Detection and Characterization of DDoS Attacks Using Time-Based Features

Abstract

In today’s evolving cybersecurity landscape, distributed denial-of-service (DDoS) attacks have become one of the most prolific and costly threats. Their capability to incapacitate network services while causing millions of dollars in damages has made effective DDoS detection and prevention imperative for businesses and government entities alike. Prior research has found shallow and deep learning classifiers to be invaluable in detecting DDoS attacks; however, there is an absence of research concerning time-based features and classification among many DDoS attack types. In this article, we propose and study the efficacy of 25 time-based features to detect and classify 12 types of DDoS attacks using binary and multiclass classification. Furthermore, we ran experiments to compare the performance of eight traditional machine learning classifiers and one deep learning classifier using two different scenarios. Our findings show that the majority of models provided ~99% accuracy on both the control and time-based experiments in detecting DDoS attacks while yielding ~70% accuracy in classifying specific DDoS attack types. Training on the proposed time-based feature subset was found to be effective at reducing training time without compromising test accuracy; thus, the smaller time-based feature subset alone is beneficial for near-real time applications that incorporate continuous learning.