{"title":"慢HTTP分布式拒绝服务攻击分类的基于流的机器学习方法","authors":"N. Muraleedharan, B. Janet","doi":"10.1504/IJCSE.2021.115101","DOIUrl":null,"url":null,"abstract":"Distributed denial of service (DDoS) attack is one of the common threats to the availability of services on the internet. The DDoS attacks are evolved from volumetric attack to slow DDoS. Unlike the volumetric DDoS attack, the slow DDoS traffic rate looks similar to the normal traffic. Hence, it is difficult to detect using traditional security mechanism. In this paper, we propose a flow-based classification model for slow HTTP DDoS traffic. The important flow level features were selected using CICIDS2017 dataset. Impacts of time, packet length and transmission rate for slow DDoS are analysed. Using the selected features, three classification models were trained and evaluated using two benchmark datasets. The results obtained reveal the proposed classifiers can achieve higher accuracy of 0.997 using RF classifiers. A comparison of the results obtained with state-of-the-art approaches shows that the proposed approach can improve the detection rate by 19.7%.","PeriodicalId":340410,"journal":{"name":"Int. J. Comput. Sci. Eng.","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-05-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"3","resultStr":"{\"title\":\"Flow-based machine learning approach for slow HTTP distributed denial of service attack classification\",\"authors\":\"N. Muraleedharan, B. Janet\",\"doi\":\"10.1504/IJCSE.2021.115101\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Distributed denial of service (DDoS) attack is one of the common threats to the availability of services on the internet. The DDoS attacks are evolved from volumetric attack to slow DDoS. Unlike the volumetric DDoS attack, the slow DDoS traffic rate looks similar to the normal traffic. Hence, it is difficult to detect using traditional security mechanism. In this paper, we propose a flow-based classification model for slow HTTP DDoS traffic. The important flow level features were selected using CICIDS2017 dataset. Impacts of time, packet length and transmission rate for slow DDoS are analysed. Using the selected features, three classification models were trained and evaluated using two benchmark datasets. The results obtained reveal the proposed classifiers can achieve higher accuracy of 0.997 using RF classifiers. A comparison of the results obtained with state-of-the-art approaches shows that the proposed approach can improve the detection rate by 19.7%.\",\"PeriodicalId\":340410,\"journal\":{\"name\":\"Int. J. Comput. Sci. Eng.\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-05-12\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"3\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Int. J. Comput. Sci. Eng.\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1504/IJCSE.2021.115101\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Int. J. Comput. Sci. Eng.","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1504/IJCSE.2021.115101","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Flow-based machine learning approach for slow HTTP distributed denial of service attack classification
Distributed denial of service (DDoS) attack is one of the common threats to the availability of services on the internet. The DDoS attacks are evolved from volumetric attack to slow DDoS. Unlike the volumetric DDoS attack, the slow DDoS traffic rate looks similar to the normal traffic. Hence, it is difficult to detect using traditional security mechanism. In this paper, we propose a flow-based classification model for slow HTTP DDoS traffic. The important flow level features were selected using CICIDS2017 dataset. Impacts of time, packet length and transmission rate for slow DDoS are analysed. Using the selected features, three classification models were trained and evaluated using two benchmark datasets. The results obtained reveal the proposed classifiers can achieve higher accuracy of 0.997 using RF classifiers. A comparison of the results obtained with state-of-the-art approaches shows that the proposed approach can improve the detection rate by 19.7%.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
