Comparison of Classification Techniques for Distributed Denial of Service Attack Detection

Tanmayee Prakash Kamath, Purdue University


The author holds a Bachelor’s degree in Computer Engineering and is pursuing a Master’s of Science degree in Computer and Information technology at Purdue Polytechnic Institute. As a part of thesis research, the author aims to compare existing classification techniques used for detecting Distributed Denial of Service attacks. A Distributed Denial of Service attack occurs by overloading a victim machine with multiple requests leading it to be inactive, using a hierarchy of handlers and agents. The attacker communicates with a set of handlers instructing them to communicate with a set of agents. The handlers in turn control the agents by instructing them to send a stream of packets also known as attacking traffic, to the victim machine. Thereafter, the victim machine is attacked by a large number of different sources with multiple requests, and is made inactive. A DDoS attack is a way of breaching a cyber-system and generating heavy losses in absolutely no time. Hence, it is a matter of concern that cyber systems must be protected from such breaches by detecting the attack accurately and defending the system thereafter. The author aims to study the supervised machine learning techniques to classify data using classification. “IDSs can be divided into two categories: anomaly and misuse (signature) detection based on their detection approaches wherein anomaly detection tries to determine whether deviation from the established normal usage patterns can be flagged as intrusions (Tsai, Hsu, Lin, C.Y. & Lin, W. Y., 2009, p. 1).” Classification algorithms are used in an anomaly intrusion detection system to classify the incoming data to be a normal access or an attack. Since an attack can take place within seconds and lead to great amount of losses, the classification of data should be accurate to defend the system from the attacker. Hence, the author aims to compare four most widely used classification techniques for an anomaly intrusion detection system, based on their accuracy to be able to conclude which technique is most efficient.




Springer, Purdue University.

Subject Area

Information Technology

Off-Campus Purdue Users:
To access this dissertation, please log in to our
proxy server