DDoS Detection Model: Using

Machine Learning

• Programme: MCA (Sem 3)

• Presented by: Mudit Potdar (A045)
• Hemish Padhiyar (A039)
• Rahul Dubey (A069)
• Mentor: Swarnalata Bollavarapu

Computer Engineering Dept. MPSTME, Mumbai

12/15/2021 1
Campus
 Index
❑ The Presentation have following components
S.No Title Page No.

1 Introduction 3

2 Motivation for topic 4

3 Existing Solution 5

4 Literature Review 6

5 Problem Statement 7

6 Algorithms to be Implemented 8

7 Flowchart & Workflow of DDoS 9-10

8 Gantt Chart 11

8 Data Preprocessing 12

9 Feature Selection 13-14

10 Implemented Algorithms 15-18

11 Results 19-20

12 Conclusion 21

13 References 22
Computer Engineering Dept. MPSTME, Mumbai
12/15/2021 2
Campus
 Introduction
 DDoS Attack is a kind of attack which is used to take down the
servers of an organisation.

 In today’s hyperconnected world businesses relies on internet.

 This digital dependence has also made us vulnerable to malicious

actors seeking to disrupt online service and operations

3
 Motivation of Topic
 By studying the report of big security firm, we found DDoS attack is dangerous to e-commerce and government
websites.
 DDoS is dangerous because it is very easy to do and very difficult to save servers from it.
 Secondly, we chose this topic is because we wanted to make an open-source DDoS detection model which can be used,
viewed and modified by everyone.
 Attackers breach the 3 pillars of the security either directly or indirectly.

DDoS is a threat to availability in this pillar.

(https://www.bso.co/all-insights/e-commerce-ddos-attack-protection)

4
 Exsisting Solutions
 The 3 solutions exists in the market in current scenario.
 Traditional Solution: There was a rate limiting techniques to identify and mitigate
the malicious traffic
 Machine learning Solution: The machine is trained using various algorithms to
prevent the infrastructure from the attacker
 Cloud Based Solution: In this solution a Cloud Delivery Network (CDN) is used to
make the infrastructure secure example is Cloudflare.

5
 Literature Review
❑ :-

6
 Problem Statement
 To create a DDoS attack prevention model with low false positivity
rate.
 False positive: It occur when a security system or intrusion detection
system incorrectly flags legitimate actions or traffic as potential
threats or attacks.
 This can lead to unnecessary alarms and wasted resources
investigating non-existent security incidents.

7
 Algorithms to be Implemented
The dataset we are using is provided by Kaggle, it is known as
dataset_sdn.csv and there are 104345 rows and 23 columns.
 Right now, we are studying algorithms like Random Forest, Decision
tree, Support Vector Machine (SVM), Logistic Regression and
KNeighborClassifier to see which algorithm will give us maximum
accuracy.
 Once we find the accuracy in the data, then we will make the model.

8
❑ Flowchart of the DDoS
model

9
❑ Workflow Diagram of DDoS Detection

10
❑ :-

11
 Data Preprocessing
 Essential step in the Machine Learning.
 The process of transforming the raw data in the processed form.
 Standardization: Data is standardized using the
preprocessing.StandardScaler()
 Train-Test Split: pre-processed data is split into training and testing
sets.
 Functions used are train_test_split(), sklearn.model_selection module
is used.

12
 Feature Selection
 It is an important step in the development of DDoS detection model.
 Select the most relevant features from dataset, it helps in distinguishing between normal and malicious
traffic.
 Data cleaning is the most important process, any inconsistencies in the data is removed.
 This is the divided traffic in dataset (malicious and benign).

13
 Features Selection
 Data consists of 23 columns
 We dropped 3 columns from the dataset as they were not required.
 Important_Features are 'src','pktcount','dst','byteperflow','pktperflow’
 ,'pktrate','tot_kbps','rx_kbps’,
 'flows', 'bytecount', 'dt’,
 'Protocol', 'dur', 'tot_dur'.

14
 Implemented Algorithm: SVM
 Support Vector Machines (SVM) are powerful machine learning algorithms used for
classification and regression tasks.
 Model Initialization: Takes Pre-processed data as input and initializes the training
and testing sets
 Model Training: The SVM model is trained on the training set and evaluated on the
testing set using the accuracy_score() function.

15
 Algorithm 2: KNN
 A Simple yet effective machine learning algorithm used for both classification and
regression tasks.
 Model Initialization: takes the pre-processed data as input and initializes the training
and testing sets.
 Model Training and Evaluation: KNN model is trained on training set and
evaluated using accuracy_score()
Value of k= 12
Best value of neighbors n_neighbor = 3

16
 Algorithm 3: Decision Tree
 Machine learning algorithm which uses both classification and
regression.
 Model initialization: It takes pre-processed data as input and
initializes the training and testing set
 Model Training and Evaluation: Model is trained on the training data
and evaluation is done on testing data.
 Uses matplotlib.pyplot for data visualization.

17
 Algorithm 4: Logistic
Regression
A supervised machine learning algorithm used for classification tasks
Goal is to check the probability of the occurrence of an event
Model Initialization: Takes preprocessed data as input and initializes the testing
and training sets
Solver Selection: Different solvers are tested to find the highest accuracy from
them
Model Training and Evaluation: model is trained on training set and evaluated on
testing set.
Using function accuracy_score(), from the sklearn.metrics module.

18
 Results of Algorithm with Feature
Selection
❑ The results of the algorithm with feature selection are given below:

19
 Results without Feature Selection
❑ The results without feature selection are as below:
❑ Selecting a subset of relevant features from the larger set of features

20
 Conclusion
DDoS attacks are threat to the businesses and the government.
Cybercriminals and the hacktivists can use this attack to make the services unavailable for the
people.
DDoS detection with machine learning is a solution for mitigating the risk of DDoS.
From the 4 implemented algorithm we will choose the algorithm with highest accuracy
For the DDoS detection model Decision Tree algorithm must be implemented as
It is providing Higher accuracy with and without feature selection process.

21
 References
 [1] Ashutosh Nath Rimal, Dr. Raja Praveen: DDoS Attack Detection Using Machine Learning
https://www.researchgate.net/publication/344539931
 [2] Nikhil Tripathi, Babu Mehtre: DoS and DDoS Attacks: Impact, Analysis and Countermeasures
https://www.researchgate.net/publication/259941506_DoS_and_DDoS_Attacks_Impact_Analysis_and_Countermeasu
res

 [3] Claude Fachkha, Elias Bou-Harab, Mourad Debbabi: On the inference and prediction Of DDoS campaigns:
https://www.researchgate.net/publication/264547028_On_the_inference_and_prediction_of_DDoS_campaigns
 [4] Khalid A. Fakieh: An Overview of DDOS Attacks Detection and Prevention in the Cloud:
https://www.researchgate.net/publication/311482224_An_Overview_of_DDOS_Attacks_Detection_and_Prevention_in
_the_Cloud

 [5] Websites: Google scholar https://scholar.google.com/ last updated 11/9/2023

 IEEE https://www.ieee.org/ last updated december 2022
 Springer https://www.springer.com/in last updated in august 2023
 ResearchGate https://www.researchgate.net/ last updated January 2022

22
Thank you

23