Browse > Article
http://dx.doi.org/10.6109/jkiice.2021.25.1.69

DDoS traffic analysis using decision tree according by feature of traffic flow  

Jin, Min-Woo (Department of Information & Communication Engineering Department, WonKwang University)
Youm, Sung-Kwan (Department of Information & Communication Engineering Department, WonKwang University)
Publication Information
Journal of the Korea Institute of Information and Communication Engineering / v.25, no.1, 2021 , pp. 69-74 More about this Journal
Abstract
Internet access is also increasing as online activities increase due to the influence of Corona 19. However, network attacks are also diversifying by malicious users, and DDoS among the attacks are increasing year by year. These attacks are detected by intrusion detection systems and can be prevented at an early stage. Various data sets are used to verify intrusion detection algorithms, but in this paper, CICIDS2017, the latest traffic, is used. DDoS attack traffic was analyzed using the decision tree. In this paper, we analyzed the traffic by using the decision tree. Through the analysis, a decisive feature was found, and the accuracy of the decisive feature was confirmed by proceeding the decision tree to prove the accuracy of detection. And the contents of false positive and false negative traffic were analyzed. As a result, learning the feature and the two features showed that the accuracy was 98% and 99.8% respectively.
Keywords
Intrusion detection system; DDoS; Decision tree; Predictor importance; CICIDS2017;
Citations & Related Records
연도 인용수 순위
  • Reference
1 FotiGuard Labs. Global Threat Trend Report [Internet]. Available: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/ko_kr/threat-report-h1-2020-kr.pdf.
2 KISA. Cyber Security Issue Report Q2 2020 [Internet]. Available: https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=35506.
3 H. J. Gil and S. H. Kim, "A Tree-based Intrusion Detection System (IDS) considering Data features," in Conference Proceeding of The Korean Operations Research and Management Science Society, Seoul: SU, pp. 605-608, Oct. 2009.
4 I. Lee and S. Oh, "Optimization of Intrusion Detection Systems based on signature-based rules," Communications of the Korean Institute of Information Scientists and Engineers, vol. 33, no. 6, pp. 55-60, Jun. 2015.
5 E. M. Yang and C. H. Seo, " A Study on Intrusion Detection in Network Intrusion Detection System using SVM," Journal of Digital Convergence, vol. 16, no. 5, pp. 399-406, May. 2018.   DOI
6 I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, " Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," In Proceeding of the 4th International Conference on Information Systems Security and Privacy, Funchal: FNC, pp. 108-116, Jan. 2018.
7 Intrusion Detection Evaluation Dataset (CIC-IDS2017) [Internet]. Available: https://www.unb.ca/cic/datasets/ids-2017.html.
8 S. H. Choi, M. H. Jang, and M. S. Kim, "A Study on AI algorithms to Improve Precision Rate in a Managed Security Service," The transactions of The Korean Institute of Electrical Engineers, vol. 69, no. 7, pp. 1046-1052, Jul. 2020.   DOI
9 B. H. Menze, B. M. Kelm, R. Masuch, R. U. Himmelreich, P. Bachert, W. Petrich, and F. A. Hamprecht, "A comparison of random forest and its Gini importance with standard chemometric methods for the feature selection and classification of spectral data," BMC Bioinformat, vol. 10, no. 213, pp. 1-16, Jul. 2009.   DOI
10 G. Louppe, "Understanding random forests," Ph. D. dissertation, University of Liege, liege, Be, Jul. 2014.