IJWMT Vol. 14, No. 5, 8 Oct. 2024
Cover page and Table of Contents: PDF (size: 1243KB)
PDF (1243KB), PP.59-71
Views: 0 Downloads: 0
Cyber Security, Network traffic patterns, Random Forest Classifier, Performance evaluation, Accuracy, Collective Classifier
In today's interconnected world, the threat of intrusion activities continues to rise, making it imperative to deploy effective security measures such as Intrusion Detection Systems (IDS). These systems play a vital role in monitoring network and system activities to identify unauthorised or malicious behaviour. The focus of this research is on evaluating the efficiency of different IDS in detecting anomalies in network traffic, specifically targeting Denial of Service (DDoS) attacks that exploit server vulnerabilities using IP addresses. The study utilises the CIC-DDoS 2019 dataset to analyse the performance of various IDS, particularly Network Intrusion Detection Systems (NIDSs), in predicting DDoS attacks accurately. To combat the diverse range of DDoS threats, a collective classifier is introduced, which combines four top-performing algorithms to enhance detection capabilities. By transforming the problem into a multilabel classification issue, the researchers aim to address the complexity of DDoS attacks effectively. Several machine learning (ML) and artificial intelligence (AI) algorithms are employed in the study, including Random Forest Classifier, Decision Tree Classifier, Support Vector Machine (SVM), Naïve Bayes, Multi-Layer Perceptron, Long Short-Term Memory (LSTM), and XGBoost Classifier. Evaluating the performance and computational efficiency of these algorithms is crucial to determining the most effective approach to detecting DDoS attacks. The results of the research highlight the effectiveness of the Random Forest Classifier and Multi-Layer Perceptron in accurately detecting DDoS attacks, as evidenced by their high accuracy rates on the test dataset. These findings underscore the importance of leveraging advanced ML algorithms to enhance the security of networks and systems against evolving cybersecurity threats. In conclusion, the study emphasises the significance of deploying robust IDS equipped with sophisticated ML algorithms to safeguard against intrusion activities like DDoS attacks. By continuously evaluating and improving the performance of these systems, organisations can enhance their cybersecurity posture and mitigate the risks posed by malicious actors in the digital landscape.
Dandugudum Mahesh, T. Sampath Kumar, "Machine Learning Algorithms for Detecting DDoS Attacks in Intrusion Detection Systems", International Journal of Wireless and Microwave Technologies(IJWMT), Vol.14, No.5, pp. 59-71, 2024. DOI:10.5815/ijwmt.2024.05.05
[1]J. P. Anderson, Computer security threat monitoring and surveillance. 1980.
[2]E. G. Amoroso, Intrusion detection: an introduction to Internet surveillance, correlation, traps, trace back, and response. 1999. http://ci.nii.ac.jp/ncid/BA46982482
[3]K. B. Adedeji, A. M. Abu-Mahfouz, and A. M. Kurien, “DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and Challenges,” Journal of Sensor and Actuator Networks, vol. 12, no. 4, p. 51, Aug. 2023, doi:10.3390/jsan12040051.
[4]D. AKGUN, S. HIZAL, and U. CAVUSOGLU, “A New DDoS Attacks Intrusion Detection Model Based on Deep Learning for Cybersecurity,” Computers & Security, p. 102748, May 2022, doi:10.1016/j.cose.2022.102748.
[5]J. Zheng and M. Hu, “Intrusion Detection of DoS/DDoS and Probing Attacks for Web Services,” Lecture notes in computer science, pp. 333–344, Jan. 2005, doi:10.1007/11563952_30.
[6]A. A. Aburomman and M. B. I. Reaz, “A survey of intrusion detection systems based on ensemble and hybrid classifiers,” Computers & Security, vol. 65, pp. 135–152, Mar. 2017, doi:10.1016/j.cose.2016.11.004.
[7]H. Gajjar and Z. Malek, “A Survey of Intrusion Detection System (IDS) using Openstack Private Cloud,” 2020 Fourth World Conference on Smart Trends in Systems, Security and Sustainability (WorldS4), Jul. 2020, doi:10.1109/worlds450073.2020.9210313.
[8]M. A. Ferrag, L. Shu, H. Djallel, and K.-K. R. Choo, “Deep Learning-Based Intrusion Detection for Distributed Denial of Service Attack in Agriculture 4.0,” Electronics, vol. 10, no. 11, p. 1257, May 2021, doi:10.3390/electronics10111257.
[9]N. Moustafa, J. Hu, and J. Slay, “A holistic review of Network Anomaly Detection Systems: A comprehensive survey,” Journal of Network and Computer Applications, vol. 128, pp. 33–55, Feb. 2019, doi:10.1016/j.jnca.2018.12.006.
[10]S. Murali and A. Jamalipour, “A Lightweight Intrusion Detection for Sybil Attack Under Mobile RPL in the Internet of Things,” IEEE Internet of Things Journal, vol. 7, no. 1, pp. 379–388, Jan. 2020, doi:10.1109/jiot.2019.2948149.
[11]S. Behal, K. Kumar, and M. Sachdeva, “D-FACE: An anomaly based distributed approach for early detection of DDoS attacks and flash events,” Journal of Network and Computer Applications, vol. 111, pp. 49–63, Jun. 2018, doi:10.1016/j.jnca.2018.03.024.
[12]J. David and C. Thomas, “DDoS Attack Detection Using Fast Entropy Approach on Flow- Based Network Traffic,” Procedia Computer Science, vol. 50, pp. 30–36, 2015, doi: 10.1016/j.procs.2015.04.007.
[13]Aslan, Ömer, “Using Machine Learning Techniques to Detect Attacks in Computer Networks”, Aegean Summit 4th International Applied Sciences Congress, pp.1-8, February 12 - 13, 2022, Muğla, Turkey.
[14]D. Li, L. Deng, M. Lee, and H. Wang, “IoT data feature extraction and intrusion detection system for smart cities based on deep migration learning,” International Journal of Information Management, vol. 49, pp. 533–545, Dec. 2019, doi:10.1016/j.ijinfomgt.2019.04.006.
[15]I. Trawinski, H. Wimmer, and J. Kim, “Anomaly Detection in Intrusion Detection System using Amazon SageMaker,” IEEE Xplore, May 01, 2023. https://ieeexplore.ieee.org/abstract/document/10197735 (accessed Aug. 20, 2023).
[16]G. A. Jaafar, S. M. Abdullah, and S. Ismail, “Review of Recent Detection Methods for HTTP DDoS Attack,” Journal of Computer Networks and Communications, vol. 2019, pp. 1–10, Jan. 2019, doi:10.1155/2019/1283472.
[17]A. Selamat, A. R. Yusof, and N. I. Udzir, “Systematic literature review and taxonomy for DDoS attack detection and prediction,” International Journal of Digital Enterprise Technology, vol. 1, no. 3, p. 292, 2019, doi:10.1504/ijdet.2019.10019068.
[18]T. Ubale and A. K. Jain, “Survey on DDoS Attack Techniques and Solutions in Software-Defined Network,” Handbook of Computer Networks and Cyber Security, pp. 389–419, 2020, doi: 10.1007/978-3-030-22277-2_15.
[19]W. Zhijun, L. Wenjing, L. Liang, and Y. Meng, “Low-Rate DoS Attacks, Detection, Defense, and Challenges: A Survey,” IEEE Access, vol. 8, pp. 43920–43943, 2020, doi: 10.1109/access.2020.2976609.
[20]P. Gulihar and B. B. Gupta, “Cooperative Mechanisms for Defending Distributed Denial of Service (DDoS) Attacks,” Handbook of Computer Networks and Cyber Security, pp. 421–443, 2020, doi:10.1007/978-3-030-22277-2_16.
[21]K. Leung and C. Leckie, “Unsupervised anomaly detection in network intrusion detection using clusters,” pp. 333–342, Jan. 2005.
[22]N. Farnaaz and M. A. Jabbar, “Random Forest Modeling for Network Intrusion Detection System,” Procedia Computer Science, vol. 89, pp. 213–217, Jan. 2016, doi:10.1016/j.procs.2016.06.047.
[23]S. Waskle, L. Parashar, and U. Singh, “Intrusion Detection System Using PCA with Random Forest Approach,” 2020 International Conference on Electronics and Sustainable Communication Systems (ICESC), Jul. 2020, doi:10.1109/icesc48915.2020.9155656.
[24]K. Ghanem, F. J. Aparicio-Navarro, K. G. Kyriakopoulos, S. Lambotharan, and J. A. Chambers, “Support Vector Machine for Network Intrusion and Cyber-Attack Detection,” IEEE Xplore, Dec. 01, 2017. https://ieeexplore.ieee.org/document/8233268 (accessed Sep. 26, 2021).
[25]S. Mukkamala, G. Janoski, and A. Sung, “Intrusion detection using neural networks and support vector machines,” IEEE Xplore, 2002. https://ieeexplore.ieee.org/document/1007774 (accessed Apr. 08, 2021).
[26]L. Su, Bai Wen-hua, Z. Zhu, and X. He, “Research on Application of Support Vector Machine in Intrusion Detection,” Journal of physics, vol. 2037, no. 1, pp. 012074–012074, Sep. 2021, doi:10.1088/1742-6596/2037/1/012074.
[27]X. Su, D. Zhang, W. Li, and K. Zhao, “A Deep Learning Approach to Android Malware Feature Learning and Detection,” 2016 IEEE Trustcom/BigDataSE/ISPA, 2016, doi: https://doi.org/10.1109/TrustCom.2016.0070.
[28]A. Guezzaz, S. Benkirane, M. Azrour, and S. Khurram, “A Reliable Network Intrusion Detection Approach Using Decision Tree with Enhanced Data Quality,” Security and Communication Networks, vol. 2021, pp. 1–8, Aug. 2021, doi:10.1155/2021/1230593.
[29]T. Chen and C. Guestrin, “XGBoost: a Scalable Tree Boosting System,” Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data Mining - KDD ’16, pp. 785–794, 2016, doi: 10.1145/2939672.2939785.
[30]Mohd Fadzli Marhusin, D. Cornforth, and H. Larkin, “An overview of recent advances in intrusion detection,” 8th IEEE International Conference on Computer and Information Technology, 8-11 July 2008, doi:10.1109/cit.2008.4594714.
[31]T. Garg and S. S. Khurana, “Comparison of classification techniques for intrusion detection dataset using WEKA,” IEEE Xplore, May 01, 2014. doi: 10.1109/ICRAIE.2014.6909184.
[32]M. Tabash, M. Abd Allah, and B. Tawfik, “Intrusion Detection Model Using Naive Bayes and Deep Learning Technique,” The International Arab Journal of Information Technology, vol. 17, no. 2, pp. 215–224, Feb. 2019, doi:10.34028/iajit/17/2/9.
[33]Z. Ling, Z. J.Wei, F.N.Mei, and Z.H.Hao, “Intrusion Detection Model based on Rough Set and Random Forest,” International Journal of Grid and High Performance Computing, vol. 14, no. 1, Jan. 2022, doi:10.4018/ijghpc.301581
[34]T. Ling, L. Chong, X. Jingming, and C. Jun, “Application of Self-organizing Feature Map Neural Network Based on K-means Clustering in Network Intrusion Detection,” Computers, Materials & Continua, vol. 61, no. 1, pp. 275–288, 2019, doi:10.32604/cmc.2019.03735.
[35]H. Wu, “Feature-Weighted Naive Bayesian Classifier for Wireless Network Intrusion Detection,” Security and Communication Networks, vol. 2024, pp. 1–13, Jan. 2024, doi:10.1155/2024/7065482.
[36]D. Alghazzawi, O. Bamasag, H. Ullah, and M. Z. Asghar, “Efficient Detection of DDoS Attacks Using a Hybrid Deep Learning Model with Improved Feature Selection,” Applied Sciences, vol. 11, no. 24, p. 11634, Dec. 2021, doi:10.3390/app112411634.
[37]Y. S. Hussain, “Network Intrusion Detection for Distributed Denial-of-Service (DDoS) Attacks using Machine Learning Classification Techniques,” https://dspace.library.uvic.ca/items/82cf1c50-1c11-49c9-be63-cb78894f18ff
[38]V. Ahuja, Mrunal Kotkar, Rohini Bhongade, and Deepak Kshirsagar, “Reflection based Distributed Denial of Service Attack Detection System,” 2022 6th International Conference On Computing, Communication, Control And Automation (ICCUBEA, Aug. 2022, doi: 10.1109/iccubea54992.2022.10011055.
[39]Z. Zhang, Y. Li, A. Shen, and J. Hu, “An Intelligent Network Intrusion Detector Using Deep Learning Model,” 2022 International Conference on Artificial Intelligence, Information Processing and Cloud Computing (AIIPCC), 19-21 August, 2022, doi: 10.1109/AIIPCC57291.2022.00011.
[40]A. Rosay, K. Riou, F. Carlier, and P. Leroux, “Multi-layer perceptron for network intrusion detection,” Annals of Telecommunications, May 2021, doi: 10.1007/s12243-021-00852-0.
[41]B. B. Borisenko, S. D. Erokhin, A. S. Fadeev, and I. D. Martishin, “Intrusion Detection Using Multilayer Perceptron and Neural Networks with Long Short-Term Memory,” Jun. 2021, doi:10.1109/synchroinfo51390.2021.9488416.
[42]A. Jassam Mohammed, M. Hameed Arif, and A. Adil Ali, “A multilayer perceptron artificial neural network approach for improving the accuracy of intrusion detection systems,” IAES International Journal of Artificial Intelligence (IJ-AI), vol. 9, no. 4, p. 609, Dec. 2020, doi: 10.11591/ijai.v9.i4.pp609-615.
[43]F. Laghrissi, S. Douzi, K. Douzi, and B. Hssina, “Intrusion detection systems using long short-term memory (LSTM),” Journal of Big Data, vol. 8, no. 1, May 2021, doi:10.1186/s40537-021-00448-4.
[44]I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy,” 2019 International Carnahan Conference on Security Technology (ICCST), Oct. 2019, doi:10.1109/ccst.2019.8888419.
[45]D.-S. Kim and Jong Chun Park, “Network-Based Intrusion Detection with Support Vector Machines,” Information Networking, edited by Hyun-Kook Kahng, vol. 2662, Springer Berlin Heidelberg, Feb. 2003, doi: 10.1007/978-3-540-45235-5_73.
[46]K. Manish, D. Medhane, I. Rajesh, A. Buchade, and A. Khodaskar, “Feature-Based Intrusion Detection System with Support Vector Machine.” In 2022 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS), 1–7. Pune, India: IEEE, 2022. doi: 10.1109/ICBDS53701.2022.9935972.
[47]J. Azimjonov and T. Kim, “Stochastic gradient descent classifier-based lightweight intrusion detection systems using the efficient feature subsets of datasets,” Expert Systems with Applications, vol. 237, p. 121493, Mar. 2024, doi:10.1016/j.eswa.2023.121493.
[48]I. Ortega-Fernandez, M. Sestelo, J. C. Burguillo, and C. Piñón-Blanco, “Network intrusion detection system for DDoS attacks in ICS using deep autoencoders,” Wireless Networks, Jan. 2023, doi:10.1007/s11276-022-03214-3.
[49]Gottapu Sankara Rao and P. Krishna Subbarao, “A Novel Approach for Detection of DoS / DDoS Attack in Network Environment using Ensemble Machine Learning Model,” International journal on recent and innovation trends in computing and communication, vol. 11, no. 9, pp. 244–253, Oct. 2023, doi: 10.17762/ijritcc.v11i9.8340.
[50]R. S. Devi, R. Bharathi, and P. K. Kumar. “Investigation on Efficient Machine Learning Algorithm for DDoS Attack Detection.” In 2023 International Conference on Computer, Electrical & Communication Engineering (ICCECE), 1–5. Kolkata, India: IEEE, 2023. doi: 10.1109/ICCECE51049.2023.100852486. doi: 10.1007/978-3-319-41385-3.