Topluluk Yöntemlerine Dayalı Da˘gıtık Hizmet Dı¸sı Bırakma Saldırılarının Algılanması
Da˘gıtık hizmet dı¸sı bırakma eski bir siber saldırı yöntemi olmasına ra˘gmen günümüzde saldırganlar tarafından hala kullanılmaktadır. Saldırganlar, internet üzerinde yer alan protokollerin mevcut zafiyetleri kullanılarak çe¸sitli katmanlarda bu tip saldırılar gerçekle¸stirmektedirler. Günümüzde makine ö˘grenmesi yöntemleri geli¸sen teknoloji ile beraber yüksek boyutlu veri kümelerine uygulanabilir olmaktadır. Siber saldırıların algılanması için kullanılacak olan veri kümeleri yüksek sayıda satırlar içeren log dosyalarıdır. Bu çalı¸smada da˘gıtık hizmet dı¸sı bırakma saldırılarında elde edilmi¸s olan logların analiz edilerek tahmin modeli ortaya çıkarılması hedeflenmi¸stir. Topluluk yöntemleri kullanılarak, siber güvenlik veri kümeleri e˘gitilebilir duruma getirilmektedir. Farklı parametreler kullanılarak model performans ölçümü uygulanmı¸stır. Bu ¸sekilde en yüksek do˘grulu˘ga sahip model olu¸sturulması hedeflenmi¸stir. Ortaya konulan modelin sınıflandırma performans ölçüsü tablo ve ¸sekillerle payla¸sılmı¸stır.
Detection of Distributed Denial of Service Attacks Based on Ensemble Methods
Distributed denial-of-service is still used by attackers today, although it is an old method of cyber attack. Attackers are performing such attacks on various layers using the existing weaknesses of the protocols on the internet. Today, machine learning methods can be applied to high-dimensional data sets together with developing technology. The data sets to be used for the detection of cyber attacks are log files with a high number of rows. In this study, it is aimed to analyze the logs obtained in distributed denial-of-service attacks to build the prediction model. Cyber security data sets are brought into a trainable state using ensemble methods. Model performance measurement was applied using different parameters. It is aimed to create a model with the highest degree of accuracy in this way. The classification performance of the proposed model is shared with tables and figures.
___
- [1] Zargar,S. T., Joshi, J., Tipper, D. 2013. A Survey of
Defense Mechanisms Against Distributed Denial of
Service (DDoS) Flooding Attacks. IEEE Communications
Surveys Tutorials, 15(4), 2046-2069.
- [2] Bhatia, S. 2016. Ensemble-based model for DDoS at- tack detection and flash event separation. Future Technologies
Conference (FTC), 2016, 958-967
- [3] Kshirsagar, D., Sawant, S., Rathod, A., Wathor, S.
2016. CPU Load Analysis &; Minimization for TCP
SYN Flood Detection. Procedia Computer Science,
85(2016), 626-633.
- [4] Katkar,V. D., Kulkarni, S. V. 2013. Experiments on
detection of Denial of Service attacks using ensemble
of classifiers. International Conference on Green Computing,
Communication and Conservation of Energy
(ICGCE), 2013, 837-842
- [5] Osanaiye, O., Cai, H., Choo, K.R., Dehghantanha,
A., Xu, Z., Dlodlo, M. 2016. Ensemble-based multifilter
feature selection method for DDoS detection
in cloud computing. EURASIP Journal on Wireless
Communications and Networking 1(2016), 130-140.
- [6] Livadas, C.,Walsh, R., Lapsley, D., Strayer,W. T.2006,
Usilng Machine Learning Technliques to Identify Botnet
Traffic. International Conference on Local Computer
Networks, 1-16 Kasım,967-974.
- [7] Zhao, D., Traore, I., Sayed, B., Lu, W., Saad, S., Ghorbani,
A., Garant, D. 2013. Botnet detection based on
traffic behavior analysis and flow intervals. Computers
& Security, 39(A), 2-16.
- [8] Saad, S., Traore, I., Ghorbani, A., Sayed B., Zhao,
D., Lu, W., Felix, J., Hakimian, P. 2011, Detecting
P2P botnets through network behavior analysis and
machine learning. International Conference on Privacy,
Security and Trust, 19-21 Temmuz, Montreal, 174-
180.
- [9] Lu, W. , Rammidi, G., Ghorbani, A. A. 2011. Clustering
botnet communication traffic based on n-gram
feature selection. Computer Communications, 34(3),
502-514.
- [10] Masud, M. M., Al-khateeb, T., Khan, L. , Thuraisingham,
B., Hamlen, K. W. 2008, Flow-based identification
of botnet traffic by mining multiple log files.
International Conference on Distributed Framework
and Applications, 21-28 Ekim, Penang, 200-206.
- [11] Friedman, J. H. 2001. Greedy function approximation:
a gradient boosting machine. Annals of statistics,
2001, 1189-1232.
- [12] Wang, H., He, X., Chang, M.-W., Song, Y., White,
R. W., Chu, W. 2013, Personalized Ranking Model
Adaptation for Web Search. International ACM SIGIR
Conference on Research and Development, New York,
323-332.
- [13] Brillante, L., Gaiotti, F., Lovat, L., Vincenzi, S.,
Giacosa, S., Torchio, F., Segade, S. R., Rolle, L.,
Tomasi,D. 2015. Investigating the use of gradient
boosting machine, random forest and their ensemble
to predict skin flavonoid content from berry physical–
mechanical characteristics in wine grapes. Computers
and Electronics in Agriculture, 117, 186-193.
- [14] Moustafa, N., Slay, J., 2016. The evaluation of Network
Anomaly Detection Systems: Statistical analysis
of the UNSW-NB15 data set and the comparison with
the KDD99 data set. Information Security Journal: A
Global Perspective, 25, 1-3.
- [15] https://www.ixiacom.com/products/perfectstorm.
2017 PerfectStorm. (Eri¸sim Tarihi: 01.06.2017)
- [16] qosient.com. 2017 Argus-3.0.8.2. (Eri¸sim Tarihi:
01.06.2017)
- [17] tcpdump.org. 2015. tcpdump and libpcap latest release.
(Eri¸sim Tarihi: 15.04.2017).