Master of Science
The ever-increasing frequency of occurrence and sophistication of DDoS attacks pose a serious threat to network security. Accurate classification of DDoS attacks with efficiency is crucial in order to develop effective defense mechanisms. In this thesis, we propose a novel approach for DDoS classification using the CatBoost algorithm, on CICDDoS2019, a benchmark dataset containing 12 variations of DDoS attacks and legitimate traffic using real-world traffic traces. With a developed ensemble feature selection method and feature engineering, our model proves to be a good fit for DDoS attack type prediction. Our experimental results demonstrate that our proposed approach achieves high classification accuracy of 89.5% and outperforms several state-of-the-art machine learning algorithms in terms of both accuracy and computational efficiency. The thesis does not only limit itself to achieving a good prediction score, it also uses the recently introduced concept of explainable AI (XAI) as a tool for ensuring transparency and interpretability of the proposed approach. Our approach can be applied in real-world scenarios to enhance the security of network infrastructure against DDoS attacks.
Summary for Lay Audience
Cyber-attacks have become increasingly sophisticated and can be considered to be a growing threat to the technology-dependent world. Distributed Denial of Service (DDoS) attack is a type of such attack that has an exponentially growing number of occurrences. Briefly, in a DDoS attack, attackers flood a server with traffic to overwhelm it, making it unavailable to the legitimate users. The attackers can be in different locations and cause chaos from sources difficult to trace.
To address this problem and to come up with better mitigation strategies, researchers have developed machine learning algorithms for classifying DDoS attacks with better efficiency. Deep learning is a type of machine learning that uses neural networks to learn patterns in data. By analyzing network traffic data, algorithms can learn to distinguish between benign traffic and malicious traffic that are sub-types of DDoS attack. With an aim to solve this problem, this thesis focuses on developing and improving machine learning algorithms by using different data pre-processing and selection techniques and examining different neural network architectures to enhance the performance of the algorithms.
The goal of the research is to provide network security professionals with better tools to detect and respond to DDoS attacks. By improving the classification of different types of attacks, the algorithms can help affected organizations to effectively identify and mitigate threats to their networks with specific mitigation techniques. The research has the potential to improve the security of computer networks and shield from the ever-growing threat of cyber-attacks. The use of machine learning algorithms in detecting and classifying DDoS attacks can help organizations to better safeguard their networks and ensure the reliability of their services. The developed model in this thesis outperforms the existing works on addressing the mentioned problem with stellar performance evaluation scores.
Anbar, Amreen, "Classification of DDoS Attack with Machine Learning Architectures and Exploratory Analysis" (2023). Electronic Thesis and Dissertation Repository. 9622.