Skip to main content
SpringerLink
Log in

DDoS Attacks Detection Using Machine Learning Algorithms

  • Conference paper
  • First Online:
Digital TV and Multimedia Communication (IFTC 2018)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 1009))

Abstract

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. It has caused great harm to the security of the network environment. This paper develops a novel framework called PCA-RNN (Principal Component Analysis-Recurrent Neural Network) to identify DDoS attacks. In order to comprehensively understand the network traffic, we select most network characteristics to describe the traffic. We further use the PCA algorithm to reduce the dimensions of the features in order to reduce the time complexity of detection. By applying PCA, the prediction time can be significantly reduced while most of the original information can still be contained. Data after dimensions reduction is fed into RNN to train and get detection model. Evaluation result shows that for the real dataset, PCA-RNN can achieve significant performance improvement in terms of accuracy, sensitivity, precision, and F-score compared to the several existing DDoS attacks detection methods.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Douligeris, C., Mitrokotsa, A.: DDoS attacks and defense mechanisms: a classification. In: IEEE International Symposium on Signal Processing and Information Technology, pp. 190–193. IEEE (2003)

    Google Scholar 

  2. Study: Attack on KrebsOnSecurity Cost IoT Device Owners $323 K. https://krebsonsecurity.com/2018/05/study-attack-on-krebsonsecurity-cost-iot-device-owners-323k/

  3. Tao, Y., Yu, S.: DDoS attack detection at local area networks using information theoretical metrics. In: IEEE International Conference on Trust, Security and Privacy in Computing and Communications, pp. 233–240. IEEE (2013)

    Google Scholar 

  4. Mousavi, S.M., Sthilaire, M.: Early detection of DDoS attacks against SDN controllers. In: International Conference on Computing, Networking and Communications, pp. 77–81. IEEE (2015)

    Google Scholar 

  5. Ren, X.Y., Wang, R.C., Wang, H.Y.: Wavelet analysis method for detection of DDoS attack based on self-similar. J. Commun. 2(1), 73–77 (2006)

    Google Scholar 

  6. Dong, P., Du, X., Zhang, H., et al.: A detection method for a novel DDoS attack against SDN controllers by vast new low-traffic flows. In: IEEE International Conference on Communications, pp. 1–6. IEEE (2016)

    Google Scholar 

  7. Bilge, L., Balzarotti, D., Robertson, W., et al.: Disclosure: detecting botnet command and control servers through large-scale NetFlow analysis. In: Computer Security Applications Conference, pp. 129–138. ACM (2012)

    Google Scholar 

  8. Zhang, G., Jiang, S., Wei, G., et al.: A prediction-based detection algorithm against distributed denial-of-service attacks. In: International Conference on Wireless Communications and Mobile Computing: Connecting the World Wirelessly, IWCMC 2009, Leipzig, Germany, June, pp. 106–110. DBLP (2009)

    Google Scholar 

  9. Kumar, S.: Smurf-based distributed denial of service (DDoS) attack amplification in internet. In: International Conference on Internet Monitoring and Protection, p. 25. IEEE Computer Society (2007)

    Google Scholar 

  10. Kumar, S., Azad, M., Gomez, O., et al.: Can Microsoft?s Service Pack2 (SP2) security software prevent SMURF attacks?. In: Advanced International Conference on Telecommunications and International Conference on Internet and Web Applications and Services, p. 89. IEEE (2006)

    Google Scholar 

  11. Kim, S.J., Lee, S., Bae, B.: HAS-analyzer: detecting HTTP-based C&C based on the analysis of HTTP activity sets. KSII Trans. Internet Inf. Syst. 8(5), 1801–1816 (2014)

    Article  Google Scholar 

  12. Jacob, G., Hund, R., Kruegel, C., et al.: JACKSTRAWS: picking command and control connections from BOT traffic. In: Usenix Conference on Security, p. 29. USENIX Association (2011)

    Google Scholar 

  13. Tegeler, F., Fu, X., Vigna, G., et al.: BotFinder: finding bots in network traffic without deep packet inspection. In: Co-Next, pp. 349–360 (2012)

    Google Scholar 

  14. KDD Cup Data. http://kdd.ics.uci.edu/databases/kddcup99/kddcup-99.html

Download references

Acknowledgement

The paper is sponsored by CUC Guangzhou Institute (Project No: 2014-10-05).

Author information

Authors and Affiliations

  1. School of Information and Communication Engineering, Communication University of China, Beijing, China

    Qian Li

  2. Computer NIC Center, Communication University of China, Beijing, China

    Linhai Meng

  3. Laboratory of Media Audio & Video, Communication University of China, Beijing, China

    Yuan Zhang & Jinyao Yan

Authors
  1. Qian Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Linhai Meng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yuan Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jinyao Yan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Qian Li .

Editor information

Editors and Affiliations

  1. Shanghai Jiao Tong University, Shanghai, China

    Guangtao Zhai

  2. Shanghai Jiao Tong University, Shanghai, China

    Jun Zhou

  3. Shanghai University, Shanghai, China

    Ping An

  4. Shanghai Jiao Tong University, Shanghai, China

    Xiaokang Yang

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Singapore Pte Ltd.

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Li, Q., Meng, L., Zhang, Y., Yan, J. (2019). DDoS Attacks Detection Using Machine Learning Algorithms. In: Zhai, G., Zhou, J., An, P., Yang, X. (eds) Digital TV and Multimedia Communication. IFTC 2018. Communications in Computer and Information Science, vol 1009. Springer, Singapore. https://doi.org/10.1007/978-981-13-8138-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-981-13-8138-6_17

  • Published:

  • Publisher Name: Springer, Singapore

  • Print ISBN: 978-981-13-8137-9

  • Online ISBN: 978-981-13-8138-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation