Professional Documents
Culture Documents
Ajresd Template Cnaiadd24
Ajresd Template Cnaiadd24
I. Introduction
In today's digitally interconnected world, the internet serves as the backbone of countless services and systems,
facilitating communication, commerce, and collaboration on an unprecedented scale. However, this very
interconnectedness also exposes these systems to a myriad of threats, with Denial of Service (DoS) attacks standing
out as one of the most prevalent and disruptive forms of cyber assault.
Denial of Service attacks, characterized by their intent to overwhelm targeted systems or networks with a flood of
traffic, can incapacitate essential services, disrupt operations, and inflict severe financial losses. Traditional
methods of mitigating such attacks often fall short in the face of evolving tactics employed by attackers,
necessitating innovative approaches to swiftly detect and counter these threats.
Enter machine learning and deep learning techniques. Leveraging the power of artificial intelligence, these
methodologies offer a promising avenue for enhancing the detection and mitigation of DoS attacks. By harnessing
vast datasets and sophisticated algorithms, machine learning and deep learning models can discern patterns,
anomalies, and subtle indicators of malicious activity amidst the deluge of network traffic.
In this article, we delve into the realm of cybersecurity, exploring how machine learning techniques are
revolutionizing the detection of Denial of Service attacks.
II. Background
In the following section, key terms central to the detection of Denial of Service attacks using artificial
intelligence techniques will be succinctly defined.
1
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
Denial of service (DoS) attack is one of the most popular and easiest forms attacks on the Internet. This type of
attacks does not snoops to the systems or try to obtain some data but it is aim to stop some services in the systems
[1].
Machine Learning is a subset of artificial intelligence that enables systems to learn from data and improve
performance on a specific task without being explicitly programmed [2]. In the context of DoS attack detection,
machine learning algorithms can analyze network traffic patterns to identify anomalies indicative of an ongoing
attack.
Deep Learning is a subset of machine learning that employs artificial neural networks with multiple layers to
extract intricate patterns and features from large datasets [3]. Deep learning techniques, such as convolutional
neural networks (CNNs) and recurrent neural networks (RNNs), are increasingly utilized in cybersecurity for their
ability to detect complex patterns and anomalies in network traffic data.
Anomaly Detection refers to the identification of patterns or data points that deviate significantly from normal
behavior within a dataset [4]. In the context of DoS attack detection, anomaly detection techniques are employed
to identify unusual patterns or activities in network traffic that may indicate a potential attack.
2
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
IV. Methodology
In this section, we detail the methodology employed to prepare and train the dataset for detecting Denial of
Service (DoS) attacks using artificial intelligence techniques. A robust and well-curated dataset is crucial for
training accurate and reliable machine learning models capable of identifying malicious network activity amidst
legitimate traffic. We describe the steps involved in collecting, preprocessing, labeling, and augmenting the dataset
to enhance its effectiveness in training DoS detection algorithms. The next figure explain more our aim from this
research:
The user will send an http request, this request contain several features we will extract 28 feature compatible with
our dataset, then we will pass it to our trained model in order to classify which type of request it belongs to.
Our dataset called "DDoS SDN dataset", it contains 104345 rows and 23 columns. There is a one target variable
called label: contains only 1(malicious) and 0(benign). Our task is to classify whether the traffic is normal or not
using Machine Learning algorithms. The following figure show the percentage of Begin and Malicious Request in
our dataset.
3
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
Our dataset contains several features such as source and destination ip address, packets count, byte count, duration,
protocol…etc. The next figures will show some features and their number of requests and the number of malicious
request from each feature.
4
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
Data cleaning and preprocessing are essential steps in preparing the raw dataset for training machine learning
models for Denial of Service (DoS) attack detection. This phase involves several key tasks aimed at enhancing the
quality and usability of the data:[15] [16]
In our case we have drop all the null values in our dataset especially the data exists in the columns rx_kbps and
tot_kbps, then we droped the column of source and destination address because they don’t have any impact, after
that we have categorized the column of request protocol.
By meticulously cleaning and preprocessing the dataset, we ensure that it is free from inconsistencies, biases, and
noise, laying the foundation for robust and accurate DoS attack detection models. The resulting clean and
standardized dataset is then ready for further analysis and model training.
In this section, we describe the process of training machine learning models for Denial of Service (DoS) attack
detection using the preprocessed dataset. We split the dataset into training (70%) and testing sets (30%) and train
multiple classification models, including Logistic Regression, Support Vector Machine (SVM), k-Nearest
Neighbors (KNN), Decision Tree, and Random Forest. Each model's performance is evaluated using appropriate
metrics to assess its effectiveness in detecting DoS attacks.
After training each model, we evaluate its performance on the validation set using appropriate evaluation metrics
such as accuracy, precision, recall, and F1-score. These metrics provide insights into each model's ability to
correctly classify instances of normal and malicious network traffic. The evaluation results with all algorithms and
metrics are summarized in the following table:
Macro AVG
Logistic Regression 0.51 0.10 0.13 0.26 0.75 0.76 0.75 0.77
Support Vector Machine 0.59 0.02 0.01 0.38 0.97 0.96 0.97 0.97
K Nearets Neighbor 0.60 0.01 0.01 0.38 0.98 0.98 0.98 0.98
5
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
In the results provided, we have the performance metrics for five different classification models: Logistic
Regression (LR), Support Vector Machine (SVM), Random Forest (RF), Decision Tree (DT), and k-Nearest
Neighbors (KNN). Each model's performance is evaluated using various metrics such as True Positive Rate (TP),
False Positive Rate (FP), False Negative Rate (FN), True Negative Rate (TN), Precision, Recall, F1-Score, and
Accuracy.
Logistic Regression achieves moderate performance with a precision of 0.75, indicating that 75% of the instances
predicted as positive are indeed positive. The recall score of 0.76 suggests that 76% of the actual positive instances
are correctly identified. The F1-Score, which is the harmonic mean of precision and recall, is also 0.75. The model's
accuracy is 0.77, indicating that it correctly classifies 77% of all instances.
SVM achieves high performance with precision, recall, and F1-Score of 0.97, indicating that it performs
exceptionally well in distinguishing between positive and negative instances. The high accuracy score of 0.97
demonstrates the model's overall effectiveness in correctly classifying instances.
Random Forest demonstrates outstanding performance, achieving perfect precision, recall, F1-Score, and accuracy
scores of 1. This indicates that the model makes no false positive or false negative predictions and correctly
classifies all instances in the dataset.
Decision Tree performs similarly to SVM with high precision, recall, F1-Score, and accuracy scores of 0.97,
indicating its effectiveness in classifying instances.
KNN achieves excellent performance with precision, recall, F1-Score, and accuracy scores of 0.98, indicating its
robustness in classifying instances accurately.
- SVM, Random Forest, Decision Tree, and KNN outperform Logistic Regression in terms of precision, recall,
F1-Score, and accuracy.
- Random Forest stands out as the best-performing model, achieving perfect scores across all metrics.
- SVM, Decision Tree, and KNN also demonstrate high performance with scores close to or equal to 1 for
precision, recall, F1-Score, and accuracy.
- These results suggest that ensemble methods like Random Forest and robust classifiers like SVM, Decision
Tree, and KNN are well-suited for DoS attack detection tasks, offering high accuracy and reliability in
identifying malicious network traffic.
III. Conclusion
In conclusion, our study explores the efficacy of various machine learning models in detecting Denial of Service
6
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
(DoS) attacks based on network traffic data. Through rigorous experimentation and analysis, we have
demonstrated that ensemble methods such as Random Forest, as well as robust classifiers like Support Vector
Machine (SVM), Decision Tree, and k-Nearest Neighbors (KNN), exhibit exceptional performance in accurately
classifying instances of normal and malicious network activity. These models achieve high precision, recall, F1-
Score, and accuracy, with Random Forest notably achieving perfect scores across all metrics. Our findings
underscore the importance of leveraging advanced machine learning techniques for enhancing the resilience of
network infrastructures against DoS attacks, thereby safeguarding critical digital assets and infrastructure from
disruptive cyber threats.
Acknowledgements
We would like to express our sincere gratitude to my teachers Dr. GHAZLI Abdelkader and Dr. Bouida Ahmed
for their invaluable support, guidance, and contributions to this research endeavor. Their expertise, feedback, and
assistance have been instrumental in shaping the direction and outcomes of this study. We also acknowledge the
collective efforts of our colleagues and peers who have offered insights, encouragement, and constructive criticism
throughout the course of this research. Finally, we extend our heartfelt appreciation to our families and loved ones
for their unwavering support and understanding during the completion of this work.
References
[1] C. Easttom, Computer security fundamentals, Fourth edition. Indianapolis, Indiana: Pearson Education,
Inc., 2020.
[2] A. Géron, Hands-on machine learning with Scikit-Learn, Keras, and TensorFlow: concepts, tools, and
techniques to build intelligent systems, Second edition. Beijing [China] ; Sebastopol, CA: O’Reilly Media,
Inc, 2019.
[3] I. Goodfellow, Y. Bengio, et A. Courville, Deep learning. in Adaptive computation and machine learning.
Cambridge, Massachusetts: The MIT Press, 2016.
[4] V. Chandola, A. Banerjee, et V. Kumar, « Anomaly detection: A survey », ACM Comput. Surv., vol. 41, no
3, p. 1‑58, juill. 2009, doi: 10.1145/1541880.1541882.
[5] M. M. Rasheed, A. K. Faieq, et A. A. Hashim, « Development of a new system to detect denial of service
attack using machine learning classification », Indones. J. Electr. Eng. Comput. Sci., vol. 23, no 2, p. 1068,
août 2021, doi: 10.11591/ijeecs.v23.i2.pp1068-1072.
[6] S. Sambangi et L. Gondi, « A Machine Learning Approach for DDoS (Distributed Denial of Service)
Attack Detection Using Multiple Linear Regression », in The 14th International Conference on
Interdisciplinarity in Engineering—INTER-ENG 2020, MDPI, déc. 2020, p. 51. doi:
10.3390/proceedings2020063051.
[7] E. S. Alghoson et O. Abbass, « Detecting Distributed Denial of Service Attacks using Machine Learning
Models », Int. J. Adv. Comput. Sci. Appl., vol. 12, no 12, 2021, doi: 10.14569/IJACSA.2021.0121277.
[8] M. I. Kareem et M. N. Jasim, « Fast and accurate classifying model for denial-of-service attacks by using
machine learning », Bull. Electr. Eng. Inform., vol. 11, no 3, p. 1742‑1751, juin 2022, doi:
10.11591/eei.v11i3.3688.
[9] S. A. M. Al-Juboori, F. Hazzaa, Z. S. Jabbar, S. Salih, et H. M. Gheni, « Man-in-the-middle and denial of
service attacks detection using machine learning algorithms », Bull. Electr. Eng. Inform., vol. 12, no 1, p.
418‑426, févr. 2023, doi: 10.11591/eei.v12i1.4555.
[10] G. Rajakumaran, N. Venkataraman, et R. R. Mukkamala, « Denial of Service Attack Prediction Using
Gradient Descent Algorithm », SN Comput. Sci., vol. 1, no 1, p. 45, janv. 2020, doi: 10.1007/s42979-019-
0043-7.
[11] K. Kumari et M. Mrunalini, « Detecting Denial of Service attacks using machine learning algorithms », J.
Big Data, vol. 9, no 1, p. 56, déc. 2022, doi: 10.1186/s40537-022-00616-0.
[12] F. Rustam, M. Mushtaq, A. Hamza, M. Farooq, A. Jurcut, et I. Ashraf, « Denial of Service Attack
Classification Using Machine Learning with Multi-Features », Electronics, vol. 11, no 22, p. 3817, nov.
2022, doi: 10.3390/electronics11223817.
[13] M. Aljanabi, R. Altaie, S. Talib, A. Hussien Ali, M. A. Mohammed, et T. Sutikno, « Distributed denial of
service attack defense system-based auto machine learning algorithm », Bull. Electr. Eng. Inform., vol. 12,
no 1, p. 544‑551, févr. 2023, doi: 10.11591/eei.v12i1.4537.
7
Algerian Journal of Renewable Energy and Sustainable Development x(x) 2020: xxx-xxx, doi: 10.46657/ajresd.2020.x.x.x
[14] Department of CSE, Acharya Nagarjuna University, Guntur, AP, India, K. B. Dasari, et N. Devarakonda,
« Detection of DDoS Attacks Using Machine Learning Classification Algorithms », Int. J. Comput. Netw.
Inf. Secur., vol. 14, no 6, p. 89‑97, déc. 2022, doi: 10.5815/ijcnis.2022.06.07.
[15] A. Zheng et A. Casari, Feature engineering for machine learning: principles and techniques for data
scientists. Beijing Boston Farnham Sebastopol Tokyo: O’Reilly, 2018.
[16] F. Provost et T. Fawcett, Data science for business: what you need to know about data mining and data-
analytic thinking, 1. ed., 2. release. Beijing Köln: O’Reilly, 2013.