Performance Evaluation of Machine Learning Algorithms for Detection of SYN Flood Attack

Abstract

One of the main security problems that become the hardest and most serious threat is called Distributed Denial of Service (DDoS) attacks specifically Synchronize (SYN) flood attack. This research focused on the performance evaluation of classification machine learning (ML) algorithms for SYN flood attack detection. The classification models are trained and tested with packet captured dataset gathered from ethio telecom network by generating and capturing packets using Hping3 and Wireshark tools respectively. This dataset has been further preprocessed and evaluated using four classification ML algorithms and three training approaches. The implementation has been performed using WAKA (Waikato Environment for Knowledge Analysis) data mining tool. The experimental results show that the J48 algorithm performs with 98.57% accuracy and AdaBoost, Naïve Bayes and ANN algorithms with 98.52%, 95.31% and 94.85% accuracy respectively. Accordingly based on the performance a model with the J48 algorithm has been recommended for SYN attack detection.