Loading [MathJax]/extensions/MathMenu.js
Machine Learning Based DDos Detection Through NetFlow Analysis | IEEE Conference Publication | IEEE Xplore

Machine Learning Based DDos Detection Through NetFlow Analysis


Abstract:

Distributed Denial of Service (DDos) has been a lasting severe threat to Internet, which is evolving both in technique and traffic volume recently. Many traditional detec...Show More

Abstract:

Distributed Denial of Service (DDos) has been a lasting severe threat to Internet, which is evolving both in technique and traffic volume recently. Many traditional detection methods fail due to their limitations in real-time, complexity or universality. Therefore, it is necessary to explore how to timely detect different kinds of DDOS by utilizing simple traffic sampling data such as NetFlow in high speed networks up to Tbps bandwidth. In this paper, we put forward a scheme to identify DDos traffic with NetFlow feature selection and machine learning. Firstly, we extract adaptive flow-based features and pattern-based features from sampling NetFlow data in real-time. Then we build a detector by RandomForest and evaluate it by using a research lab network trace which contains benign traffic and simulated DDos traffic of different kinds by popular DDos tools. Experiment results show that our method achieves an average accuracy of more than 99% and a false-positive less than 0.5%. Besides, our method is valid for DDos means such as stealthy DDos attack so it is more universal that typical traditional methods. Finally, we apply our detector on the real-world NetFlow logs provided by a large ISP, and measure the characteristics of DDos in several dimensions. This also proves that our detector is applicable for real-world network.
Date of Conference: 29-31 October 2018
Date Added to IEEE Xplore: 03 January 2019
ISBN Information:

ISSN Information:

Conference Location: Los Angeles, CA, USA

References

References is not available for this document.