Detecting DDoS attacks using a hybrid model

Date of Publication

2018

Document Type

Master's Thesis

Degree Name

Master of Science in Computer Science

College

College of Computer Studies

Department/Unit

Computer Science

Thesis Adviser

Gregory G. Cu

Defense Panel Chair

Arlyn Verina L. Ong

Defense Panel Member

Katrina Ysabel C. Solomon
Fritz Kevin S. Flores
Rafael A. Cabredo

Abstract/Summary

A Distributed Denial of Service (DDoS) attack can disrupt and damage businesses by preventing legitimate users from accessing its resources. Some estimate their losses to be at 500$ per minute of DDoS. Being able to detect these attacks can allow security analysts to apply the proper techniques in order to mitigate it. Consequently, this study aims to use a two-stage hybrid model in order to detect DDoS attacks. During the first stage, a machine learning algorithm is first used to differentiate normal and attack traffic. If the traffic has been deemed to be part of a DDoS attack, it is passed to the second stage. The second stage involves using another machine learning algorithm in order to determine whether it is part of a low rate or high rate DDoS attack. Each stage will produce a model. In addition, the performance of the hybrid model will be compared against a single model in order to determine which configuration performs better. The models are produced by the following machine learning classifiers: Naive Bayes, Decision Tree, K-Nearest Neighbors, Random Forest, and Support Vector Machines. The models will be evaluated using accuracy, precision, recall, f-score, and the Kappa statistic.

Abstract Format

html

Language

English

Format

Electronic

Accession Number

CDTG007691

Shelf Location

Archives, The Learning Commons, 12F Henry Sy Sr. Hall

Physical Description

1 computer disc ; 4 3/4 in.

Keywords

Denial of service attacks; Machine learning

This document is currently not available here.

Share

COinS