Year-end Sale % OFF 
Abstract
Cyber security is one of the major concerns of today’s connected world. For all the platforms of today’s communication technology such as wired, wireless, local and remote access, the hackers are present to corrupt the system functionalities, circumvent the security measures and steal sensitive information. Amongst many techniques of hackers, port scanning and Distributed Denial of Service (DDoS) attacks are very common. In this paper, the benefits of machine learning are taken into consideration for classification of port scanning and DDoS attacks in a mix of normal and attack traffic. Different machine learning algorithms are trained and tested on a recently published benchmark dataset (CICIDS2017) to identify the best performing algorithms on the data which contains more recent vectors of port scanning and DDoS attacks. The classification results show that all the variants of discriminant analysis and Support Vector Machine (SVM) provide good testing accuracy i.e. more than 90%. According to a subjective rating criterion mentioned in this paper, 9 algorithms from a set of machine learning experiments receive the highest rating (good) as they provide more than 85% classification (testing) accuracy out of 22 total algorithms. This comparative analysis is further extended to observe training performance of machine learning models through k-fold cross validation, Area Under Curve (AUC) analysis of the Receiver Operating Characteristic (ROC) curves, and dimensionality reduction using the Principal Component Analysis (PCA). To the best of our knowledge, a comprehensive comparison of various machine learning algorithms on CICIDS2017 dataset is found to be deficient for port scanning and DDoS attacks while considering such recent features of attack.
Highlights
Port scanning and Distributed Denial of Service (DDoS) attacks are very common techniques of cyber attackers to scan for vulnerabilities and exhaust the resources of a target respectively
When port scanning is in process, a scanning tool identifies the open ports in the target, informs about the running services, and enumerate in the form of target’s status such as operating system in use, memory occupied, and processing information
From CICIDS2017 dataset, total 512212 instances are taken from the Friday–Working hours–Afternoon scenarios of port scan and DDoS attacks
Summary
Port scanning and DDoS attacks are very common techniques of cyber attackers to scan for vulnerabilities and exhaust the resources of a target respectively. After an attacker gathers sufficient information such as IP scheme, datacenter locations and target profile during the reconnaissance phase, port scanning is involved as an early stage of the enumeration step. In order to close the connection after knowing that the port is open, the scanner may send rest (RST) signal. On the other hand, leaving the connection open may drive this scenario to a kind of denial of service attack known as TCP SYN attack.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: Mehran University Research Journal of Engineering and Technology
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
