Abstract
The paper proposes a cascaded multi-classifier two-phase intrusion detection (TP-ID) approach that can be trained to monitor incoming traffic for any suspicious data. It addresses the issue of efficient detection of intrusion in traffic and further classifies the suspicious traffic as a DDoS attack or flash event. Features portraying the behaviour of normal, DDoS attack, and flash event are extracted from historical data obtained after merging CAIDA'07, SlowDoS2016, CIC-IDS-2017, and WorldCup 1998 benchmark datasets available online along with the commercial dataset for e-shopping assistant website. Information gain is applied to rank and select the most relevant features. TP-ID applies supervised learning algorithms in the two phases. Each phase tests the set of classifiers, the best of which is chosen for building a model. The performance of the system is evaluated using the detection rate, false-positive rate, mean absolute percentage error, and classification rate. The proposed approach classifies the traffic anomalies with a 99% detection rate, 0.43% FPR, and 99.51% classification rate.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
