DITFEC: Drift Identification in Traffic-Flow Streams for DDoS Attack Defense Through Ensemble Classifier

  • K. Munivara PrasadEmail author
  • V. Samba Siva
  • P. Krishna Kishore
  • M. Sreenivasulu
Conference paper
Part of the Lecture Notes in Networks and Systems book series (LNNS, volume 75)


The overwhelming of the request flow beyond the target server capacity leads to the service denial to the legitimate users. Because of the server’s oversized potential, the act of flooding requests beyond the server capacity is carried by the malicious attackers from distributed environment called distributed denial-of-service attack. Hence, applying the knowledge gained from the findings of previous request distributions research works seems to be the suitable strategy to cease the DDOS attacks. This strategy indispensable limitation is skipping to detect the new patterns of request flooding dug by the attacker at the server from the previous knowledge on earlier attack distribution patterns. Therefore, this paper endeavors to contribute on how to handle the limitation by proposing a novel-trained ensemble classifier with new features which reflects in the traffic-flow properties, so that the traffic-flow tuple shows distribution diversity from each other which is considered and attached to individual classifier. With the application of KS test, the proposed model tries to find the distribution diversity among the traffic-flow tuples using the features set. Later, the similar policy is used to discover the distribution resemblance amid the renewed tuple as well as the tuples involved to the multiple classifiers in the ensemble classification model. The experiment worked out on the voluminous traffic flow with visible distribution variety.


DDoS attack Ensembles approach KS test Application-layer DDoS attacks 


  1. 1.
    Bhuyan MH, Bhattacharyya DK, Kalita JK (2015) An empirical evaluation of information metrics for low-rate and high-rate DDoS attack detection. Pattern Recogn Lett 51(C):1–7CrossRefGoogle Scholar
  2. 2.
  3. 3.
    Palmieri F, Ricciardi S, Fiore U, Ficco M, Castiglione A (2015) Energy-oriented denial of service attacks: an emerging menace for large cloud infrastructures. J Supercomput 71(5):1620–1641CrossRefGoogle Scholar
  4. 4.
    Yan Q, Yu FR, Gong Q, Li J (2016) Software-defined networking (SDN) and distributed denial of service (DDoS) attacks in cloud computing environments: a survey, some research issues, and challenges. IEEE Commun Surv Tutorials 18(1):602–622CrossRefGoogle Scholar
  5. 5.
    Najafabadi MM, Khoshgoftaar TM, Napolitano A, Wheelus C (2016) RUDY attack: detection at the network level and its important features. In: FLAIRS conference, 30 Mar 2016, pp 288–293Google Scholar
  6. 6.
    Prasad KM, Reddy AR, Rao KV (2017) BIFAD: bio-inspired anomaly-based HTTP-flood attack detection. Wirel Pers Commun 97(1):281–308CrossRefGoogle Scholar
  7. 7.
    Vivin Sandar S, Shenai S (2012) Economic denial of sustainability (edos) in cloud services using http and xml based ddos attacks. Int J Comput Appl 41(20)Google Scholar
  8. 8.
    Alkasassbeh M, Al-Naymat G, Hassanat AB, Almseidin M (2016) Detecting distributed denial of service attacks using data mining techniques. Int J Adv Comput Sci Appl 7(1)Google Scholar
  9. 9.
    Revathi S, Malathi A (2013) A detailed analysis on NSL-KDD dataset using various machine learning techniques for intrusion detection. Int J Eng Res Technol (ESRSA Publications)Google Scholar
  10. 10.
    Ghasemi A, Zahediasl S (2012) Normality tests for statistical analysis: a guide for non-statisticians. Int J Endocrinol Metab 10(2):486CrossRefGoogle Scholar
  11. 11.
    Bai Y, Kobayashi H (2003) Intrusion detection systems: technology and development. In: 17th international conference on advanced information networking and applications 2003. AINA 2003, 27 Mar 2003. IEEE, pp 710–715Google Scholar
  12. 12.
  13. 13.
    The CAIDA (2007) DDoS attack 2007, Dataset Paul Hick, Emile Aben, KC Claffy, Josh Polterock. Available from
  14. 14.
    CAIDA UCSD Network Telescope, Three days of conficker—Nov 2008, Paul Hick, Emile Aben, Dan Andersen, KC Claffy. Available from
  15. 15.
    Behal S, Kumar K (2017) Characterization and comparison of DDoS attack tools and traffic generators: a review. IJ Netw Secur 19(3):383–393Google Scholar
  16. 16.
    Sommer R, Paxson V (2010) Outside the closed world: on using machine learning for network intrusion detection. In: 2010 IEEE symposium on Security and privacy (SP), 16 May 2010. IEEE, pp 305–316Google Scholar
  17. 17.
    Badve OP, Gupta BB (2016) Taxonomy of recent DDoS attack prevention, detection, and response schemes in cloud environment. In: Proceedings of the international conference on recent cognizance in wireless communication & image processing 2016. Springer, New Delhi, pp 683–693Google Scholar
  18. 18.
    Kiran S, Mohapatra A, Swamy R (2015) Experiences in performance testing of web applications with unified authentication platform using Jmeter. In: 2015 international symposium on technology management and emerging technologies (ISTMET), 25 Aug 2015. IEEE, pp 74–78Google Scholar
  19. 19.
    Powers DM (2011) Evaluation: from precision, recall and F-measure to ROC, informedness, markedness and correlationGoogle Scholar
  20. 20.
    An TK, Kim MH (2010) A new diverse AdaBoost classifier. In: 2010 international conference on artificial intelligence and computational intelligence (AICI), 23 Oct 2010, vol 1. IEEE, pp 359–363Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2019

Authors and Affiliations

  • K. Munivara Prasad
    • 1
    Email author
  • V. Samba Siva
    • 1
  • P. Krishna Kishore
    • 1
  • M. Sreenivasulu
    • 1
  1. 1.Chadalawada Ramanamma Engineering CollegeTirupatiIndia

Personalised recommendations