Title: Flow-based machine learning approach for slow HTTP distributed denial of service attack classification
Authors: N. Muraleedharan; B. Janet
Addresses: Centre for Development of Advanced Computing (C-DAC), #68, Electronics city, Bangalore, India ' Computer Applications Department, National Institute of Technology, Tiruchirappalli, India
Abstract: Distributed denial of service (DDoS) attack is one of the common threats to the availability of services on the internet. The DDoS attacks are evolved from volumetric attack to slow DDoS. Unlike the volumetric DDoS attack, the slow DDoS traffic rate looks similar to the normal traffic. Hence, it is difficult to detect using traditional security mechanism. In this paper, we propose a flow-based classification model for slow HTTP DDoS traffic. The important flow level features were selected using CICIDS2017 dataset. Impacts of time, packet length and transmission rate for slow DDoS are analysed. Using the selected features, three classification models were trained and evaluated using two benchmark datasets. The results obtained reveal the proposed classifiers can achieve higher accuracy of 0.997 using RF classifiers. A comparison of the results obtained with state-of-the-art approaches shows that the proposed approach can improve the detection rate by 19.7%.
Keywords: denial of service; slow DDoS; application layer DoS; machine learning; network flow; slow HTTP DDoS; slowloris; slow read.
International Journal of Computational Science and Engineering, 2021 Vol.24 No.2, pp.147 - 161
Received: 24 Apr 2020
Accepted: 08 Sep 2020
Published online: 18 May 2021 *