Title: Detection of denial of service using a cascaded multi-classifier

Authors: Avneet Dhingra; Monika Sachdeva

Addresses: Department of Computer Science and Engineering, I.K. Gujral Punjab Technical University, Kapurthala, Punjab, India ' Department of Computer Science and Engineering, I.K. Gujral Punjab Technical University, Kapurthala, Punjab, India

Abstract: The paper proposes a cascaded multi-classifier two-phase intrusion detection (TP-ID) approach that can be trained to monitor incoming traffic for any suspicious data. It addresses the issue of efficient detection of intrusion in traffic and further classifies the suspicious traffic as a DDoS attack or flash event. Features portraying the behaviour of normal, DDoS attack, and flash event are extracted from historical data obtained after merging CAIDA'07, SlowDoS2016, CIC-IDS-2017, and WorldCup 1998 benchmark datasets available online along with the commercial dataset for e-shopping assistant website. Information gain is applied to rank and select the most relevant features. TP-ID applies supervised learning algorithms in the two phases. Each phase tests the set of classifiers, the best of which is chosen for building a model. The performance of the system is evaluated using the detection rate, false-positive rate, mean absolute percentage error, and classification rate. The proposed approach classifies the traffic anomalies with a 99% detection rate, 0.43% FPR, and 99.51% classification rate.

Keywords: distributed denial of service; DDoS attack; flash event; detection rate; network security; detection system; supervised learning algorithms; machine learning; extra tree classifier; ETC; random forest.

DOI: 10.1504/IJCSE.2021.117028

International Journal of Computational Science and Engineering, 2021 Vol.24 No.4, pp.405 - 416

Received: 23 Aug 2020
Accepted: 08 Dec 2020
Published online: 12 Aug 2021 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article