Performance Evaluation of Machine Learning Algorithms for Detection of SYN Flood Attack: The case of ethio telecom

No Thumbnail Available



Journal Title

Journal ISSN

Volume Title


Addis Ababa University


Telecom service providers operate and control complex network infrastructure used for data transmission. However, security issues have been among the most serious problems for service providers in general and ethio telecom in particularly. One of the main security problems that become the hardest and most serious threat is called Distributed Denial of Service (DDoS) attacks specifically Synchronize (SYN) flood attack. Nowadays, different researchers to detect and prevent SYN flood attack recommended several statistical detection methods. However, due to the dynamic behavior of attack has been challenged to detect using existing detection approaches. This research focused on the performance evaluation classification machine learning (ML) algorithms for detection SYN flood attack. The classification models trained and tested with packet captured (PCAP) dataset has been used and gathered from ethio telecom network by generated and captured using Hping3 and Wireshark tools respectively. This dataset has been further preprocessed and evaluated using four classification ML algorithms and three training approaches. The implementation has been performed using WEKA (Waikato Environment for Knowledge Analysis) data mining tool. The experimental results show J48 algorithm performs with 98.57% of accuracy and AdaBoost, Naïve Bayes and ANN algorithms with 98.52%, 95.31% and 94.85% of accuracy respectively. The first reason was that the J48 algorithm is more efficient than the other algorithms; it has been used as a pruning technique in order to reduce the complexity of the final classifier and to prevent over fitting the data. The second reason was the ability to learn mechanisms. Therefore, based on the performance evaluation result model with J48 algorithm has been recommended for SYN attack detection.



Adaptive Booster, ANN, Distributed denial of service attack, Denial of service attack, Hping3, J48, Naive Bayes, SYN flood attack, WEKA, Wireshark