Using machine learning to classify DOS/DDOS attacks
DOI:
https://doi.org/10.30837/rt.2024.2.217.04Keywords:
machine learning, decision trees, CSICIDS2017, RF, SVM, KNN, ANN, NB, SGBoost, DOS, DDOS, classifierAbstract
The relevance of this work is manifested in the need to detect and counteract DOS/DDOS attacks, which pose a serious threat to modern information systems. These cyberattacks lead to significant economic losses and disruptions in the operation of network services. The aim of the work is to confirm the hypothesis that the decision tree method performs better for detecting DOS/DDOS attacks under certain conditions.
A comparison of decision tree methods with other machine learning methods (RF, SVM, KNN, ANN, NB, SGBoost) was conducted based on the CSICIDS2017 dataset. Decision trees have shown significant improvements in attack detection accuracy through optimal hyperparameter tuning and dataset selection.
References
Сєвєрінов О.В., Шевцов В.О., Сокол-Кутиловська А.С. Аналіз сучасних методів атак на електронні ресурси органів управління // Системи озброєння і військова техніка. 2017. №1. С. 65–68.
Сєвєрінов О.В., Хрєнов А.Г., Поляков А.О. Аналіз сучасних методів атак на автоматизовані системи управління військами та інформаційні мережі // Системи обробки інформації. 2015. №9. С.101–104.
Amer A. Abdulrahman, Mahmood K. Ibrahem, Evaluation of Ddos Attacks Detection in a CICIDS2017 Dataset Based on Classification Algorithms [Електронний ресурс]. Режим доступу: https://www.academia.edu/71363307/Evaluation_of_Ddos_Attacks_Detection_in_a_CICIDS2017_Dataset_Based_on_Classification_Algorithms
Polat H., Polat O., Cetin A. Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models // Sustainability. 2020. 12(3). Р.1035. https://doi.org/10.3390/su12031035
Liu Z., Wang Y., Feng F., Liu Y., Li Z, Shan Y. A DDoS Detection Method Based on Feature Engineering and Machine Learning in Software-Defined Networks // Sensors. 2023. 23(13). Р.6176. https://doi.org/10.3390/s23136176
IDS 2017 | Datasets | Research | Canadian Institute for Cybersecurity | UNB [Електронний ресурс]. Ре-жим доступу: https://www.unb.ca/cic/datasets/ids-2017.html.
Downloads
Published
How to Cite
Issue
Section
License
Authors who publish with this journal agree to the following terms:
1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).