Abstract
Distributed Denial of Service attack has been a huge threat to the Internet and may carry extreme losses to systems, companies, and national security. The invader can disseminate Distributed denial of service (DDoS) attacks easily, and it ends up being significantly harder to recognize and forestall DDoS attacks. In recent years, many IT-based companies are attacked by DDoS attacks. In this view, the primary concern of this work is to detect and prevent DDoS attacks. To fulfill the objective, various data mining techniques such that Jrip, J48, and k-NN have been employed for DDoS attacks detection. These algorithms are implemented and thoroughly evaluated individually to validate their performance in this domain. The presented work has been evaluated using the latest dataset CICIDS2017. The dataset characterizes different DDoS attacks viz. brute force SSH, brute force FTP, Heartbleed, infiltration, botnet TCP, UDP, and HTTP with port scan attack. Further, the prevention method takes place in progress to block the malicious nodes participates in any of the said attacks. The proposed DDoS prevention works in a proactive mode to defend all these attack types and gets evaluated concerning various parameters such as Throughput, PDR, End-to-End Delay, and NRL. This study claimed that the proposed technique outperforms with respect to the AODV routing algorithm.
Similar content being viewed by others
Data availability
Public datasets have been used.
Code availability
No.
References
Aamir M, Mustafa S, Zaidi A (2019) Clustering based semi-supervised machine learning for DDoS attack classification. J King Saud Univ - Comput Inf Sci 33(4):436–446
Abdulhammed R, Musafer H, Alessa A, Faezipour M, Abuzneid A (2019) Features dimensionality reduction approaches for machine learning based network. Electronics 8(3):322
Ahmed N, Hussain I, Yousaf Z (2019) Analysis and detection of DDoS attacks targetting virtualized servers. International Journal of Computer Science and Network Security 19(1):128–133
Akram B, Gaviro JC (2019) CICIDS2017 dataset: Performance improvements and validation as a robust intrusion detection system testbed. no. April, pp 0–13
Alzahrani S, Hong L (2018) Generation of DDoS attack dataset for effective IDS development and evaluation. J Inf Secur 09(04):225–241
Ammar H, Yilmaz Y (2018) Real-time detection and mitigation of DDoS attacks in intelligent transportation systems. IEEE, pp 157–163
Batra J, Krishna CR (2019) Ddos attack detection and prevention using Aodv routing mechanism and Ffbp neural network in a manet. Int J Recent Technol Eng (IJRTE) ISSN: 2277-3878, vol 8 Issue 2
Bista S, Chitrakar R (2017) DDoS attack detection using heuristics clustering algorithm and naïve bayes classification. J Inf Secur 9:33–44
Dejene D, Tiwari B, Tiwari V (2020) TD²SecIoT: Temporal, data-driven and dynamic network layer based security architecture for industrial IoT. International Journal of Interactive Multimedia & Artificial Intelligence 6(4)
Garg T, Khurana SS (2014) Comparison of classification techniques for intrusion detection dataset using WEKA. IEEE Int Conf Recent Adv Innov Eng
Gupta PK, Tyagi V, Singh SK (2017) Introduction to predictive computing. Predictive computing and information security. Springer, Singapore. https://doi.org/10.1007/978-981-10-5107-4_1
Hui Wang Z, Cao, Hong B (2020) A network intrusion detection system based on convolutional neural network. J Intell Fuzzy Syst 38(6):7623–7637
Intrusion Detection Evaluation Dataset (CIC-IDS) (2017) https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 31 June 2020
Kanimozhi V, Jacob TP, Kanimozhi V, Jacob TP (2019) Artificial intelligence based network intrusion detection with hyper-parameter optimization tuning on the realistic cyber dataset CSE-CIC-IDS2018 using cloud computing. ICT Express
Liu Z et al (2018) The efficiency comparison between DDoS and DoS attack. 2018 IEEE 9th Int Conf Inf Technol Med Educ, pp 1050–1054
Maccari L, Passerini A (2019) Security and privacy 2:1 A Big Data and machine learning approach for network monitoring and security. Security and Privacy 2(1):e53
Mohammed SS et al (2018) A new machine learning-based collaborative DDoS mitigation mechanism in software-defined network. Int Conf Wirel Mob Comput Netw Commun 2018-Oct, pp 1–8
Nema A, Tiwari B, Tiwari V (2016) Improving accuracy for intrusion detection through layered approach using support vector machine with feature reduction. In Proceedings of the ACM Symposium on Women in Research, pp 26-31
Patil NV, Krishna R, Kumar CK (2020) Apache spark based real-time DDoS detection system. J Intell Fuzzy Syst, IOS Press 38(5):6527–6535
Roempluk Tanaphon OS (2019) A machine learning approach for detecting distributed denial of service attacks (2019 Jt). Int. Conf. Digit. Arts, Media Technol. with ECTI North. Section Conf. Electr. Electron. Comput. Telecommun. Eng. (ECTI DAMT-NCON), pp 146–149
Shah S (2019) A comprehensive survey of machine learning-based network intrusion detection. Smart Intell Comput Appl. Springer, Singapore, pp 345–356
Sallam AA, Kabir MN, Alginahi YM, Jamal A, Thamer KE (2020) IDS for improving DDoS attack recognition based on attack profiles and network traffic features,.16th IEEE Int Colloq Signal Process its Appl, pp 255–260
Salloum SKSA, Muhammad A, Ashraf E (2020) Machine learning and deep learning techniques for cybersecurity: A review. Jt Eur Work Appl Invariance Comput Vis, pp 50–57
Sharafaldin I, Lashkari AH, Ghorbani AA (2018) Toward generating a new intrusion detection dataset and intrusion traffic characterization. Proc of the 4th Int Conf Inf Syst Secur Priv (ICISSP no. Cic, pp 108–116
Sharma K, Gupta BB (2018) Taxonomy of Distributed Denial of Service (DDoS) attacks and defense mechanisms in present era of smartphone devices. Int J E-Services Mob Appl 10(2):58–74
Shrivastava A, Sondhi J, Khan S (2017) An implementation of intrusion detection system using machine learning classification technique. Int Res J Eng Appl Sci 5(2):14–17
Singh N, Dumka A, Sharma R (2018) A novel technique to defend DDOS attack in manet. J Comput Eng Inf Technol 7:5. https://doi.org/10.4172/2324-9307.1000214
Singh M, Kant U, Gupta PK, Srivastava VM (2019) Cloud-based predictive intelligence and its security model. Predictive intelligence using big data and the Internet of things. IGI Global, pp 128–143
Tandon R, Gupta P (2021) A novel pseudonym assignment and encryption scheme for preserving the privacy of military vehicles. Def Sci J 71(2):192–199. https://doi.org/10.14429/dsj.71.15534
Tian GY, Monika R, Jonathon C (2020) An intrusion detection system against DDoS attacks in loT Networks. IEEE, pp 562–567
Vaseer G, Ghai G, Patheja PS (2017) A novel intrusion detection algorithm: An AODV routing protocol case study. In 2017 IEEE International Symposium on Nanoelectronic and Information Systems (iNIS). IEEE, pp 111-116
Xie YLJ, Richard F, Tao H, Xie R, Liu J, Wang C (2018) A survey of machine learning techniques applied to software defined networking (SDN): Research issues and challenges. IEEE Commun Surv Tutor 1:393–430
Yadav S, Tiwari V, Tiwari B (2016) Privacy preserving data mining with abridge time using vertical partition decision tree. In Proceedings of the ACM Symposium on Women in Research, pp 158-164
Author information
Authors and Affiliations
Contributions
Not applicable.
Corresponding author
Ethics declarations
Conflicts of interest/Competing interests
There is not any conflict of interest among authors.
Ethics approval
Not applicable.
Consent to participate
Not applicable.
Consent for publication
Not applicable.
Additional information
Publisher’s note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kebede, S.D., Tiwari, B., Tiwari, V. et al. Predictive machine learning-based integrated approach for DDoS detection and prevention. Multimed Tools Appl 81, 4185–4211 (2022). https://doi.org/10.1007/s11042-021-11740-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-021-11740-z