DDoS ATTACK DETECTION USING SUPERVISED MACHINE LEARNING ALGORITHMS OVER THE CIDDOS2019 DATASET

Abstract

Distributed Denial-of-Service (DDoS) attacks are one of the most common types of cyber-attacks that can cause severe damage to networks and systems. Traditional methods to detect them rely on signature-based Intrusion Detection Systems (IDS), which are limited by the need of prior knowledge of specific patterns and by the usual ineffectiveness against zero-day attacks. However machine learning (ML) algorithms have the potential to support the detection of new and unknown attacks. This article compares the DDoS detection performance of three Machine Learning techniques: Gaussian Naïve Bayes, Logistic Regression and Random Forest, based on validation metrics such as precision, recall and F1 score. The system was trained using three datasets extracted from CICDDoS2019 database. The results proved the detection of attacks at Layer 4 (TCP SYN/ UDP flood), and at reflective Layer 7 (MSSQL, NetBIOS). The Random Forests and Logistic Regression methods achieved a precision between 93.7% and 99.4 % over these three datasets.