Efficient model for detecting application layer distributed denial of service attacks

Morenikeji Kabirat Kareem, Olaniyi Dada Aborisade, Saidat Adebukola Onashoga, Tole Sutikno, Olaniyi Mathew Olayiwola

Abstract


The increasing advancement of technologies and communication infrastructures has been posing threats to the internet services. One of the most powerful attack weapons for disrupting web-based services is the distributed denial of service (DDoS) attack. The sophisticated nature of attack tools being created and used for launching attacks on target systems makes it difficult to distinguish between normal and attack traffic. Consequently, there is a need to detect application layer DDoS attacks from network traffic efficiently. This paper proposes a detection system coined eXtreme gradient boosting (XGB-DDoS) using a tree-based ensemble model known as XGBoost to detect application layer DDoS attacks. The Canadian institute for cybersecurity intrusion detection systems (CIC IDS) 2017 dataset consisting of both benign and malicious attacks was used in training and testing of the proposed model. The performance results of the proposed model indicate that the accuracy rate, recall, precision rate, and F1-score of XGB-DDoS are 0.999, 0.997, 0.995, and 0.996, respectively, as against those of k-nearest neighbor (KNN), support vector machine (SVM), principal component analysis (PCA) hybridized with XGBoost, and KNN with SVM. So, the XGB-DDoS detection model did better than the models that were chosen. This shows that it is good at finding application layer DDoS attacks.

Keywords


Application layer k-nearest neighbor; Distributed denial of service attack; Principal component analysis; Support vector machine; Web-based service; XGBoost

Full Text:

PDF


DOI: https://doi.org/10.11591/eei.v12i1.3871

Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Bulletin of EEI Stats