Supervised learning to detect DDoS attacks

Author

Balkanli, Eray ; Alves, Joao ; Zincir-Heywood, A. Nur

Author_Institution

Fac. of Comput. Sci., Dalhousie Univ., Halifax, NS, Canada

fYear

2014

fDate

9-12 Dec. 2014

Firstpage

1

Lastpage

8

Abstract

In this research, we explore the performances of two supervised learning techniques and two open-source network intrusion detection systems (NIDS) on backscatter darknet traffic. We employ Bro and Corsaro open-source systems as well as the CART Decision Tree and Naive Bayes machine learning classifiers. While designing our machine learning classifiers, we used different sizes of training/test sets and different feature sets to understand the importance of data pre-processing. Our results show that a machine learning base approach can achieve very high performance on such backscatter darknet traffic without using IP addresses and port numbers.

Keywords

Bayes methods; computer network security; decision trees; learning (artificial intelligence); pattern classification; public domain software; Bro open-source system; CART decision tree classifier; Corsaro open-source system; DDoS attacks; IP addresses; NIDS; Naive Bayes machine learning classifier; backscatter darknet traffic; network intrusion detection systems; supervised learning techniques; Backscatter; Computer crime; Decision trees; IP networks; Ports (Computers); Protocols; Training; Backscatter detection; Network security; Supervised learning; network intrusion detection systems;

fLanguage

English

Publisher

ieee

Conference_Titel

Computational Intelligence in Cyber Security (CICS), 2014 IEEE Symposium on

Conference_Location

Orlando, FL

Type

conf

DOI

10.1109/CICYBS.2014.7013367

Filename

7013367