Skip to main content
SpringerLink
Log in
Book cover

International Conference on Network Security and Applications

CNSA 2011: Advances in Network Security and Applications pp 441–452Cite as

Evaluating Machine Learning Algorithms for Detecting DDoS Attacks

  • Conference paper

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 196))

Abstract

Recently, as the serious damage caused by DDoS attacks increases, the rapid detection of the attack and the proper response mechanisms are urgent. Signature based DDoS detection systems cannot detect new attacks. Current anomaly based detection systems are also unable to detect all kinds of new attacks, because they are designed to restricted applications on limited environments. However, existing security mechanisms do not provide effective defense against these attacks, or the defense capability of some mechanisms is only limited to specific DDoS attacks. It is necessary to analyze the fundamental features of DDoS attacks because these attacks can easily vary the used port/protocol, or operation method. Also lot of research work has been done in detecting the attacks using machine learning techniques. Still what are the relevant features and which technique will be more suitable one for the attack detection is an open question. In this paper, we use the chi-square and Information gain feature selection mechanisms for selecting the important attributes. With the selected attributes, various machine learning models, like Navies Bayes, C4.5, SVM, KNN, K-means and Fuzzy c-means clustering are developed for efficient detection of DDoS attacks. Then our experimental results show that Fuzzy c-means clustering gives better accuracy in identifying the attacks.

This work is a part of the Collaborative Directed Basic Research on Smart and Secure Environment project, funded by NTRO and AISRF.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Anitha, N.: An Investigation into the detection and Mitigation of Denial of Service (DoS) Attacks, Monograph. Springer, Heidelberg (in press, 2011)

    Google Scholar 

  2. A Tutorial on Clustering Algorithms, http://Clustering-FuzzyC-means.htm

  3. Cheng, J., Yin, J., Liu, Y., Cai, Z., Li, M.: DDoS Attack Detection Algorithm Using IP Address Features. In: Deng, X., Hopcroft, J., Xue, J. (eds.) FAW 2009. LNCS, vol. 5598, pp. 207–215. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  4. Erskin, E., Arnold, A., Prerau, M., Portnoy, L.: A Geometric Framework for Unsupervised Anomaly Detection: Detecting Intrusions in Unlabeled Data. In: Barbará, D., Jajodia, S. (eds.) Applications of Data Mining in Computer Security, pp. 77–102. Kluwer, Dordrecht (2002)

    Chapter  Google Scholar 

  5. Jin, S., Yeung, D.S.: A covariance analysis model for ddos attack detection. In: Proceedings of IEEE International Conference on Communications, June 20-24, vol. 4, pp. 1882–1886. IEEE, Los Alamitos (2004)

    Google Scholar 

  6. Jang, J.-S.R., Sun, C.-T., Mizutani, E.: Data Clustering Algorithms. In: Neuro-Fuzzy and Soft Computing – A Computational Approach to Learning and Machine Intelligence. ch.15, pp. 423–433. Prentice-Hall, Inc., Englewood Cliffs (1997)

    Google Scholar 

  7. Kim, D., Park, J.: Network-Based Intrusion Detection with Support Vector Machines. In: Kahng, H.-K. (ed.) ICOIN 2003. LNCS, vol. 2662, pp. 747–756. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  8. KNIME, http://www.knime.org (accessed February 7, 2011)

  9. Jalil, K.A., Masrek, M.N.: Comparison of Machine Learning Algorithms Performance in Detection Network Intrusion. In: International Conference on Networking and Information Technology, pp. 221–226. IEEE, Los Alamitos (2010)

    Google Scholar 

  10. Lee, K., Kim, J., Kwon, K.H., Han, Y., Kim, S.: DDoS Attack Detection Method using Cluster Analysis. Expert Systems with Applications 34, 1659–1665 (2008)

    Article  Google Scholar 

  11. Panda, M., Patra, M.R.: Evaluating Machine Learning Algorithms for Detecting Network Intrusions. International Journal of Recent Trends in Engineering 1(1), 472–477 (2009)

    Google Scholar 

  12. Kim, M., Na, H., Chae, K., Bang, H., Na, H.: A Combine Datamining Approach for DDoS Attack Detection. In: Kahng, H.-K., Goto, S. (eds.) ICOIN 2004. LNCS, vol. 3090, pp. 943–950. Springer, Heidelberg (2004)

    Google Scholar 

  13. Mitchell, T.: Machine Learning. McGraw Hill, New York (1997)

    MATH  Google Scholar 

  14. Nguyen, H.V., Choi, Y.: Proactive Detection of DDoS Attacks Utilizing K-NN Classifier in an Anti-DDos Framework. International Journal of Electrical and Electronics Engineering 4(4), 247–252 (2009)

    Google Scholar 

  15. Paruchuri, V., Durresi, A., Chellappan, S.: TTL based Packet Marking for IP Traceback. In: Proceedings of the IEEE Global Telecommunications Conference, November 30 - Decmber 4, pp. 2552–2556. IEEE, LA (2008)

    Google Scholar 

  16. Kabiri, P., Zargar, G.R.: Category-Based Selection of Effective Parameters for Intrusion Detection. IJCSNS International Journal of Computer Science and Network Security 9(9) (September 2009)

    Google Scholar 

  17. Seo, J., Lee, C., Shon, T., Cho, K.H., Moon, J.: A New DDoS Detection Model Using Multiple SVMs and TRA. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 976–985. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  18. Xu, T., He, D., Luo, Y.: DDoS Attack Detection Based on RLT Features. In: Proceedings of the International Conference on Computational Intelligence and Security, China, December 15-19, pp. 697–701 (2007)

    Google Scholar 

  19. Xu, T., He, D.K., Zheng, Y.: Detecting DDoS Attack Based on One-Way Connection Density. In: Proceedings of IEEE International Conference on Communications, Singapore, pp. 1–5 (October 2006)

    Google Scholar 

  20. UCSD Network Telescope – Code-Red Worms Dataset. The Cooperative As-sociation for Internet Data Analysis (2001), http://www.caida.org/data/passive/codered_worms_dataset.xml: (accessed February 7, 2009)

  21. Vapnik, V.: The Nature of Statitical Learning Theory. Springer, Heidelberg (1995)

    Book  MATH  Google Scholar 

  22. Wang, W., Gombault, S.: Efficient detection of DDoS attacks with important attributes. In: Proceedings of the Third International Conference on Risks and Security of Internet and Systems, pp. 61–67 (October 2008)

    Google Scholar 

  23. Yuan, J., Mills, K.: Monitoring the Macroscopic Effect of DDoS Flooding Attacks. IEEE Transactions on Dependable and Secure Computing 2, 324–335 (2005)

    Article  Google Scholar 

  24. Zargar, G.R., Kabiri, P.: Identification of effective network features for prob-ing attack detection. In: Proceedings of the First International Conference on Networked Digital Technologies, pp. 392–397 (July 2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mathematics and Computer Applications, PSG College of Technology, Coimbatore, India

    Manjula Suresh & R. Anitha

Authors
  1. Manjula Suresh
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. R. Anitha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Southeastern Louisiana University, 70402, Hammond, LA, USA

    David C. Wyld

  2. Chair of Systems and Computer Networks, Wroclaw University of Technology, Wybrzeze Wyspianskiego 27, 50-370, Wroclaw, Poland

    Michal Wozniak

  3. University of Calcutta, Calcutta, India

    Nabendu Chaki

  4. Jackson State University, 39217, Jackson, MS, USA

    Natarajan Meghanathan

  5. Wireilla Net Solutions PTY Ltd, Melbourne, Victoria, Australia

    Dhinaharan Nagamalai

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Suresh, M., Anitha, R. (2011). Evaluating Machine Learning Algorithms for Detecting DDoS Attacks. In: Wyld, D.C., Wozniak, M., Chaki, N., Meghanathan, N., Nagamalai, D. (eds) Advances in Network Security and Applications. CNSA 2011. Communications in Computer and Information Science, vol 196. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22540-6_42

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22540-6_42

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22539-0

  • Online ISBN: 978-3-642-22540-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation