Skip to main content
SpringerLink
Log in

Multiclassification Analysis of Volumetric, Protocol, and Application Layer DDoS Attacks

  • Conference paper
  • First Online:
Advanced Information Networking and Applications (AINA 2024)

Part of the book series: Lecture Notes on Data Engineering and Communications Technologies ((LNDECT,volume 204))

  • 252 Accesses

Abstract

In today’s digital landscape, Distributed Denial of Service (DDoS) attacks represent a constantly evolving and significant threat, interrupting online services via many attack vectors. These attacks universally aim to render websites and services inoperable. Developing effective detection strategies is imperative as DDoS attacks become more frequent, varied, and destructive. This paper introduces an in-depth multiclassification analysis of DDoS attacks, categorizing them into Volumetric, Protocol, and Application Layer attacks. Utilizing the extensive CICDDoS2019 dataset, which includes eleven specific DDoS attack variations, we systematically classify these variations. Our analysis employs six diverse Machine Learning (ML) models: Logistic Regression (LR), Decision Tree (DT), Random Forest (RF), Support Vector Machine (SVM), Neural Networks (NN), and Extreme Gradient Boosting (XGB). We aim to identify the most effective model for predicting DDoS traffic across each attack category and to ascertain the model with superior overall performance. The findings of this study provide valuable insights into the effectiveness of various ML techniques in countering DDoS attacks, thereby contributing to the fortification of digital infrastructures against this pervasive threat.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 149.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 279.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ghorbani, A.A., Wei, L., Tavallaee, M.: Network Attacks. In: Ghorbani, A.A., Wei, L., Tavallaee, M. (eds.) Network Intrusion Detection and Prevention, pp. 1–25. Springer US, Boston, MA (2010). https://doi.org/10.1007/978-0-387-88771-5_1

    Chapter  Google Scholar 

  2. Garant, D., Lu, W.: Mining botnet behaviors on the large-scale web application community. In: Proceedings of 27th IEEE International Conference on Advanced Information Networking and Applications, Barcelona, Spain, March 25–28 (2013)

    Google Scholar 

  3. Lu, W., Miller, M., Xue, L.: Detecting command and control channel of botnets in cloud. In: Traore, I., Woungang, I., Awad, A. (eds.) ISDDC 2017. LNCS, vol. 10618, pp. 55–62. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-69155-8_4

    Chapter  Google Scholar 

  4. DDoS Attack Types & Mitigation Methods: Imperva. DDoS Attacks, 3 Oct. 2023. https://www.imperva.com/learn/ddos/ddos-attacks/

  5. Mirai Botnet. What is the Mirai Botnet? https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/. Accessed 18 Dec 2023

  6. Lu, W., Ghorbani, A.A.: Bots behaviors vs. Human behaviors on large-scale communication networks (Extended Abstract). In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol. 5230. Springer, Berlin, Heidelberg (2008). https://doi.org/10.1007/978-3-540-87403-4_33

  7. CIS. Blog: The Mirai Botnet - Tips to Defend Your Organization. 30 July 2021. https://www.cisecurity.org/insights/blog/the-mirai-botnet-threats-and-mitigations

  8. Famous DDoS Attacks. The largest DDoS attacks of all time. https://www.cloudflare.com/learning/ddos/famous-ddos-attacks/. Accessed 15 Dec 2023

  9. Kiner, E, April, T.: Google Mitigated the Largest DDoS Attack to Date, Peaking above 398 Million RPS. Google cloud mitigated largest DDos attack, peaking above 398 million RPS, Google Cloud Blog, October 10, 2023. https://cloud.google.com/blog/products/identity-security/google-cloFud-mitigated-largest-ddos-attack-peaking-above-398-million-rps

  10. Vaughan-Nichols, S.: Google Cloud, AWS, and Cloudflare report largest DDoS attacks ever, October 10, 2023. https://www.zdnet.com/article/google-cloud-aws-and-cloudflare-report-largest-ddos-attacks-ever/

  11. Kiner, E, Konduru, S.: How Google Cloud Blocked Largest Layer 7 DDos Attack yet, 46 Million RPS. Google, August 18, 2022. https://cloud.google.com/blog/products/identity-security/how-google-cloud-blocked-largest-layer-7-ddos-attack-at-46-million-rps

  12. Lu, W., Mercaldo, N., Tellier, C.: Characterizing command and control channel of mongoose bots over TOR. In: Woungang, I., Dhurandher, S.K. (eds.) WIDECOM 2020. LNDECT, vol. 51, pp. 23–30. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-44372-6_2

    Chapter  Google Scholar 

  13. Nunley, K., Lu, W.: Detecting network intrusions using a confidence-based reward system. In: 2018 32nd International Conference on Advanced Information Networking and Applications Workshops (WAINA), pp. 175–180 (2018). https://doi.org/10.1109/WAINA.2018.00083

  14. Maranhão, A., et al.: Error-robust distributed denial of service attack detection based on an average common feature extraction technique. Sensors 20(20), 5845 (2020). https://doi.org/10.3390/s20205845

    Article  Google Scholar 

  15. Chu, T.S., Si, W., Simoff, S., Nguyen, Q.V.: A machine learning classification model using random forest for detecting DDoS attacks. In: 2022 International Symposium on Networks, Computers and Communications (ISNCC), Shenzhen, China, pp. 1–7 (2022).https://doi.org/10.1109/ISNCC55209.2022.9851797

  16. Batchu, R.K., Seetha, H.: An integrated approach explaining the detection of distributed denial of service attacks. Comput. Netw. 216, 109269 (2022). https://www.sciencedirect.com/science/article/pii/S1389128622003334

  17. Ma, R.K., Chen, X.B., Zhai, R.: A DDos Attack Detection Method Based on Natural Selection of Features and Models. MDPI, February 20, 2023. https://www.mdpi.com/2079-9292/12/4/1059#:~:text=In%20this%20paper%2C%20we%20propose,divided%20into%20four%20main%20phases

  18. Parfenov, D., Kuznetsova, L., Yanishevskaya, N, Bolodurina, I., Zhigalov, A., Legashev, L.: Research application of ensemble machine learning methods to the problem of multiclass classification of DDoS attacks identification. In: 2020 International Conference Engineering and Telecommunication (En&T), Dolgoprudny, Russia, pp. 1–7 (2020).https://doi.org/10.1109/EnT50437.2020.9431255

  19. Talaei Khoei, T., Kaabouch, N.: A comparative analysis of supervised and unsupervised models for detecting attacks on the intrusion detection systems. Information 14(2), 103 (2023). https://doi.org/10.3390/info14020103

  20. Li, J., Liu, M., Xue, Z., Fan, X., He, X.: RTVD: a real-time volumetric detection scheme for DDoS in the Internet of Things. IEEE Access 8, 36191–36201 (2020). https://doi.org/10.1109/ACCESS.2020.2974293

    Article  Google Scholar 

  21. Navruzov, E., Kabulov, A.: Detection and analysis types of DDoS attack. In: 2022 IEEE International IOT, Electronics and Mechatronics Conference (IEMTRONICS), Toronto, ON, Canada, pp. 1–7 (2022).https://doi.org/10.1109/IEMTRONICS55184.2022.9795729

  22. Sharafaldin, I., Lashkari, A.H., Hakak, S., Ghorbani, A.A.: Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: IEEE 53rd International Carnahan Conference on Security Technology, Chennai, India (2019)

    Google Scholar 

  23. Koroniotis, N., Moustafa, N., Sitnikova, E., Turnbull, B.: Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-IoT dataset. Futur. Gener. Comput. Syst. 100, 779–796 (2019)

    Article  Google Scholar 

  24. Hancock, J.T., Khoshgoftaar, T.M.: CatBoost for big data: an interdisciplinary review. J Big Data 7, 94 (2020). https://doi.org/10.1186/s40537-020-00369-8

    Article  Google Scholar 

  25. Kleinbaum, D.G., Klein, M.: Logistic Regression. Springer New York, New York, NY (2010). https://doi.org/10.1007/978-1-4419-1742-3

    Book  Google Scholar 

  26. Fürnkranz, J.: Decision Tree. In: Sammut, C., Webb, G.I. (eds.) Encyclopedia of Machine Learning, pp. 263–267. Springer US, Boston, MA (2010). https://doi.org/10.1007/978-0-387-30164-8_204

    Chapter  Google Scholar 

  27. Breiman, L.: Random forests. Mach. Learn. 45, 5–32 (2001)

    Article  Google Scholar 

  28. Christmann, A., Steinwart, I.: Support Vector Machines, Springer (2008). https://doi.org/10.1007/978-0-387-77242-4

  29. Mucherino, A., Papajorgji, P.J., Pardalos, P.M.: K-Nearest Neighbor Classification. In: Mucherino, A., Papajorgji, P.J., Pardalos, P.M. (eds.) Data Mining in Agriculture, pp. 83–106. Springer New York, New York, NY (2009). https://doi.org/10.1007/978-0-387-88615-2_4

    Chapter  Google Scholar 

  30. Bartz-Beielstein, T., Chandrasekaran, S., Rehbach, F.: Case Study II: Tuning of Gradient Boosting (xgboost). In: Bartz, E., Bartz-Beielstein, T., Zaefferer, M., Mersmann, O. (eds.) Hyperparameter Tuning for Machine and Deep Learning with R: A Practical Guide, pp. 221–234. Springer Nature Singapore, Singapore (2023). https://doi.org/10.1007/978-981-19-5170-1_9

    Chapter  Google Scholar 

  31. Ghorbani, A., Lu, W., Tavallaee, M.: Detection Approaches, Network Intrusion Detection and Prevention: Concepts and Techniques. Springer Publisher, pp. 27–53 (2009)

    Google Scholar 

  32. Ghorbani, A., Lu, W., Tavallaee, M.: Evaluation Criteria, In: Network Intrusion Detection and Prevention: Concepts and Techniques. Springer, pp. 161–183 (2009)

    Google Scholar 

  33. Ghorbani, A., Lu, W., Tavallaee, M.: Alert Management and Correlation, In: Network Intrusion Detection and Prevention: Concepts and Techniques. Springer, pp. 129–160 (2009)

    Google Scholar 

Download references

Acknowledgments

This research is supported by New Hampshire - INBRE through an Institutional Development Award (IDeA), P20GM103506, from the National Institute of General Medical Sciences of the NIH.

Author information

Authors and Affiliations

  1. Department of Computer Science, Keene State College, Keene, NH, USA

    Eric Brown, John Fisher, Aaron Hudon, Erick Colston & Wei Lu

  2. The University System of New Hampshire, Concord, USA

    Eric Brown, John Fisher, Aaron Hudon, Erick Colston & Wei Lu

Authors
  1. Eric Brown
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. John Fisher
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Aaron Hudon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Erick Colston
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Wei Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Wei Lu .

Editor information

Editors and Affiliations

  1. Department of Information and Communication Engineering, Fukuoka Institute of Technology, Fukuoka, Japan

    Leonard Barolli

Rights and permissions

Reprints and permissions

Copyright information

© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Brown, E., Fisher, J., Hudon, A., Colston, E., Lu, W. (2024). Multiclassification Analysis of Volumetric, Protocol, and Application Layer DDoS Attacks. In: Barolli, L. (eds) Advanced Information Networking and Applications. AINA 2024. Lecture Notes on Data Engineering and Communications Technologies, vol 204. Springer, Cham. https://doi.org/10.1007/978-3-031-57942-4_39

Download citation

Publish with us

Policies and ethics

Search

Navigation