Title: Flow-based machine learning approach for slow HTTP distributed denial of service attack classification

Authors: N. Muraleedharan; B. Janet

Addresses: Centre for Development of Advanced Computing (C-DAC), #68, Electronics city, Bangalore, India ' Computer Applications Department, National Institute of Technology, Tiruchirappalli, India

Abstract: Distributed denial of service (DDoS) attack is one of the common threats to the availability of services on the internet. The DDoS attacks are evolved from volumetric attack to slow DDoS. Unlike the volumetric DDoS attack, the slow DDoS traffic rate looks similar to the normal traffic. Hence, it is difficult to detect using traditional security mechanism. In this paper, we propose a flow-based classification model for slow HTTP DDoS traffic. The important flow level features were selected using CICIDS2017 dataset. Impacts of time, packet length and transmission rate for slow DDoS are analysed. Using the selected features, three classification models were trained and evaluated using two benchmark datasets. The results obtained reveal the proposed classifiers can achieve higher accuracy of 0.997 using RF classifiers. A comparison of the results obtained with state-of-the-art approaches shows that the proposed approach can improve the detection rate by 19.7%.

Keywords: denial of service; slow DDoS; application layer DoS; machine learning; network flow; slow HTTP DDoS; slowloris; slow read.

DOI: 10.1504/IJCSE.2021.115101

International Journal of Computational Science and Engineering, 2021 Vol.24 No.2, pp.147 - 161

Received: 24 Apr 2020
Accepted: 08 Sep 2020

Published online: 18 May 2021 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article