Browse > Article
http://dx.doi.org/10.4218/etrij.2019-0156

Supervised learning-based DDoS attacks detection: Tuning hyperparameters  

Kim, Meejoung (Research Institute for Information and Communication Technology, Korea University)
Publication Information
ETRI Journal / v.41, no.5, 2019 , pp. 560-573 More about this Journal
Abstract
Two supervised learning algorithms, a basic neural network and a long short-term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.
Keywords
accuracy of detection; DDoS attack; long short-term memory; machine learning; tensorflow;
Citations & Related Records
연도 인용수 순위
  • Reference
1 X. Liang and Y. Xiao, Game theory for network security, IEEE Commun. Survey and Tuts. 15 (2013), no. 1, 472-486.   DOI
2 A. Fielder et al., Decision support approaches for cyber security investment, Decis Support Syst. 86 (2016), 13-23.   DOI
3 M. Kim, Game theoretic approach of eavesdropping attack in millimeter- wave-based WPANs with directional antennas, Wireless Netw. 25 (2019), no. 6, 3205-3222.   DOI
4 Y.-C. Wu et al., DDoS detection and traceback with decision tree and grey relational analysis, Int. J. Ad Hoc Ubiquitous Comput. 7 (2011), no. 2, 306-314.
5 T. Subbulakshmi et al., Detection of DDoS attacks using Enhanced Support Vector Machines with real time generated dataset, in Proc. Int. Conf. Advance Comput., Chennai, India, Dec. 2011, pp. 17-22.
6 C. Guo et al., A two-level hybrid approach for intrusion detection, Neurocomput. 214 (2016), 391-400.   DOI
7 M. Alkasassbeh et al., Detecting distributed denial of service attacks using data mining techniques, Int. J. Adv. Comput. Sci. Applicat. 7 (2016), no. 1, 436-445.
8 X. Zanget al., Botnet detection through fine flow classification, CSE Dept Technical Report, no. CSE11-001, 2011.
9 P. Salunkhe and M. Shishupal, Denial-of -service attack detection using KDD, Int. J. Applicat. Innovation Eng. Manag. 4 (2015), no. 3, 1-5.
10 P. A. R. Kumar and S. Selvakumar, Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neurofuzzy systems, Comput. Commun. 36 (2013), 303-319.   DOI
11 X. Ma and Y. Chen, DDoS detection method based on chaos analysis of network traffic entropy, IEEE Commun. Lett. 18 (2014), no. 1, 114-117.   DOI
12 R. Robinson and C. Ciza Thomas, Thomas, Ranking of machine learning algorithms based on the performance in classifying DDoS attacks, in Proc. IEEE Recent Adv. Intell. Computat. Syst., Trivandrum, India, Dec. 2015, pp. 10-12.
13 X. Yuan, C. Li, and X. Li, Deepdefense: identifying ddos attack via deep learning, in Proc. IEEE SMARTCOMP, Hong Kong, China, 2017, pp. 1-8.
14 Q. Li et al., DDoS Attacks Detection using Machine Learning Algorithms, in: G. Zhai, J. Zhou, P. An, X. Yang (eds) Digital TV and Multimedia Communication. IFTC 2018. Communications in Computer and Information Science, vol. 1009. Springer, Singapore, pp 205-216.
15 C. Li et al., Detection and defense of ddos attack-based on deep learning in openflow-based sdn, Int J. Commun. Syst. 31 (2018), 1-15.
16 Z. He, T. Zhang, and R. B. Lee. Machine learning based DDoS attack detection from source side in cloud, in Proc. IEEE ICCSCC, New York, NY, 2017, pp. 114-120.
17 A. Verma, M. Arif, and M. S. Husain, Analysis of DDoS attack detection and prevention in cloud environment: A review, Int. J. Adv. Research Comput. Sci. 9 (2018), 107-113.   DOI
18 R. Priyadarshini and R. K. Barik. A deep learning based intelligent framework to mitigate DDoS attack in fog environment, J. King Saud Univ.-Comput. Inf. Sci. (2019), published on line. https ://doi.org/10.1016/j.jksuci.2019.04.010   DOI
19 N. Sharma, A. Mahajan, and V. Mansotra, Machine learning techniques used in detection of DoS attacks: a literature review, Int. J. Adv. Research Comput. Sci. Softw. Eng. 6 (2016), no. 3, 100-105.
20 R. M. Alguliyev, R. M. Aliguliyev, and F. J. Abdullayeva, The improved LSTM and CNN Models for DDoS attacks prediction in social media, Int. J. Cyber Warfare Terrorism. 9 (2019), no. 1, 1-16.
21 B. Jia et al., A DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning, Hindawi J. Elect. Comput. Eng. 2017 (2017), 4975343:1-9.
22 M. E. Aminanto et al., Deep abstraction and weighted feature selection for Wi-Fi impersonation detection, IEEE Trans. Inf. Forensics Secur. 13 (2018), no. 3, 621-635.   DOI
23 T. George, The next big cybercrime vector: Social media, Security Week (2014) Retrieved from https://www.secur itywe ek.com/nextbig-cybercrime-vector-social-media
24 T. Peng, C. Leckie, and K. Ramamohanarao. Survey of networkbased defense mechanisms countering the DoS and DDoS problems, ACM Comput. Surveys. 39 (2007), no. 1, 3:1-42.
25 Q. Yan and F. R. Yu, Distributed denial of service attacks in software-defined networking with cloud computing, IEEE Commun. Mag. 53 (2015), no. 4, 52-59.   DOI
26 H. Choi and H. Lee, Identifying botnets by capturing group activities in DNS traffic, Comput. Netw. 56 (2012), 20-33.   DOI
27 S. Suresh and N. S. Ram, A review on various DPM trace back schemes to detect DDoS attacks, Indian J. Sci. Technol. 9 (2016), no. 47, 1-8.
28 J. Katerina, K. Argyraki, and D. R. Cheriton, Active internet traffic filtering: real-time response to denial-of-service attacks, IEEE/ACM Trans. Netw. 17 (2009), no. 4, 1284-1297.   DOI
29 F. Anjum, D. Subhadrabandhu, and S. Sarkar, Signature based Intrusion Detection for Wireless Ad-Hoc Networks: A Comparative study of various routing protocols, in Proc. Veh. Technol. Conf., Orlando, FL, USA, Oct. 2003, pp. 2152-2156.
30 S. M. T. Nezhad, M. Nazari, and E. A. Gharavol, A novel DoS and DDoS attacks detection algorithm using ARIMA time series model and chaotic system in computer networks, IEEE Commun. Lett. 20 (2016), no. 4, 700-703.   DOI
31 G. Somani et al., Scale inside-out: rapid mitigation of cloud DDoS attacks, IEEE Trans. Dependable Secure Comput. 15 (2018), no. 6, 1-14.   DOI
32 S.-S. Alireza et al., Taxonomy of distributed denial of service mitigation approaches for cloud computing, J. Netw. Comput. Applicat. 58 (2015), 165-179.   DOI
33 N. Hoque, H. Kashyap, and D. K. Bhattacharyya, Real-time DDoS attack detection using FPGA, Comput. Commun. 110 (2017), no. C, 48-58.   DOI
34 S. Behal and K. Kumar, Measuring the impact of DDoS attacks on Web Services - A realtime experimentation, Int. J. Comput. Sci. Inf. Security. 14 (2016), no. 9, 323-330.
35 Dataset (used for submain) final dataset.rar Available from: https://www.researchgate.net/publication/292967044_Datas et_Detecting_Distr ibuted_Denial_of_Service_Attac ks_Using_Data_Mining_Techniques
36 J. Kimet al., CHOPT: automated hyperparameter optimization framework for cloud-based machine learning platforms, 2018, arXiv: 1810.03527v2.
37 J. Wu et al, Hyperparameter optimization for machine learning models based on bayesian optimization, J. Electron. Sci. Technol. 17 (2019), no 1, 26-40.
38 D. H. Deshmukh, T. Ghorpade, and P. Padiya. Improving classification using preprocessing and machine learning algorithms on NSL-KDD dataset, in Proc. Int. Conf. Commun. Inf. Ccomput. Technol., Mumbai, India, Jan. 2015, pp. 1-6.
39 CAIDA: Index of/datasets/security/ddos-20070804 [Online] Available from: https://data.caida.org/datasets/security/ddos-20070804/
40 MIT Lincoln Lab. Available from: https://www.ll.mit.edu/ideva l/data/1998data.html [last accessed March 22, 2019].
41 J. W. Osborne, Improving your data transformations: Applying the Box-Cox transformation, Practical Assessment, Research Evaluation 15 (2010), no. 12, 1-9.
42 D. P. Kingma and J. L. Ba, ADAM: A method for stochastic optimization, in Proc. Int. Conf. Learn. Representations, San Diego, USA, 2015, 1-15.
43 P. Probst, A.-L. Boulesteix, and B. Bisch, Tunability: importance of hyperparameters of machine learning algorithms, J. Mach. Learn. Research. 20 (2019), 1-32.
44 A. Azzouni and G. Pujolle. A long short-term memory recurrent neural network framework for network traffic matrix prediction, arxiv 1705.05690, v3 Thu, 8 Jun 2017.
45 S. Abraham and S. Nair, Cyber security analytics: a stochastic model for security quantification using absorbing markov chains, J. Commun. 9 (2014), no. 12, 899-907.