Detecting DDoS attacks using a hybrid model
A Distributed Denial of Service (DDoS) attack can disrupt and damage businesses by preventing legitimate users from accessing its resources. Some estimate their losses to be at 500$ per minute of DDoS. Being able to detect these attacks can allow security analysts to apply the proper techniques in o...
محفوظ في:
| المؤلف الرئيسي: | |
|---|---|
| التنسيق: | text |
| اللغة: | English |
| منشور في: |
Animo Repository
2018
|
| الموضوعات: | |
| الوصول للمادة أونلاين: | https://animorepository.dlsu.edu.ph/etd_masteral/5583 |
| الوسوم: |
إضافة وسم
لا توجد وسوم, كن أول من يضع وسما على هذه التسجيلة!
|
| الملخص: | A Distributed Denial of Service (DDoS) attack can disrupt and damage businesses by preventing legitimate users from accessing its resources. Some estimate their losses to be at 500$ per minute of DDoS. Being able to detect these attacks can allow security analysts to apply the proper techniques in order to mitigate it. Consequently, this study aims to use a two-stage hybrid model in order to detect DDoS attacks. During the first stage, a machine learning algorithm is first used to differentiate normal and attack traffic. If the traffic has been deemed to be part of a DDoS attack, it is passed to the second stage. The second stage involves using another machine learning algorithm in order to determine whether it is part of a low rate or high rate DDoS attack. Each stage will produce a model. In addition, the performance of the hybrid model will be compared against a single model in order to determine which configuration performs better. The models are produced by the following machine learning classifiers: Naive Bayes, Decision Tree, K-Nearest Neighbors, Random Forest, and Support Vector Machines. The models will be evaluated using accuracy, precision, recall, f-score, and the Kappa statistic. |
|---|