Enhancing Multi-Class DDoS Attack Classification using Machine Learning Techniques

Abstract

Distributed Denial of Service (DDoS) attacks, which adversely impact network availability, confidentiality, and integrity, represent a persistent threat. These attacks involve affected systems consuming resources through spurious requests instead of serving legitimate clients. Various methodologies exist for detecting and mitigating DDoS attacks, with Machine Learning (ML) emerging as a particularly effective approach due to its predictive capabilities after training on pertinent data. The primary objective of this study is to identify an improved ML algorithm for the detection of multiple DDoS types, considering metrics such as accuracy, precision, recall, and training time. Leveraging WEKA tools and the CICDDoS2019 dataset, several machine-learning algorithms, including Multilayer Perceptron, Reduced Error Pruning (REP) Tree, Partial Decision Tree (PART), RandomForest, and J48, were trained and evaluated. Among these, J48 was determined to be the superior algorithm for classifying four DDoS types (UDP, SYN, Portmap, MSSQL), based on the aforementioned criteria. The algorithms were experimented with using diverse sets of features, and optimal results were obtained using six features, resulting in an overall accuracy of 99.97%. Subsequently, the selected algorithm was integrated into a real-time model, exhibiting exceptional performance, which will be thoroughly elucidated and discussed in a forthcoming paper.