A hybrid methodology with learning based approach for protecting systems from DDoS attacks

Abstract

Distributed Denial of Service (DDoS) attacks still prevailing in Internet based and cloud based applications. To detect such attacks and mitigate their effect, many approaches came into existence. There are signature based methods, metrics based methods and machine learning (ML) based methods. With the availability of training data, ML based solutions, of late, became popular. However, there is need for evaluation of different ML models for real time usage in distributed applications. We proposed a ML based framework that has mechanisms, including feature selection, to have supervised learning for threat detection. The framework enables workflow required to pre-process data, select essential features, train ML classifiers and detect the DDoS attack and classify it. We also proposed an algorithm known as DDoS Attack Detection for Critical Services Protection (DAD-CSP) that takes dataset and ML pipeline as input, exploits the ML models and evaluates them. Feature selection has resulted in dimensionality reduction for improving quality in training. The ML models such as Decision Tree, Naïve Bayes and Random Forest showed different capabilities in attack classification. RF exhibited highest performance with 92% accuracy when compared with other two models.