DDOS DETECTION MODELS USING MACHINE AND DEEP LEARNING ALGORITHMS AND DISTRIBUTED SYSTEMS

Abstract

Distributed Denial-of-Service (DDoS) attacks are considered to be a major security threat to online servers and cloud providers. Intrusion detection systems have utilized machine learning as one of the solutions to the DDoS attack detection problem for over a decade, and recently, they have been deployed in a distributed system. Another promising approach is deep learningbased intrusion detection system. While these approaches seem to produce favourable results, they also bring new challenges. One of the primary challenges is to find an optimal trade-off between prediction accuracy and delays, including model training delays. We propose a DDoS attack detection system that uses machine learning and/or deep learning algorithms, executed in a distributed system, with four different, but complementary, techniques: first, we introduce a DDoS attack detection framework that utilizes a robust classification algorithm, namely Gradient Boosting, to investigate the trade-off between the accuracy and the model training time by manually tuning the classifier parameters. The results are promising and show that the framework provides a lightweight model that is able to achieve good performance and can be trained in a short time. Secondly, we address the problem of automatic selection of a classifier, from a set of available classifiers, with a framework that uses fuzzy logic. The results show that the framework efficiently selects the best classifier from the set of available classifiers. Thirdly, we develop a framework that utilizes several Feature Selection algorithms to reduce the dimensionality of the dataset, and thereby shortening the model training time. The results are promising in that they show that the approach is not only feasible, but that it reduces the training time without decreasing the accuracy of prediction. Lastly, we introduced a deep learning-based DDoS detection system that uses a Multi-Layer Perceptron (MLP) neuron network algorithm running in a distributed system environment. The results show that the system has a promising performance with deeper architectures trained on large data sets.