Performance Evaluation of Machine Learning Algorithms for Detection of SYN Flood Attack: The case of ethio telecom
No Thumbnail Available
Date
2020-02-28
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Addis Ababa University
Abstract
Telecom service providers operate and control complex network infrastructure
used for data transmission. However, security issues have been among the most
serious problems for service providers in general and ethio telecom in particularly.
One of the main security problems that become the hardest and most serious
threat is called Distributed Denial of Service (DDoS) attacks specifically Synchronize
(SYN) flood attack. Nowadays, different researchers to detect and prevent
SYN flood attack recommended several statistical detection methods. However,
due to the dynamic behavior of attack has been challenged to detect using existing
detection approaches.
This research focused on the performance evaluation classification machine learning
(ML) algorithms for detection SYN flood attack. The classification models
trained and tested with packet captured (PCAP) dataset has been used and gathered
from ethio telecom network by generated and captured using Hping3
and
Wireshark tools respectively. This dataset has been further preprocessed and evaluated
using four classification ML algorithms and three training approaches. The
implementation has been performed using WEKA (Waikato Environment for Knowledge
Analysis) data mining tool.
The experimental results show J48 algorithm performs with 98.57% of accuracy
and AdaBoost, Naïve Bayes and ANN algorithms with 98.52%, 95.31% and 94.85%
of accuracy respectively. The first reason was that the J48 algorithm is more efficient
than the other algorithms; it has been used as a pruning technique in order
to reduce the complexity of the final classifier and to prevent over fitting the data.
The second reason was the ability to learn mechanisms. Therefore, based on the
performance evaluation result model with J48 algorithm has been recommended
for SYN attack detection.
Description
Keywords
Adaptive Booster, ANN, Distributed denial of service attack, Denial of service attack, Hping3, J48, Naive Bayes, SYN flood attack, WEKA, Wireshark