Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Enhancing Network Security: A Hybrid Approach for Detection and Mitigation of Distributed Denial-of-Service Attacks Using Machine Learning

Nizo Jaman Shohan, Gazi Tanbhir, Faria Elahi, Ahsan Ullah, Md. Nazmus Sakib

TL;DR

The paper tackles multiclass DDoS detection by proposing a Hybrid Model that combines 1D CNN-based feature extraction with Random Forest and MLP classifiers, evaluated on the CIC-DDoS2019 dataset. It demonstrates that the stacked RF-MLP ensemble outperforms individual models, achieving about 0.94 accuracy in cross-validation and multiclass scenarios. A key contribution is the integration of this ML-based detector with Snort to enable real-time detection and mitigation within an IDS/IPS framework. While promising, the work notes the absence of real-world deployment tests and emphasizes the need for field validation to confirm practical effectiveness and scalability.

Abstract

The distributed denial-of-service (DDoS) attack stands out as a highly formidable cyber threat, representing an advanced form of the denial-of-service (DoS) attack. A DDoS attack involves multiple computers working together to overwhelm a system, making it unavailable. On the other hand, a DoS attack is a one-on-one attempt to make a system or website inaccessible. Thus, it is crucial to construct an effective model for identifying various DDoS incidents. Although extensive research has focused on binary detection models for DDoS identification, they face challenges to adapt evolving threats, necessitating frequent updates. Whereas multiclass detection models offer a comprehensive defense against diverse DDoS attacks, ensuring adaptability in the ever-changing cyber threat landscape. In this paper, we propose a Hybrid Model to strengthen network security by combining the featureextraction abilities of 1D Convolutional Neural Networks (CNNs) with the classification skills of Random Forest (RF) and Multi-layer Perceptron (MLP) classifiers. Using the CIC-DDoS2019 dataset, we perform multiclass classification of various DDoS attacks and conduct a comparative analysis of evaluation metrics for RF, MLP, and our proposed Hybrid Model. After analyzing the results, we draw meaningful conclusions and confirm the superiority of our Hybrid Model by performing thorough cross-validation. Additionally, we integrate our machine learning model with Snort, which provides a robust and adaptive solution for detecting and mitigating various DDoS attacks.

Enhancing Network Security: A Hybrid Approach for Detection and Mitigation of Distributed Denial-of-Service Attacks Using Machine Learning

TL;DR

The paper tackles multiclass DDoS detection by proposing a Hybrid Model that combines 1D CNN-based feature extraction with Random Forest and MLP classifiers, evaluated on the CIC-DDoS2019 dataset. It demonstrates that the stacked RF-MLP ensemble outperforms individual models, achieving about 0.94 accuracy in cross-validation and multiclass scenarios. A key contribution is the integration of this ML-based detector with Snort to enable real-time detection and mitigation within an IDS/IPS framework. While promising, the work notes the absence of real-world deployment tests and emphasizes the need for field validation to confirm practical effectiveness and scalability.

Abstract

The distributed denial-of-service (DDoS) attack stands out as a highly formidable cyber threat, representing an advanced form of the denial-of-service (DoS) attack. A DDoS attack involves multiple computers working together to overwhelm a system, making it unavailable. On the other hand, a DoS attack is a one-on-one attempt to make a system or website inaccessible. Thus, it is crucial to construct an effective model for identifying various DDoS incidents. Although extensive research has focused on binary detection models for DDoS identification, they face challenges to adapt evolving threats, necessitating frequent updates. Whereas multiclass detection models offer a comprehensive defense against diverse DDoS attacks, ensuring adaptability in the ever-changing cyber threat landscape. In this paper, we propose a Hybrid Model to strengthen network security by combining the featureextraction abilities of 1D Convolutional Neural Networks (CNNs) with the classification skills of Random Forest (RF) and Multi-layer Perceptron (MLP) classifiers. Using the CIC-DDoS2019 dataset, we perform multiclass classification of various DDoS attacks and conduct a comparative analysis of evaluation metrics for RF, MLP, and our proposed Hybrid Model. After analyzing the results, we draw meaningful conclusions and confirm the superiority of our Hybrid Model by performing thorough cross-validation. Additionally, we integrate our machine learning model with Snort, which provides a robust and adaptive solution for detecting and mitigating various DDoS attacks.

Paper Structure

This paper contains 15 sections, 7 equations, 6 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Methodology
  4. Preprocessing
  5. 1D CNN Feature Extraction
  6. Random Forest Model Training
  7. MLP Model Training
  8. Proposed Hybrid Model
  9. Integration of Hybrid Model with Snort
  10. Detection and Mitigation Process
  11. Experimental Results
  12. Evaluation Metrics
  13. Cross-validation
  14. Discussion
  15. Conclusion

Figures (6)

  • Figure 1: CVSS scores of various DDoS attacks in 2023CVE-2023-37597CVE-2023-38671CVE-2023-37788.
  • Figure 2: Feature extraction framework of 1D CNNQin2023.
  • Figure 3: Integration of proposed Hybrid Model.
  • Figure 4: Proposed hybrid approach for detection and mitigation.
  • Figure 5: Performance comparison of individual models in evaluation metrics.
  • ...and 1 more figures