عليرضا سيف الساداتي

Abstract: Regarding to the vast usage of the internet and its vital effects on humans life; maintaining security and availability of online connections and services has became essential. DDoS attacks are one of main cyber threats that aim to make an online service out of reach of its legitimate users by overwhelming existing resources of service provider. Fortunately, in past recent years, machine-learning and data-mining are showing promising bright sight in context of DDoS detection. Therefore this research tries to take advantage of data-mining techniques and develop a machine-learning DDoS detection model. Hence in the first step of this research, the respective literature was reviewed and as a result, a comprehensive taxonomy of attack types based on their influence and categories of methods and techniques of data pre-processing and machine learning model development for DDoS detection were represented. However, among resembling researches that were surveyed, no endeavor about developing models for classifying attack types or deploying existing models for real-time implementation was found. Therefore the model that is developed in this research, tries to contribute with respective body of knowledge by filling these research gaps. Thus, this model is able to accurately classify attack types based on labels that were available in training dataset and an approach for deploying the developed model was devised. Moreover, data pre-processing, model training, eva‎luating its performance and validating the results were done precisely and completly during model development phase. The developed model was deployed on a dedicated web server configured with ‘Python’ frame-work ‘Flask’, based on ‘Model-as-Service’ strategy which enables users to send arrays of features extracted from network traffic flows as a ‘JSON’ request and immediately receive its classification response from real-time processing and predicting, done by the model. Eventually, zero-day attacks, were simulated with ‘SSDP’ and ‘SNMP’ datasets that were excluded during training phase and the model was assessed by these kind of data, that has not seen yet, which is equivalent of zero-day attacks. Among machine learning algorithms that were tested on the model, ensemble learning algorithms, such as XGBoost and ADABoost performed extremely accurate and acceptable in all binary/multiclass classifications and zero day attack simulations. In conclusion, the proposed system and models in this research, are absolutely proper for real-time DDoS detection.

حملات منع دسترسي , شناسايي حملات منع دسترسي , يادگيري ماشين , داده كاوي , تحليل و طبقه بندي ترافيك شبكه

Denial of Service Attacks , Detection of Denial of Service Attacks , Machine-Learning , Data-Mining , Analysis and Classification of Network Traffic

Alireza Seifousadati

Dr. Mohammad Fathian