Detecting DDoS attacks using a hybrid model

Date of Publication


Document Type

Master's Thesis

Degree Name

Master of Science in Computer Science


College of Computer Studies


Computer Science

Thesis Adviser

Gregory G. Cu

Defense Panel Chair

Arlyn Verina L. Ong

Defense Panel Member

Katrina Ysabel C. Solomon
Fritz Kevin S. Flores
Rafael A. Cabredo


A Distributed Denial of Service (DDoS) attack can disrupt and damage businesses by preventing legitimate users from accessing its resources. Some estimate their losses to be at 500$ per minute of DDoS. Being able to detect these attacks can allow security analysts to apply the proper techniques in order to mitigate it. Consequently, this study aims to use a two-stage hybrid model in order to detect DDoS attacks. During the first stage, a machine learning algorithm is first used to differentiate normal and attack traffic. If the traffic has been deemed to be part of a DDoS attack, it is passed to the second stage. The second stage involves using another machine learning algorithm in order to determine whether it is part of a low rate or high rate DDoS attack. Each stage will produce a model. In addition, the performance of the hybrid model will be compared against a single model in order to determine which configuration performs better. The models are produced by the following machine learning classifiers: Naive Bayes, Decision Tree, K-Nearest Neighbors, Random Forest, and Support Vector Machines. The models will be evaluated using accuracy, precision, recall, f-score, and the Kappa statistic.

Abstract Format






Accession Number


Shelf Location

Archives, The Learning Commons, 12F Henry Sy Sr. Hall

Physical Description

1 computer disc ; 4 3/4 in.


Denial of service attacks; Machine learning

This document is currently not available here.