Proactive DDoS detection: integrating packet marking, traffic analysis, and machine learning for enhanced network security

Proactive DDoS detection: integrating packet marking, traffic analysis, and machine learning for enhanced network security

연구 분야: Analysis

학회: Cluster Computing

In the realm of cybersecurity, where Distributed Denial of Service (DDoS) attacks persist as a formidable risk, this study unfolds a comprehensive strategy to bolster network security. DDoS attacks, known for their capacity to disrupt normal network operations, underscore the urgency of proactive defense measures. Despite the presence of numerous conventional machine learning and ensemble approaches to mitigate DDoS attacks, these methods often fall short in providing real-time, proactive defense mechanisms. This research addresses the critical gap by combining innovative packet marking techniques with machine learning to enhance the speed and accuracy of DDoS detection. To fortify network resilience, the research introduces three innovative packet marking methods—Linear Packet Marking, Remainder Packet Marking, and Probabilistic Packet Marking. Each method, whether employing a systematic approach, utilizing remainder values for unique identification, or introducing a probabilistic element, contributes to the network's ability to trace and mitigate potential threats. This paper seamlessly integrates advanced machine learning models and traffic analysis techniques to enhance network security further. A meticulous comparative analysis evaluates the performance of diverse models, including Logistic Regression, Random Forest, Support Vector Machine (SVM), Naive Bayes, K-Nearest Neighbours (KNN), Decision Tree, and XGBoost. Rigorous data preprocessing ensures the robustness of model training by addressing missing values and encoding categorical features. Simultaneously, advanced traffic analysis methods like Rate Limiting, Anomaly Detection, and Whitelist checks are incorporated, forming a cohesive defense against DDoS attacks. This integrated approach aims to create a multi-layered security paradigm. The methodology intricately details the traceback processes of packet marking method and outlines the unique purposes of traffic analysis techniques within a simulated environment. Rigorous testing parameters, including datasets for training machine learning models, are specified. Quantitative measures and visualizations present results, including accuracy, precision, recall, F1 score, and AUC, presenting a detailed evaluation of the proposed strategy. Noteworthy outcomes include high metrics for KNN, Random Forest, Logistic Regression, SVM, and XGBoost, with KNN achieving a remarkable accuracy of 98.4%, emphasizing its effectiveness in identifying and mitigating DDoS attacks.