A Holistic Approach for Detecting DDoS Attacks by Using Ensemble Unsupervised Machine Learning

  • Saikat DasEmail author
  • Deepak Venugopal
  • Sajjan Shiva
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 1130)


Distributed Denial of Service (DDoS) has been the most prominent attack in cyber-physical system over the last decade. Defending against DDoS attack is not only challenging but also strategic. Tons of new strategies and approaches have been proposed to defend against different types of DDoS attacks. The ongoing battle between the attackers and defenders is full-fledged due to its newest strategies and techniques. Machine learning (ML) has promising outcomes in different research fields including cybersecurity. In this paper, ensemble unsupervised ML approach is used to implement an intrusion detection system which has the noteworthy accuracy to detect DDoS attacks. The goal of this research is to increase the DDoS attack detection accuracy while decreasing the false positive rate. The NSL-KDD dataset and twelve feature sets from existing research are used for experimentation to compare our ensemble results with those of our individual and other existing models.


Unsupervised machine learning ensemble Novelty and outlier detection DDoS detection Accuracy IDS False positive rate 


  1. 1.
    Lee, Y.-J., Baik, N.-K., Kim, C., Yang, C.-N.: Study of detection method for spoofed ip against DDoS attacks. Pers. Ubiquitous Comput. 22(1), 35–44 (2018)CrossRefGoogle Scholar
  2. 2.
    NETSCOUT Report. Accessed 10 July 2019
  3. 3.
    Specht, S.M., Ruby B.L.: Distributed denial of service: taxonomies of attacks, tools, and countermeasures. In: Proceedings of the 17th International Conference on Parallel and Distributed Computing Systems (2004)Google Scholar
  4. 4.
    Dietterich, T.G.: Ensemble methods in machine learning. In: International Workshop on Multiple Classifier Systems. Springer, Heidelberg (2000)Google Scholar
  5. 5.
    Aburomman, A.A., Reaz, M.B.I.: A survey of intrusion detection systems based on ensemble and hybrid classifiers. Comput. Secur. 65, 135–152 (2017)CrossRefGoogle Scholar
  6. 6.
    Noureldien, N.A., Yousif, I.M.: Accuracy of machine learning algorithms in detecting DoS attacks types. Sci. Technol. 6(4), 89–92 (2016)Google Scholar
  7. 7.
    Olusola, A.A., Oladele, A.S., Abosede, D.O.: Analysis of KDD’99 intrusion detection dataset for selection of relevance features. In: Proceedings of the World Congress on Engineering and Computer Science, WCECS, vol. 1 (2010)Google Scholar
  8. 8.
    Osanaiye, O., et al.: Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J. Wirel. Commun. Netw. 2016(1), 130 (2016)CrossRefGoogle Scholar
  9. 9.
    Ambusaidi, M.A., et al.: Building an intrusion detection system using a filter-based feature selection algorithm. IEEE Trans. Comput. 65(10), 2986–2998 (2016)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Gaikwad, D.P., Thool, R.C.: Intrusion detection system using bagging ensemble method of machine learning. In: 2015 International Conference on Computing Communication Control and Automation. IEEE (2015)Google Scholar
  11. 11.
    Shrivas, A.K., Dewangan, A.K.: An ensemble model for classification of attacks with feature selection based on KDD99 and NSL-KDD data set. Int. J. Comput. Appl. 99(15), 8–13 (2014)Google Scholar
  12. 12.
    Tesfahun, A., Bhaskari, D.L.: Intrusion detection using random forests classifier with SMOTE and feature reduction. In: 2013 International Conference on Cloud & Ubiquitous Computing & Emerging Technologies. IEEE (2013)Google Scholar
  13. 13.
    Haq, N.F., et al.: Application of machine learning approaches in intrusion detection system: a survey. IJARAI-Int. J. Adv. Res. Artif. Intell. 4(3), 9–18 (2015)Google Scholar
  14. 14.
    Yusof, A.R., Udzir, N.I., Selamat, A.: Systematic literature review and taxonomy for DDoS attack detection and prediction. Int. J. Digit. Enterp. Technol. 1(3), 292–315 (2019)CrossRefGoogle Scholar
  15. 15.
    Belavagi, M.C., Muniyal, B.: Performance evaluation of supervised machine learning algorithms for intrusion detection. Procedia Comput. Sci. 89, 117–123 (2016)CrossRefGoogle Scholar
  16. 16.
    Ashfaq, R.A.R., et al.: Fuzziness based semi-supervised learning approach for intrusion detection system. Inf. Sci. 378, 484–497 (2017)CrossRefGoogle Scholar
  17. 17.
    Perez, D., et al.: Intrusion detection in computer networks using hybrid machine learning techniques. In: 2017 XLIII Latin American Computer Conference (CLEI). IEEE (2017)Google Scholar
  18. 18.
    Villalobos, J.J., Rodero, I., Parashar, M.: An unsupervised approach for online detection and mitigation of high-rate DDoS attacks based on an in-memory distributed graph using streaming data and analytics. In: Proceedings of the Fourth IEEE/ACM International Conference on Big Data Computing, Applications and Technologies. ACM (2017)Google Scholar
  19. 19.
    Jabez, J., Muthukumar, B.: Intrusion detection system (IDS): anomaly detection using outlier detection approach. Procedia Comput. Sci. 48, 338–346 (2015)CrossRefGoogle Scholar
  20. 20.
    Smyth, P., Wolpert, D.: Stacked density estimation. In: Advances in Neural Information Processing Systems (1998)Google Scholar
  21. 21.
    Hosseini, S., Azizi, M.: The hybrid technique for DDoS detection with supervised learning algorithms. Comput. Netw. 158, 35–45 (2019)CrossRefGoogle Scholar
  22. 22.
    Canadian Institute for Cybersecurity, Datasets/NSL-KDD. Accessed 10 July 2019
  23. 23.
    Tavallaee, M., Bagheri, E., Lu, W., Ghorbani, A.: A detailed analysis of the KDD CUP 99 data set. In: Submitted to Second IEEE Symposium on Computational Intelligence for Security and Defense Applications (CISDA) (2009)Google Scholar
  24. 24.
    Das, S., Mahfouz, A.M., Venugopal, D., Shiva, S.: DDoS intrusion detection through machine learning ensemble. In: 2019 IEEE 19th International Conference on Software Quality, Reliability and Security Companion (QRS-C), pp. 471–477. IEEE, July 2019Google Scholar
  25. 25.
    One-Class classification. Accessed 10 July 2019
  26. 26.
  27. 27.
    Scikit learn, Novelty and Outlier Detection. Accessed 10 July 2019
  28. 28.
  29. 29.
    Scikit learn. Accessed 10 July 2019
  30. 30.
    Kanakarajan, N.K., Muniasamy, K.: Improving the accuracy of intrusion detection using GAR-Forest with feature selection. In: Proceedings of the 4th International Conference on Frontiers in Intelligent Computing: Theory and Applications (FICTA) 2015. Springer, New Delhi (2016)Google Scholar
  31. 31.
    Pajouh, H.H., Dastghaibyfard, G.H., Hashemi, S.: Two-tier network anomaly detection model: a machine learning approach. J. Intell. Inf. Syst. 48(1), 61–74 (2017)CrossRefGoogle Scholar
  32. 32.
    Pervez, M.S., Farid, D.Md.: Feature selection and intrusion classification in NSL-KDD cup 99 dataset employing SVMs. In: The 8th International Conference on Software, Knowledge, Information Management and Applications (SKIMA 2014). IEEE (2014)Google Scholar
  33. 33.
    Das, S., Shiva, S.: CoRuM: collaborative runtime monitor framework for application security. In: 2018 IEEE/ACM International Conference on Utility and Cloud Computing Companion (UCC Companion). IEEE (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.The University of MemphisMemphisUSA

Personalised recommendations