Distributed Denial of Service Attacks Detection System by Machine Learning Based on Dimensionality Reduction

Abstract

Abstract Data mining algorithms have essential methods and rules that can contribute in detecting and preventing various types of network attacks. These methods are utilized with the intrusion detection systems that can be designed and developed preserve the information in organizations from damage. Specifically, the data mining technique allows users to effectively distinguish between normal and malicious traffic with good accuracy. In this paper, a methodology for revealing and detecting (DDOS) network attack was suggested using DM algorithms. The utilized methodology is divided especially into four parts, each part has its own rules, as the following: First one is the pre-processing which consists of three sub-steps: (i) encoding, (ii) log2, and (iii) PCA. Encoding is used by converting the original nominal packets into numeric features. Standardization of data was performed using logarithmic algorithm. Finally the PCA technique is applied eight times for several different features to reduce the dimensions of the dataset. The second stage is an anomaly detection model, (RF) algorithm is implemented for the extraction of data patterns while classification the types of the given features in training step, (NB) algorithm was also used in classifying the data to compare the results of its classification with the results of using the classifier (RF). In the third stage, the outcomes were tested by implementing the already trained datasets. In the fourth stage, the proposed system performance evaluation metrics were collected such as the rates of accuracy, false alarm, detection, precision, and F.measure. MIX dataset were utilized to train and test the proposed model which resulted from merging two datasets (PORTMAP+LDAP), which are used from the CICDDOS2019 datasets, each consisting of several types of attack packets, and benign packets. Several metrics were utilized in the evaluation of the proposed system. The best outcomes were obtained for detection by using the log2 algorithm and PCA technique in the preprocessing step and using (RF)classifier to classify the dataset. the accuracy when using MIX dataset was 99.9764%, the detection rate was 100%, false alarm rate ≍ 0, and the F.measure was 99.9% when PCA = 25.