DDoS Attack Modeling and Detection Using SMO


Daneshgadeh S., BAYKAL N., ERTEKİN BOLELLİ Ş.

16th IEEE International Conference on Machine Learning and Applications (ICMLA), Cancun, Meksika, 18 - 21 Aralık 2017, ss.432-436 identifier identifier

  • Yayın Türü: Bildiri / Tam Metin Bildiri
  • Doi Numarası: 10.1109/icmla.2017.0-123
  • Basıldığı Şehir: Cancun
  • Basıldığı Ülke: Meksika
  • Sayfa Sayıları: ss.432-436
  • Anahtar Kelimeler: DDoS attack detection, machine learning, feature extraction
  • Orta Doğu Teknik Üniversitesi Adresli: Evet

Özet

Over the last decade, Distributed Denial of Service (DDoS) attacks have been employed to cause huge financial and prestige loss to different kinds of e-business. Attackers also target governmental websites using DDoS attack's as a new weapon in the world of cyber war. The importance of the issue has inspired many researchers,from academia and the industry to provide solutions to this type of challenging attack. In this study, we simulated DDoS attacks in a virtual lab and then collected firewall logs from the Security Information and Event Management (STEM) platform of a company in the field of security management solutions. We extracted 14 research features from firewall logs and applied a SMO algorithm to train our data using 10 fold cross-validation. The SMO with PolyKernel was able to create a prediction model without any false alarm. We also tested our model with two different datasets. This research is an ongoing multistep study. Future research will concentrate on online DDoS detection.