Research Application of Ensemble Machine Learning Methods to the Problem of Multiclass Classification of DDoS Attacks Identification

Autor: Natalia Yanishevskaya, Leonid Legashev, Arthur Zhigalov, Denis Parfenov, Irina Bolodurina, Larisa Kuznetsova
Rok vydání: 2020
Předmět:
Zdroj: 2020 International Conference Engineering and Telecommunication (En&T).
DOI: 10.1109/ent50437.2020.9431255
Popis: This article studies the actual problem of network security. In particular, the task of identifying DDoS attacks is being solved. As part of the study, a solution was proposed based on expanding the set of features traditionally used to identify attacks on networks using a specialized hashing algorithm for individual blocks of device configuration files in the considered network of devices. Using the proposed approach, the identification of attacks was carried out using machine learning methods to ensure security in the Internet of Things networks. The approaches to the binary and multiclass classification of network traffic were investigated to detect attacking influences, taking into account the proposed hashing algorithm. As part of a pilot study, the article provides a comparative analysis of machine learning methods such as Gradient Boosting, AdaBoost, and CatBoost using the CICDDoS2019 dataset. It was found that in the case of binary classification, the best classifier from the considered ones is CatBoost with an accuracy of 99.3%, which is on average 0.3% higher than the existing algorithms. In the multiclass classification, the CatBoost algorithm on a feature set using hashing of data from network devices also shows the best performance, with an accuracy level of 97%, which is at least 3.9% better than similar classifiers. The decrease in accuracy in the multiclass classification did not have a significant effect on the result, but it made it possible to increase the solution performance by 11.5% in comparison with the full set of features used in traditional attack analysis.
Databáze: OpenAIRE
Externí odkaz: