Enhancing DDoS attack Detection using Machine Learning and Deep Learning Models

Abstract

Technology has become an essential part of our daily lives, indispensable for both individuals and enterprises. It facilitates the exchange of an extensive range of information across different spaces. However, Internet security is a critical challenge in today's digital age with growing dependence on IT services. Thus, various network environments can be vulnerable to attacks, causing resource depletion and hindering support for legitimate users. One of these attacks is the Distributed Denial of Service (DDoS) attack. The nature of this type of attack is such that it impacts the availability of the system. The impact to confidentiality is primary due to threat actors using DDoS as method to create chaos whilst lunching cyber-attacks on other part of infrastructures. Therefore, it is essential that DDoS attacks required sharper focus from a research perspective.

The network intrusion detection system (NIDSs) are important tool to detect and monitor the network environment from DDoS attacks. However, NIDS tools suffer from several limitation such as detecting new attack and misclassified attacks. Therefore, Machine Learning (ML) and Deep Learning (DL) models are increasingly being used for automated detection of DDoS attacks. While several related works deployed ML for NIDS, most of these approaches ignore the appropriate pre-processing and overfitting problem during the implementation of ML algorithms. As a result, it can impact the robustness of the anomaly detection system and lead to poor model performance for zero-day attacks.

In this research study, the researcher is proposing a new ML and DL approach based on hybrid feature selection and appropriate pre-processing operation to classify the network flow into normal or DDoS attacks. The results of the experiments carried out by researcher suggest the efficiency and the reliability of the proposed lightweight models in achieving high detection rate while minimising the detection time with less number of features. This project complies with following two CyBOK Skills areas: Network Security: The project evaluates the network security and introduces efficient, lightweight models for DDoS attack detection. Security Operations and Incident Management: The project enhances incident management capabilities by crafting ML that monitors network flows within NIDS.