An Efficient ML technique to Descry the DDoS Attacks in Real-time Network Traffic and its Feature Analysis

Abstract

Abstract: In this modern Internet era with the advent of sophisticated technology, criminals can more often easily launch various kinds of cyber-attacks. Distributed Denial-of-service (DDoS) is one such attack that can easily bypass firewall and block the service provided by network resources and server machine. It creates a huge traffic from multiple systems to attack a particular server. This paper presents an efficient Machine Learning (ML) model construction process and its deployment to identify the DDoS attack related network traffic in real time. Fourteen different supervised ML algorithms are applied for training the model over the DDoS attack traffic data. The Light Gradient Boosting Machine (LGBM) Classifier has shown outstanding performance i.e., high accuracy of 98.4% in a very less time of 0.4 sec for training among others and expressed equally better performance when analyzed for other metrics such as AUC, Recall, Precision, F1-score, Kappa and MCC. This efficient classifier is further improvised by tuning its hyper parameters resulted in 98.7% accuracy and tested on 30% of unseen data resulted with 98.3% accuracy. When it is tested with real-time network traffic, exhibited 97.6% accuracy. The results show that LGBM Classifier achieves the highest accuracy. In this paper, it is also analyzed that source port is the important feature contributing mainly to the enhanced LGBM classifier accuracy. Keywords: Cyber Attacks, DDoS, Attack Detection, Machine Learning, Classification