Abstract
The main goal of Denial of Service (DoS) attack is to restrict authorized users from gaining access to available services and resources or to prevent from processing the benign events. When a DoS attack is launched by multiple connected devices distributed over a network, the attack becomes a Distributed DoS attack (DDoS). The research community addressed various types of DDoS attacks in literature. DDoS attacks are very hazardous and difficult to resolve in real time. Each of these types of attacks has some key features that are identified to improve network security in real time. In this paper, an approach using Random Forest method is presented to extract the basic features from KDDCUP'99 dataset. With these features as the input, the proposed approach is smoothly extended for detection of new and unseen DDoS attacks with the assistance of nine support vector machine kernel functions namely Hyperbolic tangent kernel, Linear kernel, ANOVA RBF kernel, Spline kernel, Radial Basis kernel, Polynomial kernel, Laplacian kernel, Bessel kernel, and String kernel. The experimental study clearly shows that Laplace Dot support vector machine kernel (Laplacian kernel) function gives the paramount performance in terms of detecting seen and unseen DDoS attacks.
Similar content being viewed by others
Availability of data and materials
Not applicable.
Code availability
Not applicable.
References
Kumar, S., & Dutta, K. (2017). Direct trust-based security scheme for RREQ flooding attack in mobile ad hoc networks. International Journal of Electronics, 104(6), 1034–1049.
Douligeris, C., & Mitrokotsa, A. (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44(5), 643–666.
https://usa.kaspersky.com/about/press-releases/2017_kaspersky-lab-research-shows-ddos-devastation-on-organizations-continues-to-climb. Accessed 12 September 2021.
https://usa.kaspersky.com/about/press-releases/2020_kaspersky-research-finds-ddos-attacks-tripled-year-on-year-in-q2-2020. Accessed 13 September 2021.
https://www.cdn.neustar/resources/whitepapers/security/neustar-cyber-threats-trends-report-2020.pdf. Accessed 13 September 2021.
Kaur, P., Kumar, M., & Bhandari, A. (2017). A review of detection approaches for distributed denial of service attacks. Systems Science & Control Engineering, 5(1), 301–320.
De Lima Filho, F. S., Silveira, F. A. F., De Medeiros Brito Junior, A., Vargas-Solar, G., & Silveira, L. F. (2021). Smart detection: An online approach for DoS/DDoS attack detection using machine learning. In Security and Communication Networks (Vol. 2019). Accessed 12 September 2021.
Pourfallah, S., Jafari, A. H., Shahhoseini, H. S., & Oleyaeyan, M. (2014). An intrusion detection algorithm for AMI systems based on SVM and PCA. International Journal on Cybernetics & Informatics, 3(4), 1–9.
Hasan, M. A. M., Xu, S., Kabir, M. M. J., & Ahmad, S. (2016). Performance evaluation of different kernels for support vector machine used in intrusion detection system. International Journal of Computer Networks & Communications, 8(6), 39–53.
Zhang, J., Zulkernine, M., & Haque, A. (2008). Random-forests-based network intrusion detection systems. IEEE Transactions on Systems, Man, and Cybernetics, Part C (Applications and Reviews), 38(5), 649–659.
Bao, C. M. (2009). Intrusion detection based on one-class SVM and SNMP MIB data. In 2009 fifth international conference on Information Assurance and Security IAS 2009, Vol. 2, pp. 346–349.
Kim, D., & Lee, K. Y. (2017). Detection of DDoS attack on the client side using support vector machine. Journal of Applied Engineering Research IJARE, 12(20), 9909–9913.
Varma, P. S., & Anand, V. (2021). Random forest learning based indoor localization as an IoT service for smart buildings. Wireless Personal Communications, 117, 3209–3227.
Berral, J. L., Poggi, N., Alonso, J., Gavaldà, R., Torres, J., & Parashar, M. (2008). Adaptive distributed mechanism against flooding network attacks based on machine learning. In Proceedings of the 1st ACM workshop on Workshop on AISec—AISec 08, p. 43.
Chen, S., Peng, M., Xiong, H., & Yu, X. (2016). SVM intrusion detection model based on compressed sampling. Journal of Electrical and Computer Engineering, 2016, 1–6.
Kausar, N., Samir, B. B., Ahmad, I., & Hussain, M. (2014). Efficient intrusion detection system based on support vector machines using optimized kernel function. Journal of Theoretical and Applied Information Technology, 60(1), 55–63.
Xie, Y., & Zhang, Y. (2012). An intelligent anomaly analysis for intrusion detection based on SVM. In Proceeding—2012 2012 International Conference on Computer Science and Information Processing (CSIP), pp. 739–742.
Kausar, N., Samir, B. B., Abdullah, A., & Ahmad, I. (2011). A review of classification approaches using support vector machine in intrusion detection. In International conference on informatics engineering and information science (pp. 24–34). Springer.
Kumar, S., & Dutta, K. (2016). Intrusion detection in mobile ad hoc networks: Techniques, systems, and future challenges. Security and Communication Networks, 9(14), 2484–2556.
Tavallaee, M., Bagheri, E., Lu, W., & Ghorbani, A. A. (2009). A detailed analysis of the KDD CUP 99 data set. In IEEE symposium on computational intelligence for security and defense applications, pp. 1–6.
Natesan, P. (2012). Multi stage filter using enhanced Adaboost for network intrusion detection. International Journal of Network Security & Its Applications, 4(3), 121–135.
Bandara, K. R. W. V., et al. (2016). Preventing DDoS attack using data mining algorithms. International Journal of Scientific and Research Publications, 6(10), 390.
Jha, J., & Ragha, L. (2013). Intrusion detection system using support vector machine. In IJAIS Proceedings on International Conference and workshop on Advanced Computing 2013 ICWAC(3), Vol. 2013, pp. 25–30.
Kumar, P. A. R., & Selvakumar, S. (2011). Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neuro-fuzzy systems. Computer Communications, 34(11), 1328–1341.
Sung, A. H., & Mukkamala, S. (2004). The feature selection and intrusion detection problems. In Annual Asian Computing Science Conference, Vol. 3321, pp. 468–482.
Suresh, M., & Anitha, R. (2011). Evaluating machine learning algorithms for detecting DDoS attacks. In Communications in Computer and Information Science, CCIS, Vol. 196, pp. 441–452.
https://catalog.caida.org/details/dataset/telescope_codered_worm. Accessed 13 September 2021.
Balakrishnan, S., Venkatalakshmi, K., & Kannan, A. (2014). Intrusion detection system using feature selection and classification technique. International Journal of Computer Science and Application, 3, 145–151.
Ravale, U., Marathe, N., & Padiya, P. (2015). Feature selection based hybrid anomaly intrusion detection system using K Means and RBF kernel function. Procedia Computer Science, 45, 428–435.
Potluri, S., & Diedrich, C. (2017). Deep feature extraction for multi-class intrusion detection in industrial control systems. International Journal of Computer Theory and Engineering, 9(5), 374–379.
Sharma, N., Mahajan, A., & Mansotra, V. (2016). Machine learning techniques used in detection of DOS attacks : A literature review. International Journal of Advanced Research in Computer Science and Software Engineering, 6(3), 100–105.
Gavrilis, D., & Dermatas, E. (2005). Real-time detection of distributed denial-of-service attacks using RBF networks and statistical features. Computer Networks, 48(2), 235–245.
Pingale, S., Parihar, R., & Solankar, P. (2016). Multivariate correlation information based SVM method for Dos attack detection. International Journal of Innovative Research in Computer and Communication Engineering, 4(3), 3703–3709.
Wang, L., Dong, C., Hu, J., & Li, G. (2015). Network intrusion detection using support vector machine based on particle swarm optimization. In International Conference on Applied Science and Engineering Innovation (ASEI 2015) Network, pp. 665–670.
Tama, B. A., & Rhee, K. H. (2017). A detailed analysis of classifier ensembles for intrusion detection in wireless network. Journal of Information Processing Systems, 13(5), 1203–1212.
Manekar, V., & Waghmare, K. (2014). Intrusion detection system using Support Vector Machine (SVM) and Particle Swarm Optimization (PSO). International Journal of Advanced Computer Research, 4(3), 808–812.
Khan, L., Awad, M., & Thuraisingham, B. (2007). A new intrusion detection system using support vector machines and hierarchical clustering. VLDB Journal, 16(4), 507–521.
Mulay, S. A., Devale, P. R., & Garje, G. V. (2010). Intrusion detection system using support vector machine and decision tree. International Journal of Computer Applications, 3(3), 40–43.
Ahmad, I., Hussain, M., Alghamdi, A., & Alelaiwi, A. (2013). Enhancing SVM performance in intrusion detection using optimal feature subset selection based on genetic principal components. Neural Computing and Applications, 24(7–8), 1671–1682.
Ikram, S. T. (2016). Improving accuracy of intrusion detection model using PCA and optimized SVM. Journal of Computing and Information Technology, 24(2), 133–148.
“KDDCUP'99.” http://kdd.ics.uci.edu/databases/kddcup99/kddcup99.html. Accessed 23 March 2020.
Kumar, P. G., & Devaraj, D. (2010). Intrusion detection using artificial neural network with reduced input features. ICTACT Journal on Soft Computing, 1(1), 30–36.
Ibaisi, T. A. L., Abu-dalhoum, A. B. D. E., Al-rawi, M., Alfonseca, M., & Ortega, A. (2008). Network intrusion detection using genetic algorithm to find best DNA signature. WSEAS Transactions on Systems, 7(7), 589–599.
Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5–32.
Ghazy, R. A., El-Rabaie, E. S. M., Dessouky, M. I., El-Fishawy, N. A., & El-Samie, F. E. A. (2020). Feature selection ranking and subset-based techniques with different classifiers for intrusion detection. Wireless Personal Communication, 111(1), 375–393.
Ghazy, R. A., EL-Rabaie, E.-S.M., Dessouky, M. I., El-Fishawy, N. A., & Abd El-Samie, F. E. (2018). Efficient techniques for attack detection using different features selection algorithms and classifiers. Wireless Personal Communication, 100(4), 1689–1706.
Hasan, M. A. M., Nasser, M., Pal, B., & Ahmad, S. (2014). Support Vector Machine and random forest modeling for Intrusion Detection System (IDS). Journal of Intelligent Learning Systems and Applications, 6(1), 45–52.
Hasan, M. A. M., Nasser, M., Pal, B., & Ahmad, S. (2013). Intrusion detection using combination of various kernels based support vector machine. International Journal of Scientific & Engineering Research, 4(9), 1454–1463.
Hussain, J., & Mishra, A. (2018). An effective intrusion detection framework based on support vector machine using Nsl—Kdd dataset. Indian Journal of Computer Science and Engineering (IJCSE), 8(6), 703–713.
Narayanasami, S., et al. (2021). Biological feature selection and classification techniques for intrusion detection on BAT. Wireless Personal Communication. https://doi.org/10.1007/s11277-021-08721-8
Onem, I. M. (2013). Testing and improving the performance of SVM classifier in intrusion detection scenario. In Communications in computer and information science knowledge discovery, knowledge engineering and knowledge management, pp. 173–184.
Gedam, A. G. (2017). Direct kernel method for machine learning with support vector machine. In International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT) (pp. 1772–1775). IEEE.
Nanda, M. A., Seminar, K. B., Nandika, D., & Maddu, A. (2018). A comparison study of kernel functions in the support vector machine and its application for termite detection. Information, 9(5), 1–14.
Hasan, M. A. M., Nasser, M., & Pal, B. (2013). On the KDD’99 dataset: Support vector machine based Intrusion Detection System (IDS) with different kernels. International Journal of Electronics Communication and Computer Engineering, 4(4), 1164–1170.
Reddy, R. R., Kavya, B., & Ramadevi, Y. (2013). A survey on svm classifiers for intrusion detection. International Journal of Electronics Communication and Computer Engineering, 4(4), 1164–1170.
Rana, P. S., Sharma, H., Bhattacharya, M., & Shukla, A. (2015). Quality assessment of modeled protein structure using physicochemical properties. Journal of Bioinformatics and Computational Biology, 13(02), 1–16.
Khanna, D., & Rana, P. S. (2017). Multilevel ensemble model for prediction of IgA and IgG antibodies. Immunology Letters, 184, 51–60.
Funding
No funding was received to assist with the preparation of this manuscript.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no conflict of interest to declare that are relevant to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Adhikary, K., Bhushan, S., Kumar, S. et al. Evaluating the Performance of Various SVM Kernel Functions Based on Basic Features Extracted from KDDCUP'99 Dataset by Random Forest Method for Detecting DDoS Attacks. Wireless Pers Commun 123, 3127–3145 (2022). https://doi.org/10.1007/s11277-021-09280-8
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11277-021-09280-8