DDoS Attack Modeling and Detection Using SMO


16th IEEE International Conference on Machine Learning and Applications (ICMLA), Cancun, Mexico, 18 - 21 December 2017, pp.432-436 identifier identifier

  • Publication Type: Conference Paper / Full Text
  • Doi Number: 10.1109/icmla.2017.0-123
  • City: Cancun
  • Country: Mexico
  • Page Numbers: pp.432-436
  • Keywords: DDoS attack detection, machine learning, feature extraction
  • Middle East Technical University Affiliated: Yes


Over the last decade, Distributed Denial of Service (DDoS) attacks have been employed to cause huge financial and prestige loss to different kinds of e-business. Attackers also target governmental websites using DDoS attack's as a new weapon in the world of cyber war. The importance of the issue has inspired many researchers,from academia and the industry to provide solutions to this type of challenging attack. In this study, we simulated DDoS attacks in a virtual lab and then collected firewall logs from the Security Information and Event Management (STEM) platform of a company in the field of security management solutions. We extracted 14 research features from firewall logs and applied a SMO algorithm to train our data using 10 fold cross-validation. The SMO with PolyKernel was able to create a prediction model without any false alarm. We also tested our model with two different datasets. This research is an ongoing multistep study. Future research will concentrate on online DDoS detection.