Comparing the performance of a hybrid model against a single model in detecting DDoS attacks

College

College of Computer Studies

Department/Unit

Software Technology

Document Type

Conference Proceeding

Source Title

Proceedings of the 18th Philippine Computing Science Congress

First Page

202

Last Page

209

Publication Date

2018

Abstract

A Distributed Denial of Service (DDoS) attack can disrupt and damage businesses by preventing legitimate users from accessing its resources. Some estimate their losses to be at 500$ per minute of DDoS. Being able to detect these attacks can allow security analysts to apply the proper mitigation techniques to it. Consequently, this study aims to compare the performance of a hybrid and single model in detecting DDoS attacks. Both approaches rely on machine learning algorithms in order to generate the results. The hybrid model involves identifying if the traffic is part of a DDoS attack or not during its first stage. If the traffic has been deemed to be part of an attack, it is passed to the second stage which aims to determine whether the attack is part of a low rate or high rate DDoS attack. Each stage produces a model and is trained independently of one another. In comparison, a single model does not categories the instance into an attack or not before classifying them. The models are produced by the following supervised machine learning classifiers: Naive Bayes, Decision Tree, K-Nearest Neighbours, Random Forest, and Support Vector Machines

html

Disciplines

Cybersecurity

Keywords

Denial of service attacks; Machine learning; Computer security

Upload File

wf_no

This document is currently not available here.

Share

COinS