A TIME-INTERVAL-BASED DDOS DETECTION SYSTEM USING MACHINE LEARNING TECHNIQUES

Nowadays network security has become much more vital than ever since the computer network is tied to people’s lives. Dealing with network attacks is becoming more uphill as we go further. In the field of network attacks, DDoS attacks need more attention as they are widespread and the consequences of these attacks might be considerable. As these attacks can occur asymmetrically and there is no certain solution to dealing with them, machine learning algorithms can be used to detect and mitigate them even for those known as Zero-Day attacks. In this paper, a DDoS attack detection system is proposed based on time intervals that classifies the behavior of network users’ traffic into N clusters which N can be extracted from network traffic flow clustering using the DBSCAN algorithm. This classification leads to extracting a new feature in order to improve the metrics of the trained models. To demonstrate the impact of the new feature, several models have been trained using prevalent ML algorithms such as Support Vector Machine (SVM), Random Forest (RF), and XGBoost to detect the attacks. The model is also validated with the most popular and latest DDoS attack dataset (CICDDoS2019) that has published in 2019 with an accuracy of 99.98%. The contribution of this research is providing a new feature that has been extracted from network traffic clustering based on the time intervals to increase accuracy in attack detection.