TY - JOUR
T1 - On the performance of intelligent techniques for intensive and stealthy DDos detection
AU - Liang, Xiaoyu
AU - Znati, Taieb
N1 - Publisher Copyright:
© 2019
PY - 2019/12/9
Y1 - 2019/12/9
N2 - Distributed Denial of Services (DDoS) attacks continue to be one of the most challenging threats to the Internet. The intensity and frequency of these attacks are increasing at an alarming rate. With the promising results presented by Machine Learning (ML) techniques in variety fields, researchers have proposed numerous intelligent schemes to defend against DDoS attacks and mitigate their impact. This paper presents a taxonomy of the ML-based DDoS detection schemes, focusing on the important features and mechanisms that each scheme uses to detect and mitigate the impact of these attacks. The taxonomy is developed based on a thorough and extensive review of the literature, focusing on the most prominent and highly cited schemes that have been proposed over the last decade. The taxonomy is then used as a basis for the development of a framework to conduct a comprehensive empirical evaluation of the basic mechanisms underling the design of the selected ML-based DDoS defense schemes against a variety of attack scenarios. Rather than dealing with the specific details of a particular DDoS defense scheme, this work focuses on the “building blocks” of the intelligent DDoS detection and prevention schemes. The intelligent mechanisms underlying the selected schemes are implemented and evaluated using different performance metrics. The impact of different influential factors are also explored, including the observable traffic proportions, attack intensities and the “Class Imbalance Problem” of ML-based DDoS detection. The results of the comparative analysis show that no single technique outperforms all others in all test cases. Furthermore, the results underscore the need for a method oriented feature selection model to enhance the capabilities of ML-based detection techniques. Finally, the results show that the class imbalance problem significantly impact performance, underscoring the need for further research to address this problem and ensure high-quality DDoS detection in real-time.
AB - Distributed Denial of Services (DDoS) attacks continue to be one of the most challenging threats to the Internet. The intensity and frequency of these attacks are increasing at an alarming rate. With the promising results presented by Machine Learning (ML) techniques in variety fields, researchers have proposed numerous intelligent schemes to defend against DDoS attacks and mitigate their impact. This paper presents a taxonomy of the ML-based DDoS detection schemes, focusing on the important features and mechanisms that each scheme uses to detect and mitigate the impact of these attacks. The taxonomy is developed based on a thorough and extensive review of the literature, focusing on the most prominent and highly cited schemes that have been proposed over the last decade. The taxonomy is then used as a basis for the development of a framework to conduct a comprehensive empirical evaluation of the basic mechanisms underling the design of the selected ML-based DDoS defense schemes against a variety of attack scenarios. Rather than dealing with the specific details of a particular DDoS defense scheme, this work focuses on the “building blocks” of the intelligent DDoS detection and prevention schemes. The intelligent mechanisms underlying the selected schemes are implemented and evaluated using different performance metrics. The impact of different influential factors are also explored, including the observable traffic proportions, attack intensities and the “Class Imbalance Problem” of ML-based DDoS detection. The results of the comparative analysis show that no single technique outperforms all others in all test cases. Furthermore, the results underscore the need for a method oriented feature selection model to enhance the capabilities of ML-based detection techniques. Finally, the results show that the class imbalance problem significantly impact performance, underscoring the need for further research to address this problem and ensure high-quality DDoS detection in real-time.
KW - DDoS detection review
KW - Empirical analysis
KW - Machine learning
UR - http://www.scopus.com/inward/record.url?scp=85072853981&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85072853981&partnerID=8YFLogxK
U2 - 10.1016/j.comnet.2019.106906
DO - 10.1016/j.comnet.2019.106906
M3 - Article
AN - SCOPUS:85072853981
SN - 1389-1286
VL - 164
JO - Computer Networks
JF - Computer Networks
M1 - 106906
ER -