An Evaluation on KNN-SVM Algorithm for Detection and Prediction of DDoS Attack

  • Ahmad Riza’ain Yusof
  • Nur Izura Udzir
  • Ali Selamat
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9799)


Recently, damage caused by DDoS attacks increases year by year. Along with the advancement of communication technology, this kind of attack also evolves and it has become more complicated and hard to detect using flash crowd agent, slow rate attack and also amplification attack that exploits a vulnerability in DNS server. Fast detection of the DDoS attack, quick response mechanisms and proper mitigation are a must for an organization. An investigation has been performed on DDoS attack and it analyzes the details of its phase using machine learning technique to classify the network status. In this paper, we propose a hybrid KNN-SVM method on classifying, detecting and predicting the DDoS attack. The simulation result showed that each phase of the attack scenario is partitioned well and we can detect precursors of DDoS attack as well as the attack itself.


Distributed Denial of Services (DDoS) Machine learning classifiers Security Intrusion detection Prediction Support Vector Machine (SVM) k-nearest neighbor (KNN) KNN-SVM 



The authors would like to thank anonymous reviewers for their constructive comments and valuable suggestions. The authors wish to thank Universiti Teknologi Malaysia (UTM) under Research University Grant Vot-02G31 and Ministry of Higher Education Malaysia (MOHE) under the Fundamental Research Grant Scheme (FRGS Vot-4F551) for completion of the research.


  1. 1.
    Silver, B.: Netman: A learning network traffic controller. In: Proceedings of the Third International Conference on Industrial and Engineering Applications of Artificial Intelligence and Expert Systems. Association for Computing Machinery (1990)Google Scholar
  2. 2.
    Ferguson, P., Senie, D.: Network ingress filtering: Defeating denial of service attacks which employ IP source address spoofing. In: RFC 2267, January 1998Google Scholar
  3. 3.
    Gavrilis, D., Dermatas, E.: Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features. Comput. Netw. 48(2), 235–245 (2005). doi: 10.1016/j.comnet.2004.08.014 CrossRefGoogle Scholar
  4. 4.
    Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS attack detection method using cluster analysis. Expert Syst. Appl. 34, 1659–1665 (2008)CrossRefGoogle Scholar
  5. 5.
    Geng, X., Liu, T., Qin, T., Li, H.: Feature selection for ranking 2. Learning 49, 407–414 (2007)Google Scholar
  6. 6.
    Suresh, M., Anitha, R.: Evaluating machine learning algorithms for detecting DDoS attacks. In: Wyld, D.C., Wozniak, M., Chaki, N., Meghanathan, N., Nagamalai, D. (eds.) CNSA 2011. CCIS, vol. 196, pp. 441–452. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  7. 7.
    Livadas, C., Walsh, R., Lapsley, D., Strayer, W.T.: Using machine learning techniques to identify botnet traffic. In: Proceedings 2006 31st IEEE Conference on Local Computer Networks, pp. 967–974 (2006). doi: 10.1109/LCN.2006.322210
  8. 8.
    Quinlan, J.R.: Induction of decision trees. Mach. Learn. 1(1), 81–106 (1996)Google Scholar
  9. 9.
    Ghosh, S., Dubey, S.: Comparative analysis of K-Means and fuzzy C-Means algorithms. IJACSA 4(4), 35–39 (2013). doi: 10.14569/IJACSA.2013.040406 CrossRefGoogle Scholar
  10. 10.
    Vapnik, V.: The Nature of Statitical Learning Theory. Springer, Heidelberg (1995)CrossRefzbMATHGoogle Scholar
  11. 11.
    Guo, G., Wang, H., Bell, D., Bi, Y., Greer, K.: Using kNN model-based approach for automatic text categorization. Soft. Comput. 10(5), 423–430 (2006)CrossRefGoogle Scholar
  12. 12.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.A.: A detailed analysis of the KDD CUP 99 data set. In: IEEE Symposium on Computational Intelligence for Security and Defense Applications CISDA 2009, pp. 1–6 (2009)Google Scholar
  13. 13.
    The CAIDA UCSD ‘DDoS Attack 2007’ Dataset (2013).

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Ahmad Riza’ain Yusof
    • 1
    • 2
  • Nur Izura Udzir
    • 1
  • Ali Selamat
    • 2
  1. 1.UTM-IRDA Digital Media CentreUniversiti Teknologi MalaysiaJohor BahruMalaysia
  2. 2.Faculty of ComputingUniversiti Teknologi MalaysiaJohor BahruMalaysia

Personalised recommendations