K-Means clustering-based semi-supervised for DDoS attacks classification

Mahdi Nsaif Jasim, Methaq Talib Gaata


Network attacks of the distributed denial of service (DDoS) form are used to disrupt server replies and services. It is popular because it is easy to set up and challenging to detect. We can identify DDoS attacks on network traffic in a variety of ways. However, the most effective methods for detecting and identifying a DDoS attack are machine learning approaches. This attack is considered to be among the most dangerous internet threats. In order for supervised machine learning algorithms to function, there needs to be tagged network traffic data sets. On the other hand, an unsupervised method uses network traffic analysis to find assaults. In this research, the K-Means clustering algorithm was developed as a semi-supervised approach for DDoS classification. The proposed algorithm is trained and tested with the CICIDS2017 dataset. After using the proposed hybrid feature selection methods and applying multiple training, testing, and carefully sorting DDoS traffic through a series of experiments, the optimum 2 centroids were found to be DDoS and normal. The generated centroids can be used to classify network traffic. So the proposed method succeeded to cluster the network traffic to safe and theat.


CICIDS2017; Clustering; Distributed denial of service; Feature selection; K-Means algorithm; Network security

Full Text:


DOI: https://doi.org/10.11591/eei.v11i6.4353


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Bulletin of EEI Stats