MLP-GA based algorithm to detect application layer DDoS attack

Abstract

Distributed Denial of Service (DDoS) attack is transforming into a weapon by the attackers, politicians, and cyber terrorists, etc. Today there is a quick ascent in the exploration field of mitigation and guard against DDoS attacks, however in actuality; the capabilities of the hackers are additionally growing. From early news of focusing on the network and transport layer, now a day’s application layer becomes the point of convergence of the attacks. In the paper, we first analyze the features from incoming packets. These features include Hyper Text Transfer Protocol (HTTP) count, the number of the Internet Protocol (IP) address during a time window, the constant mapping of the port number and frame of the packets. In the paper, we write all the combinations of these metrics and then analyzed the client’s behaviors from the public attack and normal data sets. We use Environmental Protection Agency-Hypertext Transfer Protocol (EPA-HTTP) DDoS, Center for Applied Internet Data Analysis (CAIDA) 2007 and experimentally produced DDoS data set using Slowloris attack to draw the efficiency and effectiveness of the features for layer seven DDoS detection. Second, we employ Multilayer Perceptron with a Genetic Algorithm (MLP-GA) to estimate the efficiency of the detection using the metrics. The experimental results show that MLP-GA provides the best efficiency of 98.04% for detecting the layer seven DDoS attacks. The proposed method provides a minimum value of False Positive when compared with traditional classifiers such as Naive Bayes, Radial Basis Function (RBF) Network, MLP, J48, and C45, etc.