Feasibility Evaluation of Compact Flow Features for Real-time DDoS Attacks Classifications

Muhammad Fajar, Sidiq and Nanda, Aryani (2023) Feasibility Evaluation of Compact Flow Features for Real-time DDoS Attacks Classifications. In: 2022 IEEE International Conference on Communication, Networks and Satellite (COMNETSAT), 03-05 November 2022, Purwokerto.

[img] Text
1570829674 stamped-e-1.pdf

Download (651kB)
[img] Text
Daftar Isi Comnetsat 2022.pdf

Download (269kB)
[img] Text
Cek Plagiat Feasibility_Evaluation_of_Compact_Flow_Features_fo.pdf

Download (1MB)
[img] Text
Front_Cover 22 a4.pdf

Download (190kB)
[img] Text
Program_Schedule 22.pdf

Download (520kB)
[img] Text
Welcome_Message 22.pdf

Download (130kB)
[img] Text
Committee 22.pdf

Download (189kB)
[img] Text
IEEE Comnetsat 2022 Cover Editor Daftar Isi Paper.pdf

Download (1MB)
Official URL: https://ieeexplore.ieee.org/abstract/document/9994...

Abstract

According to the research trend, training the distributed denial of services (DDoS) attacks classifier using network flow features will yield higher classification performances and efficiency than the per-packet-based approach. Nonetheless, the existing flow-based classifier uses bloated features and offline flow extraction that is not suitable for real-time DDoS protection. This study investigates the feasibility of compact flow features that can be directly extracted using a programmable switch for real-time DDoS attack classification. The proposed method considers only four flow features: IP protocols, packet counter, total byte counter, and the delta time of a network flow. The evaluation results on the CICDDoS2019 dataset showed a comparable classification performance to the works that use bloated features (24 - 82 features). The best result was achieved by the decision tree and the random forest classifier showing ≥ 89.5% scores in accuracy, precision, recall, and F1 score. The proposed models can classify 10 out of 12 DDoS attacks correctly, failing only to discriminate between SSDP and UDP-based DDoS attacks. In addition, the trained classifier shows a better generalization ability by retaining similar performances on unseen 42.8 millions flow data while trained on ≤ 200 thousand flow data. At last, the proposed method is suitable for real-time application since it supports quick classification performance of up to 9.6 millions of flow inferring per second on the Decision Tree classifier.

Item Type: Conference or Workshop Item (Paper)
Depositing User: Muhammad Fajar Sidiq
Date Deposited: 22 Sep 2023 01:42
Last Modified: 26 Sep 2023 10:39
URI: http://repository.ittelkom-pwt.ac.id/id/eprint/9954

Actions (login required)

View Item View Item