Topluluk Yöntemlerine Dayalı Da˘gıtık Hizmet Dı¸sı Bırakma Saldırılarının Algılanması

Da˘gıtık hizmet dı¸sı bırakma eski bir siber saldırı yöntemi olmasına ra˘gmen günümüzde saldırganlar tarafından hala kullanılmaktadır. Saldırganlar, internet üzerinde yer alan protokollerin mevcut zafiyetleri kullanılarak çe¸sitli katmanlarda bu tip saldırılar gerçekle¸stirmektedirler. Günümüzde makine ö˘grenmesi yöntemleri geli¸sen teknoloji ile beraber yüksek boyutlu veri kümelerine uygulanabilir olmaktadır. Siber saldırıların algılanması için kullanılacak olan veri kümeleri yüksek sayıda satırlar içeren log dosyalarıdır. Bu çalı¸smada da˘gıtık hizmet dı¸sı bırakma saldırılarında elde edilmi¸s olan logların analiz edilerek tahmin modeli ortaya çıkarılması hedeflenmi¸stir. Topluluk yöntemleri kullanılarak, siber güvenlik veri kümeleri e˘gitilebilir duruma getirilmektedir. Farklı parametreler kullanılarak model performans ölçümü uygulanmı¸stır. Bu ¸sekilde en yüksek do˘grulu˘ga sahip model olu¸sturulması hedeflenmi¸stir. Ortaya konulan modelin sınıflandırma performans ölçüsü tablo ve ¸sekillerle payla¸sılmı¸stır.

Detection of Distributed Denial of Service Attacks Based on Ensemble Methods

Distributed denial-of-service is still used by attackers today, although it is an old method of cyber attack. Attackers are performing such attacks on various layers using the existing weaknesses of the protocols on the internet. Today, machine learning methods can be applied to high-dimensional data sets together with developing technology. The data sets to be used for the detection of cyber attacks are log files with a high number of rows. In this study, it is aimed to analyze the logs obtained in distributed denial-of-service attacks to build the prediction model. Cyber security data sets are brought into a trainable state using ensemble methods. Model performance measurement was applied using different parameters. It is aimed to create a model with the highest degree of accuracy in this way. The classification performance of the proposed model is shared with tables and figures.

___

[1] Zargar,S. T., Joshi, J., Tipper, D. 2013. A Survey of Defense Mechanisms Against Distributed Denial of Service (DDoS) Flooding Attacks. IEEE Communications Surveys Tutorials, 15(4), 2046-2069.
[2] Bhatia, S. 2016. Ensemble-based model for DDoS at- tack detection and flash event separation. Future Technologies Conference (FTC), 2016, 958-967
[3] Kshirsagar, D., Sawant, S., Rathod, A., Wathor, S. 2016. CPU Load Analysis &; Minimization for TCP SYN Flood Detection. Procedia Computer Science, 85(2016), 626-633.
[4] Katkar,V. D., Kulkarni, S. V. 2013. Experiments on detection of Denial of Service attacks using ensemble of classifiers. International Conference on Green Computing, Communication and Conservation of Energy (ICGCE), 2013, 837-842
[5] Osanaiye, O., Cai, H., Choo, K.R., Dehghantanha, A., Xu, Z., Dlodlo, M. 2016. Ensemble-based multifilter feature selection method for DDoS detection in cloud computing. EURASIP Journal on Wireless Communications and Networking 1(2016), 130-140.
[6] Livadas, C.,Walsh, R., Lapsley, D., Strayer,W. T.2006, Usilng Machine Learning Technliques to Identify Botnet Traffic. International Conference on Local Computer Networks, 1-16 Kasım,967-974.
[7] Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani, A., Garant, D. 2013. Botnet detection based on traffic behavior analysis and flow intervals. Computers & Security, 39(A), 2-16.
[8] Saad, S., Traore, I., Ghorbani, A., Sayed B., Zhao, D., Lu, W., Felix, J., Hakimian, P. 2011, Detecting P2P botnets through network behavior analysis and machine learning. International Conference on Privacy, Security and Trust, 19-21 Temmuz, Montreal, 174- 180.
[9] Lu, W. , Rammidi, G., Ghorbani, A. A. 2011. Clustering botnet communication traffic based on n-gram feature selection. Computer Communications, 34(3), 502-514.
[10] Masud, M. M., Al-khateeb, T., Khan, L. , Thuraisingham, B., Hamlen, K. W. 2008, Flow-based identification of botnet traffic by mining multiple log files. International Conference on Distributed Framework and Applications, 21-28 Ekim, Penang, 200-206.
[11] Friedman, J. H. 2001. Greedy function approximation: a gradient boosting machine. Annals of statistics, 2001, 1189-1232.
[12] Wang, H., He, X., Chang, M.-W., Song, Y., White, R. W., Chu, W. 2013, Personalized Ranking Model Adaptation for Web Search. International ACM SIGIR Conference on Research and Development, New York, 323-332.
[13] Brillante, L., Gaiotti, F., Lovat, L., Vincenzi, S., Giacosa, S., Torchio, F., Segade, S. R., Rolle, L., Tomasi,D. 2015. Investigating the use of gradient boosting machine, random forest and their ensemble to predict skin flavonoid content from berry physical– mechanical characteristics in wine grapes. Computers and Electronics in Agriculture, 117, 186-193.
[14] Moustafa, N., Slay, J., 2016. The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective, 25, 1-3.
[15] https://www.ixiacom.com/products/perfectstorm. 2017 PerfectStorm. (Eri¸sim Tarihi: 01.06.2017)
[16] qosient.com. 2017 Argus-3.0.8.2. (Eri¸sim Tarihi: 01.06.2017)
[17] tcpdump.org. 2015. tcpdump and libpcap latest release. (Eri¸sim Tarihi: 15.04.2017).