Gazi Üniversitesi Fen Bilimleri Dergisi (Mar 2021)

Detecting Different Types of Distributed Denial of Service Attacks

  • Esra SÖĞÜT,
  • Saadin OYUCU,
  • O. Ayhan ERDEM

DOI
https://doi.org/10.29109/gujsc.840126
Journal volume & issue
Vol. 9, no. 1
pp. 12 – 25

Abstract

Read online

Distributed Denial of Service Attacks (DDoS) threaten every device connected to the Internet. The fast progress and wide spreading DDoS attacks are among the most well-known features of them. Many studies have been conducted to reduce the impact of these fast-progressing and widespread attacks. However, due to the continuous development of attack types and the implementation of different techniques, the prevention of attacks has not been fully achieved. Therefore, within the scope of this study, a DDoS attack was examined first and applications used to detect it were investigated. A system has been proposed to detect DDoS attacks using data mining methods. For the proposed system, experiment mechanisms for Transmission Control Protocol (TCP) Flooding, Spoofing Internet Protocol (IP), SYN Flood with Spoofed IP, and User Datagram Protocol (UDP) Flooding, which are among the DDoS attack types, were established and the attacks were performed to obtain network flow data. The classification was made with appropriate data mining methods according to the specified features and ZeroR, OneR, Naive Bayes, Bayes Net, Decision Stump, and J48 algorithms were used. According to these algorithms, the best classification rate has been reached with J48 algorithm. The results have shown that the proposed system plays an important role in determining the DDoS attack type. The proposed system will ensure that appropriate detection mechanisms are applied more quickly, effectively and efficiently in real attacks.

Keywords