A Machine Learning Based Classification and Prediction Technique for DDoS Attacks using KNN and Naïve Bayes Algorithm

A Machine Learning Based Classification and Prediction Technique for DDoS Attacks using KNN and Nave Bayes Algorithm

ltine Learning Based Classification And Pre, que For Ddos Attacks Using Knn And Na1vt:

>hijitb V Nair 1

-tech Student

Chandralekba j 3 B-tech Student

Science &Engineering

Computer Science &Engj

Colleg Of Engineering

Mangalam Colleg Of Eng

larsh P Baiju2

Govind G Das 4

-tech Student

cience &Engineering Colleg Of Engineering

Mr.Eldhose K Paul5 Computer Science &Engineering

B-tech Student Computer Science &En Mangalam Colleg Of En

Mangalam Colleg Of Engineering

1ted denial of service (DDoS) attack is rial of service (DoS) attack. DDoS

patterns to detect unusual behavior that attack. Additionally, organizations can

tiple interconnected online devices,

and prevention systems (IDPS) to ide1

ts botnets, that are used to attack b bogus traffic.Unlike other types of tttacks do not attempt to breach your

traffic. It is important to be able to prec attacks, as they can significantly disru and lead to financial loss. DDoS attack

it aims to preveot J egjtiroa te users

smokescreen to mask other m alicious

ebsite'1Hftf·mf ers. DDoS can als<r1J:te!by, wmeft0ror system intrusion. A Distribut

,r various malicious sports, shutting (DDoS) attack is a maliciou s attempt

I- _ ! – – – – — _'I _ _ – I _ .L.!_ _ –

…_ — -_ .._ ,_

_ ____ …;_ _ -+ ….. ….._ __ …_ ,-1 …,..,_1,… ,.. ;

_ '"' _ _ .,.. .,_ _

RELATED WORK

system depending on the attack types ,

learning algorithms to predict DDoS neural network to recognize regular

intrusions and false alarms, the imbala

using an aggregate data generation modi

1s. The network can then be used to

Synthetic Minority Oversan1pling Tech

: patterns that could indicate a DDoS Lvailable to train the network, the better gnize patterns and detect anomalies.

generation is done for small classes

increased to average data size throug experimental results have demonstrat

to use deep learning algorithms to

method significantly increases the d

network devices and servers. This data 1odel that can recognize traffic patterns

)DoS attacks. By analyzing log data in

intrusions. Experimental results show th

have very good accuracy compared Using the sampled data set resulted

ng algorithms can help detect DDoS

model's mean accuracy from 4.01% to 3

vent them from causing significant

e learning is applied to malware and media platforms: Intrusion detection temy defenses have been significantly attacks from network traffic and is , h they have also been shown to be network security . Today, existing

r attacks. We also conclude that, unlike anomaly detection are often based O

:aset diversity in intrusion scenarios is learning models, such as KNN, SV d very outdated data set. In this article methods can achieve out-of-the-box fun

works applying machine learning'

relatively low accuracy and rely hea,

ict malware detection and intrusion feature design. has become obsolete in ered various fundamental concepts that solve the low accuracy and feature en 1ding the basics of your opponent's intrusion detection, the BAT traffic an< ell as your opponent's offensive and is proposed. Experimental results on 1

e then explored the application of these sibow that the BAT-MC model acb

Pul!Jl.- by, WWWJJert.ora

>n detection and malware detection Compared with several standard classifi uded v&ab, 1 versarial attacks "",,..,. 5i.ow thzrt the t c5 ait5 of BAT 1'41C mod rmance of malware and intrusion compared with other current methods b v fo11ow iliffP-rent :nc.hi tec:tn re or re Therefore, we believe that the proposec

t\ and UTTAMA detection methods

1. step 4) Training the Naive Bayes al

   search papers. In this paper, we have

   has been preprocessed, the next ste

   distance function to perform feature

   Bayes algorithm using the training <

   n feature transformation. Hence, the

   ;tion is done through feature 1ated detection systems designed to

   ,ound traffic patterns typically employ

   :arning techniques. However, regardless

2. Testing the Naive Bayes algorith Naive Bayes algorithm is tested containing both normal and attack predicts whether each packet is nor on its features.

   eveloped to identify anomalous traffic,

3. Evaluating the performan ce: The fi

!quire a comparison of abnormal and

the performance of the Naive Bay,

The distance function proposed in this

involve calculating metrics such a

,y considering the basic Gaussian After performing dimensionality

recall, and Fl score.

1posed feature extraction technique, we

2. K-Nearest Neighbor (KNN) Algoritl

:ation algorithms to evaluate the

:sifiers on the transformed dataset.

Here are the steps to use KNN for D

and classification:

METHODOLOGY

1. Data Preprocessing: The first ste1

   [I data by cleaning, normalizing , and

   suitable format for the algorithm.

2. Feature Selection: The next step i5

   : for the DDoS attack classification and

   features from the dataset. These f

   1e existing dataset that used machine

   ones that are most relevant to the cl

   lS framework involves the following

3. Splitting the Data: Split the data in

test set. The training set will be u

1volves the selection of dataset for

algorithm, while the test set will b

performance of the algorithm.

tools and A

involves the selection of

Published by, w

jjer uru<:iJ.u..O.

OSi ng

K: Choose the va1ue Of y;

Volume 11, Issue 01

.l

of nearest neighbors to consider

olves data pre-processing techniques to nrnrPss Tps v;::i lnP shonlil hf'. rhnsf

Nai've Bayes is a simple and fast alg

Data

well with high-dimensional data.

Preprocessing

Feature Selection

performance of KNN and Naive Bayes

Splitting data for

Model Building . training and testing

attack classification and prediction,

dataset of labeled instances of DDoS should include features such as destination IP address, protocol, port packet rate, etc. The dataset should indicating whether each instance is a

Once we have a dataset, we can spb testing sets, and then train KNN and N;

Output

on the training set. We can then evalua

Trained Model ( DDoS

attack/Not)

the algorithms on the testing set by ca

as accuracy, precision, recall, Fl-scor

stem architecture

the classification and prediction usi

J

Train Set

Data Splitting

Bayes algorithms will depend on the and the choice of hyper parameters f01 possible that one algorithm may per other for certain types of DDoS at features of the input instances. Theref try multiple algorithms and compare the same dataset

VI. CONCLUSION

A complete systematic approach

Volum 1 , 'framodel

Test Set

I 'Pu Ii 1ed by, wwwijDJJoS attack we got Improved Net

KerneI Scale, Cross . .

Validation Response Time, Enhanced Risk M,

I T.t. 1 I

we selected the 1JNSW-np 5 data

iemir, and 0. K. Sahingoz, "Increaing f machine learning-based IDSs on an to-date dataset," IEEE Access, vol. 8, 020.

Zhu, S. Wang, and Y. Li, ccBAT: Deep

)n network intrusion detection using

' ' IEEE Access, vol. 8, pp. 29575-

U. Boregowda, K. Khatatneh, R. vvusetty, and V. S. Kiran, "Similarity 1sformation for network anomaly

;cess, vol. 8, pp. 39184-39196, 2020.

auters, B. Volckaert, and F. De Turck,

.rdness for supervised learners on 20 letection data," IEEE Access, vol. 7,

, 2019.

an, C. Hu, Z. Niu, and Z. Liu, ''An machine learning model for intrusion ccess, vol. 7, pp. 82512-82521, 2019. teng, B. Wu, Y. Yang, and X. Wang, n detection based on supervised 1al auto-encoder with regularization, ''

, pp. 42169-42184, 2020.

Y. Yan, and J. Wan g, " An intrusion

th hitn18FOhi@a)I attention mechanigmst? by, wwwijert.org

, pp. 67542-67554, 2020. '

m rl ,r <;;:1, lrh"u nrl T l<'"'" "T"u , rrl