Skip to main content
SpringerLink
Log in

Evaluating the Performance of Various SVM Kernel Functions Based on Basic Features Extracted from KDDCUP'99 Dataset by Random Forest Method for Detecting DDoS Attacks

  • Published:
Wireless Personal Communications Aims and scope Submit manuscript

Abstract

The main goal of Denial of Service (DoS) attack is to restrict authorized users from gaining access to available services and resources or to prevent from processing the benign events. When a DoS attack is launched by multiple connected devices distributed over a network, the attack becomes a Distributed DoS attack (DDoS). The research community addressed various types of DDoS attacks in literature. DDoS attacks are very hazardous and difficult to resolve in real time. Each of these types of attacks has some key features that are identified to improve network security in real time. In this paper, an approach using Random Forest method is presented to extract the basic features from KDDCUP'99 dataset. With these features as the input, the proposed approach is smoothly extended for detection of new and unseen DDoS attacks with the assistance of nine support vector machine kernel functions namely Hyperbolic tangent kernel, Linear kernel, ANOVA RBF kernel, Spline kernel, Radial Basis kernel, Polynomial kernel, Laplacian kernel, Bessel kernel, and String kernel. The experimental study clearly shows that Laplace Dot support vector machine kernel (Laplacian kernel) function gives the paramount performance in terms of detecting seen and unseen DDoS attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2

Similar content being viewed by others

Availability of data and materials

Not applicable.

Code availability

Not applicable.

References

  1. Kumar, S., & Dutta, K. (2017). Direct trust-based security scheme for RREQ flooding attack in mobile ad hoc networks. International Journal of Electronics, 104(6), 1034–1049.

    Article  Google Scholar 

  2. Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44(5), 643–666.

    Article  Google Scholar 

  3. https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-research-shows-ddos-devastation-on-organizations-continues-to-climb. Accessed 12 September 2021.

  4. https://usa.kaspersky.com/about/press-releases/2020_kaspersky-research-finds-ddos-attacks-tripled-year-on-year-in-q2-2020. Accessed 13 September 2021.

  5. https://www.cdn.neustar/resources/whitepapers/security/neustar-cyber-threats-trends-report-2020.pdf. Accessed 13 September 2021.

  6. Kaur, P., Kumar, M., & Bhandari, A. (2017). A review of detection approaches for distributed denial of service attacks. Systems Science & Control Engineering, 5(1), 301–320.

    Article  Google Scholar 

  7. De Lima Filho, F. S., Silveira, F. A. F., De Medeiros Brito Junior, A., Vargas-Solar, G., & Silveira, L. F. (2021). Smart detection: An online approach for DoS/DDoS attack detection using machine learning. In Security and Communication Networks (Vol. 2019). Accessed 12 September 2021.

  8. Pourfallah, S., Jafari, A. H., Shahhoseini, H. S., & Oleyaeyan, M. (2014). An intrusion detection algorithm for AMI systems based on SVM and PCA. International Journal on Cybernetics & Informatics, 3(4), 1–9.

    Article  Google Scholar 

  9. Hasan, M. A. M., Xu, S., Kabir, M. M. J., & Ahmad, S. (2016). Performance evaluation of different kernels for support vector machine used in intrusion detection system. International Journal of Computer Networks & Communications, 8(6), 39–53.

    Article  Google Scholar 

  10. Zhang, J., Zulkernine, M., & Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5), 649–659.

    Article  Google Scholar 

  11. Bao, C. M. (2009). Intrusion detection based on one-class SVM and SNMP MIB data. In 2009 fifth international conference on Information Assurance and Security IAS 2009, Vol. 2, pp. 346–349.

  12. Kim, D., & Lee, K. Y. (2017). Detection of DDoS attack on the client side using support vector machine. Journal of Applied Engineering Research IJARE, 12(20), 9909–9913.

    Google Scholar 

  13. Varma, P. S., & Anand, V. (2021). Random forest learning based indoor localization as an IoT service for smart buildings. Wireless Personal Communications, 117, 3209–3227.

    Article  Google Scholar 

  14. Berral, J. L., Poggi, N., Alonso, J., Gavaldà, R., Torres, J., & Parashar, M. (2008). Adaptive distributed mechanism against flooding network attacks based on machine learning. In Proceedings of the 1st ACM workshop on Workshop on AISec—AISec 08, p. 43.

  15. Chen, S., Peng, M., Xiong, H., & Yu, X. (2016). SVM intrusion detection model based on compressed sampling. Journal of Electrical and Computer Engineering, 2016, 1–6.

    Article  Google Scholar 

  16. Kausar, N., Samir, B. B., Ahmad, I., & Hussain, M. (2014). Efficient intrusion detection system based on support vector machines using optimized kernel function. Journal of Theoretical and Applied Information Technology, 60(1), 55–63.

    Google Scholar 

  17. Xie, Y., & Zhang, Y. (2012). An intelligent anomaly analysis for intrusion detection based on SVM. In Proceeding—2012 2012 International Conference on Computer Science and Information Processing (CSIP), pp. 739–742.

  18. Kausar, N., Samir, B. B., Abdullah, A., & Ahmad, I. (2011). A review of classification approaches using support vector machine in intrusion detection. In International conference on informatics engineering and information science (pp. 24–34). Springer.

  19. Kumar, S., & Dutta, K. (2016). Intrusion detection in mobile ad hoc networks: Techniques, systems, and future challenges. Security and Communication Networks, 9(14), 2484–2556.

    Article  Google Scholar 

  20. Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE symposium on computational intelligence for security and defense applications, pp. 1–6.

  21. Natesan, P. (2012). Multi stage filter using enhanced Adaboost for network intrusion detection. International Journal of Network Security & Its Applications, 4(3), 121–135.

    Article  Google Scholar 

  22. Bandara, K. R. W. V., et al. (2016). Preventing DDoS attack using data mining algorithms. International Journal of Scientific and Research Publications, 6(10), 390.

    Google Scholar 

  23. Jha, J., & Ragha, L. (2013). Intrusion detection system using support vector machine. In IJAIS Proceedings on International Conference and workshop on Advanced Computing 2013 ICWAC(3), Vol. 2013, pp. 25–30.

  24. Kumar, P. A. R., & Selvakumar, S. (2011). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications, 34(11), 1328–1341.

    Article  Google Scholar 

  25. Sung, A. H., & Mukkamala, S. (2004). The feature selection and intrusion detection problems. In Annual Asian Computing Science Conference, Vol. 3321, pp. 468–482.

  26. Suresh, M., & Anitha, R. (2011). Evaluating machine learning algorithms for detecting DDoS attacks. In Communications in Computer and Information Science, CCIS, Vol. 196, pp. 441–452.

  27. https://catalog.caida.org/details/dataset/telescope_codered_worm. Accessed 13 September 2021.

  28. Balakrishnan, S., Venkatalakshmi, K., & Kannan, A. (2014). Intrusion detection system using feature selection and classification technique. International Journal of Computer Science and Application, 3, 145–151.

    Article  Google Scholar 

  29. Ravale, U., Marathe, N., & Padiya, P. (2015). Feature selection based hybrid anomaly intrusion detection system using K Means and RBF kernel function. Procedia Computer Science, 45, 428–435.

    Article  Google Scholar 

  30. Potluri, S., & Diedrich, C. (2017). Deep feature extraction for multi-class intrusion detection in industrial control systems. International Journal of Computer Theory and Engineering, 9(5), 374–379.

    Article  Google Scholar 

  31. Sharma, N., Mahajan, A., & Mansotra, V. (2016). Machine learning techniques used in detection of DOS attacks : A literature review. International Journal of Advanced Research in Computer Science and Software Engineering, 6(3), 100–105.

    Google Scholar 

  32. Gavrilis, D., & Dermatas, E. (2005). Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features. Computer Networks, 48(2), 235–245.

    Article  Google Scholar 

  33. Pingale, S., Parihar, R., & Solankar, P. (2016). Multivariate correlation information based SVM method for Dos attack detection. International Journal of Innovative Research in Computer and Communication Engineering, 4(3), 3703–3709.

    Google Scholar 

  34. Wang, L., Dong, C., Hu, J., & Li, G. (2015). Network intrusion detection using support vector machine based on particle swarm optimization. In International Conference on Applied Science and Engineering Innovation (ASEI 2015) Network, pp. 665–670.

  35. Tama, B. A., & Rhee, K. H. (2017). A detailed analysis of classifier ensembles for intrusion detection in wireless network. Journal of Information Processing Systems, 13(5), 1203–1212.

    Google Scholar 

  36. Manekar, V., & Waghmare, K. (2014). Intrusion detection system using Support Vector Machine (SVM) and Particle Swarm Optimization (PSO). International Journal of Advanced Computer Research, 4(3), 808–812.

    Google Scholar 

  37. Khan, L., Awad, M., & Thuraisingham, B. (2007). A new intrusion detection system using support vector machines and hierarchical clustering. VLDB Journal, 16(4), 507–521.

    Article  Google Scholar 

  38. Mulay, S. A., Devale, P. R., & Garje, G. V. (2010). Intrusion detection system using support vector machine and decision tree. International Journal of Computer Applications, 3(3), 40–43.

    Article  Google Scholar 

  39. Ahmad, I., Hussain, M., Alghamdi, A., & Alelaiwi, A. (2013). Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components. Neural Computing and Applications, 24(7–8), 1671–1682.

    Google Scholar 

  40. Ikram, S. T. (2016). Improving accuracy of intrusion detection model using PCA and optimized SVM. Journal of Computing and Information Technology, 24(2), 133–148.

    Article  Google Scholar 

  41. “KDDCUP'99.” http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 23 March 2020.

  42. Kumar, P. G., & Devaraj, D. (2010). Intrusion detection using artificial neural network with reduced input features. ICTACT Journal on Soft Computing, 1(1), 30–36.

    Article  Google Scholar 

  43. Ibaisi, T. A. L., Abu-dalhoum, A. B. D. E., Al-rawi, M., Alfonseca, M., & Ortega, A. (2008). Network intrusion detection using genetic algorithm to find best DNA signature. WSEAS Transactions on Systems, 7(7), 589–599.

    Google Scholar 

  44. Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5–32.

    Article  MATH  Google Scholar 

  45. Ghazy, R. A., El-Rabaie, E. S. M., Dessouky, M. I., El-Fishawy, N. A., & El-Samie, F. E. A. (2020). Feature selection ranking and subset-based techniques with different classifiers for intrusion detection. Wireless Personal Communication, 111(1), 375–393.

    Article  Google Scholar 

  46. Ghazy, R. A., EL-Rabaie, E.-S.M., Dessouky, M. I., El-Fishawy, N. A., & Abd El-Samie, F. E. (2018). Efficient techniques for attack detection using different features selection algorithms and classifiers. Wireless Personal Communication, 100(4), 1689–1706.

    Article  Google Scholar 

  47. Hasan, M. A. M., Nasser, M., Pal, B., & Ahmad, S. (2014). Support Vector Machine and random forest modeling for Intrusion Detection System (IDS). Journal of Intelligent Learning Systems and Applications, 6(1), 45–52.

    Article  Google Scholar 

  48. Hasan, M. A. M., Nasser, M., Pal, B., & Ahmad, S. (2013). Intrusion detection using combination of various kernels based support vector machine. International Journal of Scientific & Engineering Research, 4(9), 1454–1463.

    Google Scholar 

  49. Hussain, J., & Mishra, A. (2018). An effective intrusion detection framework based on support vector machine using Nsl—Kdd dataset. Indian Journal of Computer Science and Engineering (IJCSE), 8(6), 703–713.

    Google Scholar 

  50. Narayanasami, S., et al. (2021). Biological feature selection and classification techniques for intrusion detection on BAT. Wireless Personal Communication. https://doi.org/10.1007/s11277-021-08721-8

    Article  Google Scholar 

  51. Onem, I. M. (2013). Testing and improving the performance of SVM classifier in intrusion detection scenario. In Communications in computer and information science knowledge discovery, knowledge engineering and knowledge management, pp. 173–184.

  52. Gedam, A. G. (2017). Direct kernel method for machine learning with support vector machine. In International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT) (pp. 1772–1775). IEEE.

  53. Nanda, M. A., Seminar, K. B., Nandika, D., & Maddu, A. (2018). A comparison study of kernel functions in the support vector machine and its application for termite detection. Information, 9(5), 1–14.

    Google Scholar 

  54. Hasan, M. A. M., Nasser, M., & Pal, B. (2013). On the KDD’99 dataset: Support vector machine based Intrusion Detection System (IDS) with different kernels. International Journal of Electronics Communication and Computer Engineering, 4(4), 1164–1170.

    Google Scholar 

  55. Reddy, R. R., Kavya, B., & Ramadevi, Y. (2013). A survey on svm classifiers for intrusion detection. International Journal of Electronics Communication and Computer Engineering, 4(4), 1164–1170.

    Google Scholar 

  56. Rana, P. S., Sharma, H., Bhattacharya, M., & Shukla, A. (2015). Quality assessment of modeled protein structure using physicochemical properties. Journal of Bioinformatics and Computational Biology, 13(02), 1–16.

    Article  Google Scholar 

  57. Khanna, D., & Rana, P. S. (2017). Multilevel ensemble model for prediction of IgA and IgG antibodies. Immunology Letters, 184, 51–60.

    Article  Google Scholar 

Download references

Funding

No funding was received to assist with the preparation of this manuscript.

Author information

Authors and Affiliations

  1. I.K. Gujral Punjab Technical University, Kapurthala, Punjab, India

    Kaushik Adhikary

  2. Amity School of Engineering & Technology, Amity University, Patna, Bihar, India

    Shashi Bhushan

  3. Guru Jambheshwar University of Science and Technology, Hisar, Haryana, India

    Sunil Kumar

  4. National Institute of Technology, Hamirpur, Himachal Pradesh, India

    Kamlesh Dutta

Authors
  1. Kaushik Adhikary
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Shashi Bhushan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Sunil Kumar
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kamlesh Dutta
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Kaushik Adhikary.

Ethics declarations

Conflict of interest

The authors have no conflict of interest to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Adhikary, K., Bhushan, S., Kumar, S. et al. Evaluating the Performance of Various SVM Kernel Functions Based on Basic Features Extracted from KDDCUP'99 Dataset by Random Forest Method for Detecting DDoS Attacks. Wireless Pers Commun 123, 3127–3145 (2022). https://doi.org/10.1007/s11277-021-09280-8

Download citation

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11277-021-09280-8

Keywords

Search

Navigation