DDoS Attack Detection On The Application Layer Using Machine Learning Classification

The Internet is becoming an increasingly crucial part of daily life in modern civilization.It is causing seismic shifts in people’s communication,business models,and even daily lives.However,cyberattacks also occur frequently,among which Distributed Denial of Service(DDoS)has become a major cyberattacks.With the network layer and transport layer security capabilities becoming increasingly robust,DDoS attacks have progressed and evolved through time,and the attacker’s goal shifting to the application layer.DDoS attacks at the application layer and their complexity have risen for years.Therefore,application-layer DDoS attack detection continues to be a hot topic in the field of information and network security research.Machine Learning(ML)approaches have been used to detect DDoS attacks in recent years.The issue of low efficiency caused by the traditional method of developing detection rules can be solved in detecting DDoS attacks,and the difference in network traffic can be immediately grasped from large-scale data.The detection rate of unknown attacks can be increased.In this thesis,we extract and analyze different features of attack traffic based on the characteristics of application-layer DDoS attacks to achieve efficient and accurate DDoS attack detection using current popular conceptual methods and technologies related to machine learning.The thesis first explains the main characteristics of application-layer DDoS attacks and commonly used detection techniques;the theory’s primary work is as follows:1.Application Layer Attack Detection Method Based on XGBoost-LGBM:Targeting existing DDoS attack detection methods that rely on a single feature,detection flexibility is insufficient.The approach is based on machine learn-ing,which ensures detection rate but takes longer.Therefore,this study pro-vides a DDoS attack detection approach based on Extreme Gradient Boosting(XGBoost)and Light Gradient Boosted Machine(LGBM).This method selects features using XGBoost and LGBM technology to minimize dimensionality and then utilizes the Cat Boost classifier to classify attacks.Data normalization,fea-ture selection,and detection classification are all part of the process.Empirical analysis and verification results show that: In the three indices of accuracy,pre-cision,and training time,the XGBoost-LGBM detection approach outperforms the detection technique that directly employs standard machine learning models of user behavior.2.Three-level Classifier for DDoS Detection in the Application Layer:There are still numerous flaws in existing detection research results regarding detection accuracy,precision,and implementation complexity.We provide a machine learning-based three-level classification framework for DDoS detection in the application layer;to detect a wide range of DDoS and accurately identify a specific type to help mitigate it.Using our method will classify incoming network traffic as either a normal or a DDoS attack.Then,using a multiclass algorithm,DDoS attacks are classified as TCP,UDP,or Mix-based DDoS attacks.Finally, multiclass algorithms characterize the anomaly found in the second phase;to de-termine the type of attack and choose the right plan of action.The experimental analysis and verification findings show that the proposed architecture surpasses traditional machine learning techniques in detection accuracy.