An Evaluation on KNN-SVM Algorithm for Detection and Prediction of DDoS Attack
Recently, damage caused by DDoS attacks increases year by year. Along with the advancement of communication technology, this kind of attack also evolves and it has become more complicated and hard to detect using flash crowd agent, slow rate attack and also amplification attack that exploits a vulnerability in DNS server. Fast detection of the DDoS attack, quick response mechanisms and proper mitigation are a must for an organization. An investigation has been performed on DDoS attack and it analyzes the details of its phase using machine learning technique to classify the network status. In this paper, we propose a hybrid KNN-SVM method on classifying, detecting and predicting the DDoS attack. The simulation result showed that each phase of the attack scenario is partitioned well and we can detect precursors of DDoS attack as well as the attack itself.
KeywordsDistributed Denial of Services (DDoS) Machine learning classifiers Security Intrusion detection Prediction Support Vector Machine (SVM) k-nearest neighbor (KNN) KNN-SVM
The authors would like to thank anonymous reviewers for their constructive comments and valuable suggestions. The authors wish to thank Universiti Teknologi Malaysia (UTM) under Research University Grant Vot-02G31 and Ministry of Higher Education Malaysia (MOHE) under the Fundamental Research Grant Scheme (FRGS Vot-4F551) for completion of the research.
- 1.Silver, B.: Netman: A learning network traffic controller. In: Proceedings of the Third International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems. Association for Computing Machinery (1990)Google Scholar
- 2.Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. In: RFC 2267, January 1998Google Scholar
- 5.Geng, X., Liu, T., Qin, T., Li, H.: Feature selection for ranking 2. Learning 49, 407–414 (2007)Google Scholar
- 7.Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning techniques to identify botnet traffic. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 967–974 (2006). doi: 10.1109/LCN.2006.322210
- 8.Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1996)Google Scholar
- 12.Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications CISDA 2009, pp. 1–6 (2009)Google Scholar
- 13.The CAIDA UCSD ‘DDoS Attack 2007’ Dataset (2013). http://www.caida.org/data/passive/ddos-20070804_dataset.xml