Detection of DDoS Attack in TCP protocol using Hybrid Machine Learning Techniques

Authors

  • Prof. Vinod Desai  Assistant Professor, Department of Computer Science and Engineering, Angadi Institute of Technology and Management Belagavi, Department of Computer Science and Engineering, Savagaon, Karnataka, India
  • Aravind Pradhani  Student, Angadi Institute of Technology and Management Belagavi, Dept. of Computer Science and Engineering, Savagaon, Karnataka, India
  • Sheetal Majukar  Student, Angadi Institute of Technology and Management Belagavi, Dept. of Computer Science and Engineering, Savagaon, Karnataka, India

DOI:

https://doi.org/10.32628/IJSRSET207459

Keywords:

Distributed denial of services (DDoS), Machine learning classifiers, Security, Intrusion detection, Prediction, support vector machine (SVM), k-nearest neighbor (KNN), KNN-SVM

Abstract

Recently, damage caused by DDoS attacks increases year by year. Along with the advancement of communication technology, this kind of attack also evolves and it has become more complicated and hard to detect using flash crowd agent, slow rate attack and also amplification attack that exploits a vulnerability in DNS server. Fast detection of the DDoS attack, quick response mechanisms and proper mitigation are a must for an organization. An investigation has been performed on DDoS attack and it analyzes the details of its phase using machine learning technique to classify the network status. In this paper, we propose a hybrid KNN-SVM method on classifying, detecting and predicting the DDoS attack. The simulation result showed that each phase of the attack scenario is partitioned well and we can detect precursors of DDoS attack as well as the attack itself.

References

  1. Kreutz, Diego, et al. "Software-defined networking: A comprehensive survey." Proceedings of the IEEE 103.1 (2015): 14-76.
  2. Zargar, SamanTaghavi, James Joshi, and David Tipper. "A survey of defense mechanisms against distributed denial of service (DDoS) flooding attacks." IEEE communications surveys & tutorials 15.4 (2013):2046-2069.
  3. Yavuz CANBAY and Seref SAGIROGLU, “A Hybrid Method for Intrusion Detection” In IEEE 14th International Conference on Machine Learning andApplications”,2015.
  4. A.Saboor and B.Aslam, “ Analyses of Flow Based Techniques to Detect Distributed Denial of Service Attacks” In Proceedings of 12th International Bhurban Conference on Applied Sciences & Technology (IBCAST), 13th-17th Jan,2015. pp354-362.
  5. Saurav Nanda, Faheem Zafari, CasimerDeCusatis, Eric Wedaa and Baijian Yang, “Predicting Network Attack Patterns in SDN using Machine Learning Approach”, In IEEE Conference on Network Virtualization and Software Defined Networks (NFV- SDN),2016.
  6. Gisung Kim, Seungmin Lee, Sehun Kim “A novel hybrid attack detection method integrating anomaly detection with misuse detection”, - journal on Expert Systems with Applications – [Online ].
  7. Niyaz, Quamar, Weiqing Sun, and Ahmad Y. Javaid. "A deep learning based DDoS detection system in software-defined networking (SDN)." arXiv preprint arXiv:1611.07400(2016).
  8. Barki, Lohit, et al. "Detection of distributed denial of service attacks in software defined networks." Advances in Computing, Communications and Informatics (ICACCI), 2016 International Conference on. IEEE,2016.
  9. The most popular types of DNS attacks. [Online]. Available: https://securitytrails.com/blog/most-popular-types-dns-attacks (visited on 01/06/2020).
  10. D. Smith, Portmapper is preying on misconfigured servers to amplify attacks, Sep. 2015. [Online]. Available: https://blog.radware.com/security/2015/09/portmapper-preying-on-serve rs/ (visited on 01/25/2020).
  11. Akamai, Attackers using new MS SQL reflection techniques, Feb. 2015. [Online]. Available: https://blogs.akamai.com/2015/02/plxsert- warns- of- ms- sql- reflection- attacks.html (visited on 01/08/2020).
  12. J. M. Alonso, R. Bordon, M. Beltran, and A. Guzman, “LDAP injection techniques,” in IEEE Singapore International Conference on Communication Systems, Guangzhou, China, Nov.2008, pp. 980–986.
  13. Microsoft, MS03-034: Flaw in NetBIOS could lead to information disclosure, Sep. 2019. [On-line]. Available: https://support.microsoft.com/en-us/help/824105/ms03-034-flaw-i n-netbios-could-lead-to-information-disclosure (visited on 01/16/2020).Cloudflare, NTP amplification DDoS attack. [Online]. Available: https://www.cloudflare

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2020-08-30

Issue

Volume 7, Issue 4, July-August-2020

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Prof. Vinod Desai, Aravind Pradhani, Sheetal Majukar "Detection of DDoS Attack in TCP protocol using Hybrid Machine Learning Techniques" International Journal of Scientific Research in Science, Engineering and Technology (IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 7, Issue 4, pp.253-258, July-August-2020. Available at doi : https://doi.org/10.32628/IJSRSET207459