVM based scheme for predicting number of zombies in a DDoS attack, 2011 European Intelligence and Security Informatics Conference, Athens, 2011, pp. 178–182.Google Scholar
  9. 9.
    Chonka, A., Zhou, W., Singh, J., and Xiang, Y., Detecting and tracing DDoS attacks by intelligent decision prototype, 2008 Sixth Annual IEEE International Conference on Pervasive Computing and Communications (PerCom), Hong Kong, 2008, pp. 578–583.Google Scholar
  10. 10.
    Jalil, K.A., Kamarudin, M.H., and Masrek, M.N., Comparison of machine learning algorithms performance in detecting network intrusion, 2010 International Conference on Networking and Information Technology, Manila, 2010, pp. 221–226.Google Scholar
  11. 11.
    Balkanli, E., Alves, J., and Zincir-Heywood, A.N., Supervised learning to detect DDoS attacks, 2014 IEEE Symposium on Computational Intelligence in Cyber Security (CICS), Orlando, FL, 2014, pp. 1–8.Google Scholar
  12. 12.
    Saad, S., et al., Detecting P2P Botnets through network behavior analysis and Machine Learning, 2011 Ninth Annual International Conference on Privacy, Security and Trust, Montreal, QC, 2011, pp. 174–180.Google Scholar
  13. 13.
    Application of Machine Learning, 2018. Accessed February 5, 2018.Google Scholar
  14. 14.
    Ayon Dey, Machine learning algorithms: A review, Int. J. Comput. Sci. Inf. Technol., 2016, vol. 7, no. 3, pp. 1174–1179.Google Scholar
  15. 15.
    Logistic Regression, 2018. Accessed December 16, 2017.Google Scholar
  16. 16.
    Types of Machine Learning Algorithms, 2017. Accessed December 12, 2017.Google Scholar
  17. 17.
    Supervised Machine Learning, 2017. Accessed October 2, 2017.Google Scholar
  18. 18.
    Sci-kit Learn, Machine Learning in Python, 2017. Accessed November 5, 2017.Google Scholar
  19. 19.
    Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, Toward generating a new intrusion detection dataset and intrusion traffic characterization, 4th International Conference on Information Systems Security and Privacy (ICISSP), Portugal, 2018.Google Scholar
  20. 20.
    DDoS Attacks, 2017. Accessed November 14, 2017.Google Scholar
  21. 21.
    Chaudhary, A., Kolhe, S., and Kamal, R., An improved random forest classifier for multi-class classification, Inf. Process. Agric., 2016, vol. 3, no. 4, pp. 215–222.Google Scholar
  22. 22.
    Bharathidason, S. and Venkataeswaran, C.J., Improving classification accuracy based on random forest model with uncorrelated high performing trees, Int. J. Comput. Appl., 2014, vol. 101, no. 13, pp. 26–30.Google Scholar
  23. 23.
    Mellor, A., Haywood, A., Stone, C., and Jones, S., The performance of random forests in an operational setting for large area sclerophyll forest classification, Remote Sens., 2013, vol. 5, no. 6, pp. 2838–2856. CrossRefGoogle Scholar
  24. 24.
    Almseidin, M., Alzubi, S., and Kovacs, M., Alkasassbeh, Evaluation of machine learning algorithms for intrusion detection system, 2017 IEEE 15th International Symposium on Intelligent Systems and Informatics (SISY), 2017, pp. 277–282.Google Scholar
  25. 25.
    Gharib, A., Sharafaldin, I., Lashkari, A.H., and Ghorbani, A.A., An evaluation framework for intrusion detection dataset, Proc. 2016 International Conference on Information Science and Security (ICISS), 2016, pp. 1–6.Google Scholar

Copyright information

© Allerton Press, Inc. 2019

Authors and Affiliations

  1. 1.Department of Computer Science (HPU)ShimlaIndia

Personalised recommendations