SRM INSTITUTE OF SCIENCE AND

TECHNOLOGY
FACULTY OF ENGINEERING AND TECHNOLOGY
DEPARTMENT OF NETWORKING AND COMMUNICATIONS
18CSP108L - MAJOR PROJECT

Detection of application layer DDOS

attacks using machine learning

D.JASHWANTH (RA2011030010148)
A.SIVAKUMAR (RA2011030010153)

Under Supervision of
Dr. A.Prabhu Chakkaravarthy / Asst. Professor / Dept of NWC
 Table of contents
 Abstract
 Introduction
 Objectives
 Problem Statement
 Literature Review
 Existing Research
 Proposed Research
 UML Diagrams
 Conclusion
 ABSTRACT
 Online services are increasingly at risk from (DDoS) attacks and several techniques have been
developed to identify them.

 The importance of freely available DDoS attack tools in the escalation of these attacks, however, has
not been extensively addressed in previous research, which has mostly concentrated on identifying
attack patterns and kinds.

 We aims to fill this gap by investigating the impact of the easy availability of DDoS attack tools on
the frequency and severity of attacks.
INTRODUCTION
 One of the most pernicious and increasingly complex security dangers to computer networks is
distributed denial of service (DDoS) attacks.

 A DDoS attack is a malevolent effort to stop a specific website, computer, or network from
operating normally by saturating it with traffic from numerous sources.

 The primary goal of application-layer DDoS attacks is to disable a network by overwhelming it

with traffic, leading to system crashes or unavailability.

 Our aim is to analyze the impact of easy access to such tools on the frequency and severity of
DDoS attacks, and to explore potential solutions for detecting this threat.
OBJECTIVE
 The objective of this study is to investigate the influence of freely available distributed denial of service
(DDoS) attack tools on the frequency and severity of cyberattacks targeting online services.

 We aim to fill a research gap by assessing the impact of tool accessibility on the DDoS threat landscape.
Additionally, our objective is to propose a machine learning-based solution for DDoS attack detection that
employs feature selection techniques to enhance efficiency while maintaining high accuracy levels.

 We will evaluate the model's performance using relevant metrics and demonstrate the efficacy of deliberate
feature selection in improving its effectiveness.
PROBLEM STATEMENT:
 The increasing prevalence of distributed denial of service (DDoS) attacks poses a significant threat to online
services.

 While numerous studies have focused on identifying attack patterns, there is a notable gap in understanding
the role of freely available DDoS attack tools in exacerbating these threats.

 This research aims to address this gap by investigating the impact of such tools on the frequency and
severity of attacks.

 Furthermore, it seeks to develop an efficient machine learning-based solution for DDoS attack detection
through feature selection, contributing to enhanced cybersecurity measures.
LITERATURE SURVEY
o 1. A comprehensive study of DDoS attacks over IoT network and their countermeasures:

 analyzing and defending DDoS is a protruding field of research these days. The paper gives a
thorough knowledge of DDoS over IoT. In this, we have critically analysed the existing DDoS
variants, IoT Security issues, the execution of DDoS attempts, along with the exploitation of
IoT devices and creation of them in Botnets or zombies. Moreover, the paper will also cover
prevailing DDoS defense methodologies as well as their comparative analysis for ease of
understanding.
LITERATURE SURVEY
o 2. Smart defense against distributed Denial of service attack in IoT networks using supervised
learning classifiers:

 This paper presents a Machine Learning-based attack detection approach to identify the attack
traffic in Consumer IoT (CIoT). This approach operates on local IoT network-specific
attributes to empower low-cost machine learning classifiers to detect attack, at the local router.
The experimental outcomes unveiled that the proposed approach achieved the highest accuracy
of 0.99 which confirms that it is robust and reliable in IoT networks.
LITERATURE SURVEY
o 3. Application Layer DDoS Attack Detection Using Cuckoo Search Algorithm-Trained Radial Basis
Function:

 An neural network is trained by the optimal subset of features and the optimizer algorithm of
cuckoo search. Finally, we compare our proposed technique to the well-known k-nearest
neighbor (k-NN), Bootstrap Aggregation (Bagging), Support Vector Machine (SVM), Multi-
layer Perceptron) MLP, and (Recurrent Neural Network) RNN methods. Our technique
outperforms previous standard and well-known ML techniques as it has the lowest error rate
according to error metrics. Moreover, according to standard performance metrics, the results of
the experiments demonstrate that our proposed technique detects App-DDoS traffic more
accurately than previous techniques.
LITERATURE SURVEY
o 4. DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research
challenges:

 Software Defined Networking (SDN) is a new networking paradigm where forwarding

hardware is decoupled from control decisions. In SDNs, DoS/DDoS attacks could flood the
control plane, the data plane, or the communication channel. Attacking the control plane could
result in failure of the entire network, while attacking the data plane or the communication
channel results in packet drop and network unavailability.
LITERATURE SURVEY
o 5. An efficient metaheuristic algorithm based feature selection and recurrent neural network for DoS
attack detection in cloud computing environment:

 Detection of Denial of Service (DoS) attack is one of the most critical issues in cloud
computing. The attack detection framework is very complex due to the nonlinear thought of
interruption activities, unusual conduct of systems traffic, and many attributes in the issue
space. This paper proposes an efficient DoS attack detection system that uses the Oppositional
Crow Search Algorithm (OCSA), which integrates the Crow Search Algorithm (CSA) and
Opposition Based Learning (OBL) method to address such type of issues. The proposed system
consists of two stages viz. selection of features using OCSA and classification using Recurrent
Neural Network (RNN) classifier.
EXISTING SYSTEM
 In Literature they use supervised learning algorithms such as Support Vector Machine and C4.5 on
NSL_KDD Dataset for effective classification of DOS Attack.

 We use a sniffer for monitoring the network IP Packets and detecting malicious and normal packets from the
traffic.Another research they introduces a Machine Learning (ML) solution by combining the Radial Basis
Function (RBF) neural network with the cuckoo search algorithm to detect App-DDoS traffic.

 They begin by collecting training data and cleaning them, then applying data normalizing and finding an
optimal subset of features using the Genetic Algorithm (GA). Next, an RBF neural network is trained by the
optimal subset of features and the optimizer algorithm of cuckoo search.

 Finally, they compare their technique to the well-known k-nearest neighbor (k-NN), Bootstrap Aggregation
(Bagging), Support Vector Machine (SVM).
DISADVANTAGES OF EXISTING SYSTEM:
1. The existing work involves combining a Radial Basis Function (RBF) neural network with the cuckoo
search algorithm, which could introduce greater complexity and resource requirements compared to our
work.

2. The existing work focuses specifically on detecting App-DDoS traffic, which might limit its ability to
detect and classify a broader range of DDoS attacks.

3. The existing work utilizes supervised learning algorithms for DOS attack classification, which might not
be as effective in detecting specific DDoS tools or variations.

4. One of the existing work doesn't mention the use of a feature selection technique for enhancing system
speed and efficiency.
PROPOSED SYSTEM
 We proposes a machine learning (ML) solution to detect DDoS attacks. ML can be utilized to successfully
classify DDoS tools into a total of five different categories in which four of these classes pertain to DDoS
tool attacks, and the remaining class contains innocuous data.

 Specifically, we use Multi-layer perceptron (MLP) to identify the DDoS attacks. The solution aims to
identify and distinguish between traffic produced by four freely accessible tools and legitimate traffic.

 To further enhance the system’s speed and efficiency, a feature selection technique is implemented, resulting
in a substantial reduction in the feature subset.

 Moreover, we have been compared our proposed approach with other relevant studies.
Advantages of proposed system:
1. Our approach offers a more granular classification of DDoS attacks into five different categories, including
specific DDoS tools and innocuous data. This granularity allows for a more precise and targeted detection
approach compared to the existing works..

2. The MLP-based approach in the our work is inherently adaptable and capable of generalizing patterns from
data. This adaptability makes it well-suited for detecting emerging and evolving DDoS attack methods.

3. We employs a feature selection technique to enhance system speed and efficiency, optimizing the
computational resources required for detection without sacrificing accuracy.
REQUIREMENTS

SOFTWARE HARDWARE
Software : Anaconda 1)Operating System : Windows Only

2)Processor : i5 and above

Primary Language : Python
3)Ram : 8gb and above
Frontend Framework : Flask
4)Hard Disk : 25 GB in local drive
Back-endFramework:Jupyter NB

Database : Sqlite3

Front-EndTechnologies:

(HTML,CSS,JavaScript and Bootstrap4)

MODULES
 Data exploration: using this module we will load data into system

 Processing: Using the module we will read data for processing

 Splitting data into train & test: using this module data will be divided into train & test

 Model generation: Model building – MLP – sgd, MLP – lbfgs, MLP – adam, Stacking
Classifier - RF with gridcv + Decision Tree with LightGBM, Voting CLassifier - RF with
gridcv + Decision Tree. Algorithms accuracy calculated

 User signup & login: Using this module will get registration and login

 User input: Using this module will give input for prediction

 Prediction: final predicted displayed

METHODOLOGY

 MLP – sgd: (stochastic gradient descent) is an optimization algorithm which is commonly-used

to train machine learning models and neural networks. Training data helps these models learn over
time, and the cost function within gradient descent specifically acts as a barometer, gauging its
accuracy with each iteration of parameter updates.

 MLP – lbfgs: MLP (Multilayer Perceptron) with the L-BFGS (Limited-memory Broyden-
Fletcher-Goldfarb-Shanno) optimization algorithm refers to a type of artificial neural network
that utilizes L-BFGS as the optimization method during training. An MLP is a feedforward neural
network with multiple layers, and L-BFGS is an efficient numerical optimization algorithm used
to find the optimal model parameters by minimizing a specified loss function. This combination is
chosen for tasks where L-BFGS's advantages, such as faster convergence and suitability for certain
datasets, are beneficial in training the neural network model.
 MLP – adam:(adaptive moment estimation) MLP (Multilayer Perceptron) with the Adam optimization
algorithm refers to an artificial neural network architecture where the Adam optimizer is used during
training. MLPs are feedforward neural networks with multiple layers, while Adam is a widely used
optimization algorithm in machine learning that adapts the learning rates for each parameter during
training. This combination is chosen for its efficiency in optimizing the model's parameters, making it
suitable for various tasks, including deep learning, where the adaptive learning rates of Adam can help
accelerate convergence and enhance training performance.

 Stacking Classifier (RF with gridCV + DT with LightGBM): A stacking classifier is an ensemble method
where the output from multiple classifiers is passed as an input to a meta-classifier for the task of the final
classification. The stacking classifier approach can be a very efficient way to implement a multi-
classification problem.

 Voting Classifier (RF with gridCV + DT): A voting classifier is a machine learning estimator that trains
various base models or estimators and predicts on the basis of aggregating the findings of each base
estimator. The aggregating criteria can be combined decision of voting for each estimator output.
SYSTEM ARCHITECTURE
DATA FLOW DIAGRAM
CONCLUSION
 DDoS attack tools are of worry to the defense community for two reasons such as they are cheap or even
free and easy to find online, and hackers frequently employ them because they can be deployed with little in
the way of technological expertise.

 According to our work, ML can be utilized to successfully classify DDoS tools into a total of five different
categories; four of these classes pertain to DDoS tool attacks, and the remaining class contains innocuous
data.

 By establishing a fast and reliable technique for selecting the features, we were able to cut the total number
of options available in our model from 78 to 6. Our model has a high level of performance across the board,
such as accuracy, precision, recall, and F1 score when using Adam as the optimizer.

 Our model’s efficiency and our ability to understand the underlying data have both been boosted as a result
of these changes. As a whole, our results show that our model is reliable and accurate at predicting the target
variable; it has the potential to greatly enhance our capacity to detect and counteract DDoS attacks.
REFERENCES
 [1] B. B. Gupta, P. Chaudhary, X. Chang, and N. Nedjah, ‘‘Smart defense against distributed denial of
service attack in IoT networks using supervised learning classifiers,’’ Comput. Electr. Eng., vol. 98, Mar.
2022, Art. no. 107726.

 [2] H. Beitollahi and G. Deconinck, ‘‘An overlay protection layer against denial-of-service attacks,’’ in
Proc. IEEE Int. Symp. Parallel Distrib. Process., Apr. 2008, pp. 1–8.

 [3] O. Yoachimik, ‘‘DDoS attack trends for 2022 Q1,’’ Cloudflare, CA, USA, Tech. Rep., Apr. 2022.

 [4] T. Shorey, D. Subbaiah, A. Goyal, A. Sakxena, and A. K. Mishra, ‘‘Performance comparison and analysis
of Slowloris, GoldenEye and Xerxes DDoS attack tools,’’ in Proc. Int. Conf. Adv. Comput., Commun.
Informat. (ICACCI), Sep. 2018, pp. 318–322.

 [5] L. F. Eliyan and R. Di Pietro, ‘‘DoS and DDoS attacks in software defined networks: A survey of
existing solutions and research challenges,’’ Future Gener. Comput. Syst., vol. 122, pp. 149–171, Sep. 2021.