ETRI Journal

  • 제41권5호
  • /
  • Pages.560-573
  • /
  • 2019
  • /
  • 1225-6463(pISSN)
  • /
  • 2233-7326(eISSN)
한국전자통신연구원 (Electronics and Telecommunications Research Institute)
권호 표지
DOI QR코드

DOI QR Code

Supervised learning-based DDoS attacks detection: Tuning hyperparameters

  • Kim, Meejoung (Research Institute for Information and Communication Technology, Korea University)
  • 투고 : 2019.03.27
  • 심사 : 2019.07.29
  • 발행 : 2019.10.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Two supervised learning algorithms, a basic neural network and a long short-term memory recurrent neural network, are applied to traffic including DDoS attacks. The joint effects of preprocessing methods and hyperparameters for machine learning on performance are investigated. Values representing attack characteristics are extracted from datasets and preprocessed by two methods. Binary classification and two optimizers are used. Some hyperparameters are obtained exhaustively for fast and accurate detection, while others are fixed with constants to account for performance and data characteristics. An experiment is performed via TensorFlow on three traffic datasets. Three scenarios are considered to investigate the effects of learning former traffic on sequential traffic analysis and the effects of learning one dataset on application to another dataset, and determine whether the algorithms can be used for recent attack traffic. Experimental results show that the used preprocessing methods, neural network architectures and hyperparameters, and the optimizers are appropriate for DDoS attack detection. The obtained results provide a criterion for the detection accuracy of attacks.

키워드

참고문헌

  1. S. Abraham and S. Nair, Cyber security analytics: a stochastic model for security quantification using absorbing markov chains, J. Commun. 9 (2014), no. 12, 899-907.
  2. X. Liang and Y. Xiao, Game theory for network security, IEEE Commun. Survey and Tuts. 15 (2013), no. 1, 472-486. https://doi.org/10.1109/SURV.2012.062612.00056
  3. A. Fielder et al., Decision support approaches for cyber security investment, Decis Support Syst. 86 (2016), 13-23. https://doi.org/10.1016/j.dss.2016.02.012
  4. M. Kim, Game theoretic approach of eavesdropping attack in millimeter- wave-based WPANs with directional antennas, Wireless Netw. 25 (2019), no. 6, 3205-3222. https://doi.org/10.1007/s11276-018-1713-4
  5. Y.-C. Wu et al., DDoS detection and traceback with decision tree and grey relational analysis, Int. J. Ad Hoc Ubiquitous Comput. 7 (2011), no. 2, 306-314.
  6. T. Subbulakshmi et al., Detection of DDoS attacks using Enhanced Support Vector Machines with real time generated dataset, in Proc. Int. Conf. Advance Comput., Chennai, India, Dec. 2011, pp. 17-22.
  7. C. Guo et al., A two-level hybrid approach for intrusion detection, Neurocomput. 214 (2016), 391-400. https://doi.org/10.1016/j.neucom.2016.06.021
  8. M. Alkasassbeh et al., Detecting distributed denial of service attacks using data mining techniques, Int. J. Adv. Comput. Sci. Applicat. 7 (2016), no. 1, 436-445.
  9. X. Zanget al., Botnet detection through fine flow classification, CSE Dept Technical Report, no. CSE11-001, 2011.
  10. P. Salunkhe and M. Shishupal, Denial-of -service attack detection using KDD, Int. J. Applicat. Innovation Eng. Manag. 4 (2015), no. 3, 1-5.
  11. P. A. R. Kumar and S. Selvakumar, Detection of distributed denial of service attacks using an ensemble of adaptive and hybrid neurofuzzy systems, Comput. Commun. 36 (2013), 303-319. https://doi.org/10.1016/j.comcom.2012.09.010
  12. X. Ma and Y. Chen, DDoS detection method based on chaos analysis of network traffic entropy, IEEE Commun. Lett. 18 (2014), no. 1, 114-117. https://doi.org/10.1109/LCOMM.2013.112613.132275
  13. R. Robinson and C. Ciza Thomas, Thomas, Ranking of machine learning algorithms based on the performance in classifying DDoS attacks, in Proc. IEEE Recent Adv. Intell. Computat. Syst., Trivandrum, India, Dec. 2015, pp. 10-12.
  14. X. Yuan, C. Li, and X. Li, Deepdefense: identifying ddos attack via deep learning, in Proc. IEEE SMARTCOMP, Hong Kong, China, 2017, pp. 1-8.
  15. Q. Li et al., DDoS Attacks Detection using Machine Learning Algorithms, in: G. Zhai, J. Zhou, P. An, X. Yang (eds) Digital TV and Multimedia Communication. IFTC 2018. Communications in Computer and Information Science, vol. 1009. Springer, Singapore, pp 205-216.
  16. Z. He, T. Zhang, and R. B. Lee. Machine learning based DDoS attack detection from source side in cloud, in Proc. IEEE ICCSCC, New York, NY, 2017, pp. 114-120.
  17. A. Verma, M. Arif, and M. S. Husain, Analysis of DDoS attack detection and prevention in cloud environment: A review, Int. J. Adv. Research Comput. Sci. 9 (2018), 107-113. https://doi.org/10.26483/ijarcs.v9i5.6326
  18. R. Priyadarshini and R. K. Barik. A deep learning based intelligent framework to mitigate DDoS attack in fog environment, J. King Saud Univ.-Comput. Inf. Sci. (2019), published on line. https ://doi.org/10.1016/j.jksuci.2019.04.010
  19. C. Li et al., Detection and defense of ddos attack-based on deep learning in openflow-based sdn, Int J. Commun. Syst. 31 (2018), 1-15.
  20. R. M. Alguliyev, R. M. Aliguliyev, and F. J. Abdullayeva, The improved LSTM and CNN Models for DDoS attacks prediction in social media, Int. J. Cyber Warfare Terrorism. 9 (2019), no. 1, 1-16.
  21. N. Sharma, A. Mahajan, and V. Mansotra, Machine learning techniques used in detection of DoS attacks: a literature review, Int. J. Adv. Research Comput. Sci. Softw. Eng. 6 (2016), no. 3, 100-105.
  22. B. Jia et al., A DDoS attack detection method based on hybrid heterogeneous multiclassifier ensemble learning, Hindawi J. Elect. Comput. Eng. 2017 (2017), 4975343:1-9.
  23. M. E. Aminanto et al., Deep abstraction and weighted feature selection for Wi-Fi impersonation detection, IEEE Trans. Inf. Forensics Secur. 13 (2018), no. 3, 621-635. https://doi.org/10.1109/TIFS.2017.2762828
  24. T. George, The next big cybercrime vector: Social media, Security Week (2014) Retrieved from https://www.secur itywe ek.com/nextbig-cybercrime-vector-social-media
  25. T. Peng, C. Leckie, and K. Ramamohanarao. Survey of networkbased defense mechanisms countering the DoS and DDoS problems, ACM Comput. Surveys. 39 (2007), no. 1, 3:1-42.
  26. N. Hoque, H. Kashyap, and D. K. Bhattacharyya, Real-time DDoS attack detection using FPGA, Comput. Commun. 110 (2017), no. C, 48-58. https://doi.org/10.1016/j.comcom.2017.05.015
  27. H. Choi and H. Lee, Identifying botnets by capturing group activities in DNS traffic, Comput. Netw. 56 (2012), 20-33. https://doi.org/10.1016/j.comnet.2011.07.018
  28. S. Suresh and N. S. Ram, A review on various DPM trace back schemes to detect DDoS attacks, Indian J. Sci. Technol. 9 (2016), no. 47, 1-8.
  29. J. Katerina, K. Argyraki, and D. R. Cheriton, Active internet traffic filtering: real-time response to denial-of-service attacks, IEEE/ACM Trans. Netw. 17 (2009), no. 4, 1284-1297. https://doi.org/10.1109/TNET.2008.2007431
  30. F. Anjum, D. Subhadrabandhu, and S. Sarkar, Signature based Intrusion Detection for Wireless Ad-Hoc Networks: A Comparative study of various routing protocols, in Proc. Veh. Technol. Conf., Orlando, FL, USA, Oct. 2003, pp. 2152-2156.
  31. S. M. T. Nezhad, M. Nazari, and E. A. Gharavol, A novel DoS and DDoS attacks detection algorithm using ARIMA time series model and chaotic system in computer networks, IEEE Commun. Lett. 20 (2016), no. 4, 700-703. https://doi.org/10.1109/LCOMM.2016.2517622
  32. Q. Yan and F. R. Yu, Distributed denial of service attacks in software-defined networking with cloud computing, IEEE Commun. Mag. 53 (2015), no. 4, 52-59. https://doi.org/10.1109/MCOM.2015.7081075
  33. G. Somani et al., Scale inside-out: rapid mitigation of cloud DDoS attacks, IEEE Trans. Dependable Secure Comput. 15 (2018), no. 6, 1-14. https://doi.org/10.1109/TDSC.2017.2779333
  34. S.-S. Alireza et al., Taxonomy of distributed denial of service mitigation approaches for cloud computing, J. Netw. Comput. Applicat. 58 (2015), 165-179. https://doi.org/10.1016/j.jnca.2015.09.005
  35. S. Behal and K. Kumar, Measuring the impact of DDoS attacks on Web Services - A realtime experimentation, Int. J. Comput. Sci. Inf. Security. 14 (2016), no. 9, 323-330.
  36. P. Probst, A.-L. Boulesteix, and B. Bisch, Tunability: importance of hyperparameters of machine learning algorithms, J. Mach. Learn. Research. 20 (2019), 1-32.
  37. J. Kimet al., CHOPT: automated hyperparameter optimization framework for cloud-based machine learning platforms, 2018, arXiv: 1810.03527v2.
  38. J. Wu et al, Hyperparameter optimization for machine learning models based on bayesian optimization, J. Electron. Sci. Technol. 17 (2019), no 1, 26-40.
  39. D. H. Deshmukh, T. Ghorpade, and P. Padiya. Improving classification using preprocessing and machine learning algorithms on NSL-KDD dataset, in Proc. Int. Conf. Commun. Inf. Ccomput. Technol., Mumbai, India, Jan. 2015, pp. 1-6.
  40. CAIDA: Index of/datasets/security/ddos-20070804 [Online] Available from: https://data.caida.org/datasets/security/ddos-20070804/
  41. MIT Lincoln Lab. Available from: https://www.ll.mit.edu/ideva l/data/1998data.html [last accessed March 22, 2019].
  42. Dataset (used for submain) final dataset.rar Available from: https://www.researchgate.net/publication/292967044_Datas et_Detecting_Distr ibuted_Denial_of_Service_Attac ks_Using_Data_Mining_Techniques
  43. J. W. Osborne, Improving your data transformations: Applying the Box-Cox transformation, Practical Assessment, Research Evaluation 15 (2010), no. 12, 1-9.
  44. D. P. Kingma and J. L. Ba, ADAM: A method for stochastic optimization, in Proc. Int. Conf. Learn. Representations, San Diego, USA, 2015, 1-15.
  45. A. Azzouni and G. Pujolle. A long short-term memory recurrent neural network framework for network traffic matrix prediction, arxiv 1705.05690, v3 Thu, 8 Jun 2017.

피인용 문헌

  1. Evaluations of AI-based malicious PowerShell detection with feature optimizations vol.43, pp.3, 2019, https://doi.org/10.4218/etrij.2020-0215
  2. Estimation of Various Walking Intensities Based on Wearable Plantar Pressure Sensors Using Artificial Neural Networks vol.21, pp.19, 2019, https://doi.org/10.3390/s21196513