Detecting DDoS attacks using a hybrid model
Date of Publication
Master of Science in Computer Science
College of Computer Studies
Gregory G. Cu
Defense Panel Chair
Arlyn Verina L. Ong
Defense Panel Member
Katrina Ysabel C. Solomon
Fritz Kevin S. Flores
Rafael A. Cabredo
A Distributed Denial of Service (DDoS) attack can disrupt and damage businesses by preventing legitimate users from accessing its resources. Some estimate their losses to be at 500$ per minute of DDoS. Being able to detect these attacks can allow security analysts to apply the proper techniques in order to mitigate it. Consequently, this study aims to use a two-stage hybrid model in order to detect DDoS attacks. During the first stage, a machine learning algorithm is first used to differentiate normal and attack traffic. If the traffic has been deemed to be part of a DDoS attack, it is passed to the second stage. The second stage involves using another machine learning algorithm in order to determine whether it is part of a low rate or high rate DDoS attack. Each stage will produce a model. In addition, the performance of the hybrid model will be compared against a single model in order to determine which configuration performs better. The models are produced by the following machine learning classifiers: Naive Bayes, Decision Tree, K-Nearest Neighbors, Random Forest, and Support Vector Machines. The models will be evaluated using accuracy, precision, recall, f-score, and the Kappa statistic.
Archives, The Learning Commons, 12F Henry Sy Sr. Hall
1 computer disc ; 4 3/4 in.
Denial of service attacks; Machine learning
Caychingco, J. (2018). Detecting DDoS attacks using a hybrid model. Retrieved from https://animorepository.dlsu.edu.ph/etd_masteral/5583