PACKET THRESHOLD ALGORITHM COUPLED WITH MACHINE LEARNING FOR DDoS CLASSIFICATION ATTACKS

Abstract

Today, DDoS attacks are the most common Internet threats. DDoS attacks are generated by attackers from anywhere to disable a company's servers from being accessed by users worldwide. An attacker can easily launch one or more types of DDoS attacks at a time. DDoS attacks that can be generated by attackers include Slowloris, UDP flood, Smurf, HTTP flood, TCP SYN flood and more. Therefore, we have proposed a technique called the Packet Threshold Algorithm (PTA) in this paper, where it is combined with several machine learning to classify normal packet and DDoS attacks, namely UDP flood, Smurf, TCP SYN flood and Ping of Death. There are four machine learning, which are K-Nearest Neighbor (KNN), Naïve Bayes, Logistic Regression and Support Vector Machine (SVM) combined with the Packet Threshold Algorithm (PTA) to reduce the false positive rate to obtain high detection accuracy. Among the four combinations of techniques, PTA-KNN has been considered the best technique in the context of the reduction of false positive rates. The determination of this best technique is based on the PTA-KNN has achieved the highest detection accuracy (99.83%) compared to the other three techniques with only a 0.02% false positive rate. The determination
of this best technique is based on the PTA-KNN has achieved the highest detection accuracy (99.83%) compared to the other three techniques with only a 0.02% false positive rate.