VMFCVD: An Optimized Framework to Combat Volumetric DDoS Attacks using Machine Learning

• Published in: Arabian journal for science and engineering Vol. 47; no. 8; pp. 9965 - 9983
• Main Authors: Prasad, Arvind, Chandra, Shalini
• Format: Journal Article
• Language: English
• Published: Berlin/Heidelberg Springer Berlin Heidelberg 01.08.2022; Springer Nature B.V
• Subjects: Accuracy; Communications traffic; Computer Engineering and Computer Science; Datasets; Denial of service attacks; Downtime; Engineering; Humanities and Social Sciences; Machine learning; multidisciplinary; Research Article-Computer Engineering and Computer Science; Science; Servers; User experience; Volumetric DDoS; Internet of Things; Cyber security; Feature engineering; Botnet attack; Machine learning
• ISSN: 2193-567X; 1319-8025; 2191-4281; 2191-4281
• DOI: 10.1007/s13369-021-06484-9

Despite significant development in distributed denial of service (DDoS) defense systems, the downtime caused by DDoS damages reputation, crushes end-user experience, and leads to considerable revenue loss. Volumetric DDoS attacks are the most common form of DDoS attack and are carried out by an army of infected IoT devices or by reflector servers, which increase attacks at massive scales. In this work, we propose a voting-based multimode framework to combat volumetric DDoS (VMFCVD) attacks. VMFCVD is based on a triad of fast detection mode (FDM), defensive fast detection mode (DFDM), and high accuracy mode (HAM) methods. FDM is designed to classify network traffic when the server is under attack. The highly dimensionally reduced dataset helps FDM accelerate detection speed. During our experiment, the dimension reduction for FDM was more than 97% while maintaining an accuracy of 99.9% in most cases. DFDM is an extended version of FDM that enhances malicious network traffic detection accuracy by tightening the detection technique. HAM focuses on detection accuracy, showing substantial improvement over FDM and DFDM. HAM activates when the server is stable. VMFCVD is extensively experimented on the latest benchmark DDoS and botnet datasets, namely the CICIDS2017 (BoT & DDoS), CSE-CIC-IDS2018 (BoT & DDoS), CICDDoS2019 (DNS, LDAP, SSDP & SYN), DoHBrw2020, NBaIoT2018 (Mirai), UNSW2018 BoTIoT, and UNSW NB15 datasets. The VMFCVD results show that it outperforms recent studies. VMFCVD performs exceptionally well when the server is under DDoS attack.