Large-scale network packet analysis for intelligent DDoS attack detection development

Distributed Denial of Service (DDoS) attacks are a serious threat to network security. Servers of many companies and/or governments have been victims of such attacks. DDoS attacks jam the network service of the target using multiple bots hijacked by crackers and send numerous packets to the target server. In such an attack, detecting the crackers is extremely difficult, because they only send a command by multiple bots from another network and then leave the bots quickly after command execute. Therefore, we need an intelligent detection system for DDoS attacks to defend network services. To develop the system, we utilized machine learning techniques to study the patterns of DDoS attacks and detect them. We analyzed large numbers of network packets provided by the Center for Applied Internet Data Analysis, and detected some important patterns that affect the accuracy of the detection system. We implemented the detection system using the patterns of DDoS attacks. A support vector machine with the radial basis function (Gaussian) kernel is its core part. The detection system is accurate in detecting DDoS attacks.