International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 04 Issue: 06 | June -2017 www.irjet.net p-ISSN: 2395-0072 © 2017, IRJET | Impact Factor value: 5.181 | ISO 9001:2008 Certified Journal | Page 1085 Machine Learning Techniques used for the Detection and Analysis of Modern Types of DDoS Attacks Irfan Sofi 1 , Amit Mahajan 2 , Vibhakar Mansotra 3 1 Student, Department Of Computer Science & IT, University Of Jammu, J&K, India. 2 System Analyst, Department Of Computer Science & IT, University Of Jammu, J&K, India. 3 Professor, Department Of Computer Science & IT, University Of Jammu, J&K, India. ---------------------------------------------------------------------***--------------------------------------------------------------------- Abstract - Distributed Denial of service (DDoS) attacks is the most devastating attack which halts the normal functionality of critical services provided by the various organizations in the internet community. These attacks have become more sophisticated and continue to increase in number day by day, thus making it difficult to detect and counter such attacks. Therefore there is a need of intelligent intrusion detection system (IDS) to detect and classify any anomalous behavior of the network traffic. In this paper, the work is carried out on the new dataset which contains the modern type of DDoS attacks such as (HTTP flood, SIDDoS). This work incorporates various machine learning techniques for classification: Naïve Bayes, MLP, SVM, Decision trees Key Words: DDoS Attacks, IDS, Naïve Bayes, Decision trees, MLP, SVM, ARFF File, and WEKA 1. INTRODUCTION With the proliferation of computer networks, especially the internet, come many kinds of network attacks. Recently global ransom ware virus named as Wannacry have halted network services in about 156 countries. According to reports of Kaspersky Lab in the fourth quarter of 2015, resources in almost 69 countries were targeted by Botnet assisted attacks. Also fourth quarter witnessed the longest Botnet based DDoS attack which lasted for 371 hours i.e. 15.5 days approximately. Crackers or black hackers are continually generating new types of DDoS attacks which is multilayered but mostly occur at the network and the application layer of OSI model. These attacks make use of the spoofed IP addresses to elude the source identification and to carry out the attack at the large scale. Such attacks are very immense that the available bandwidth at the bottleneck is completely utilized by the attack traffic thereby dropping the legitimate packets. The victims are surprisingly government agencies, financial corporations, defense agencies and military departments. Popular websites like Facebook, twitter, wikileaks, paypal, ebay became victims of DDoS which experienced interruption in normal operations leading to financial losses, service degradation and lack of availability [2]. The detection is quite difficult as the illegitimate packets are indistinguishable from the legitimate packets. Moreover, the cracker or black hacker quickly leaves the zombies after it executes the command; therefore detection of the cracker is extremely difficult. Thus there is a need of the intelligent intrusion detection system (IDS) to defend the network services. To develop the system we utilized the various machine learning techniques for detection and analysis of the behavior of DDoS packets using anomaly- based approach. This paper outlines the various machine learning classification techniques like Naïve Bayes, MLP, SVM and decision trees for the detection and analysis of various types of DDoS attacks such as SIDDoS, HTTP flood, Smurf, UDP flood. In this paper the work is carried out on the novel dataset which contains the modern types of DDoS attacks because there were no common data sets that contains the modern DDoS attacks in different layers, such as (SIDDoS, HTTP flood)[1].The comparative analysis of different classification techniques is done and from the experimental results it is clear that MPL achieved the highest accuracy rate. 2. RELATED WORK In recent literature, many methods have been introduced to detect and analyze DDoS attacks. The majority of current detection projects depend upon feature selection from the ip packets captured. Mouhammd Alkasassbeh et al. has taken all the 27 features into consideration in a novel dataset that contains the modern DDoS attacks in the different network layers, such as (SIDDoS, HTTP Flood). This paper mainly focused on the comparative analysis of various classifiers used in classification and determine the confusion matrix of each technique used. The method incorporates the well-known machine learning techniques like Naïve Bayes, Multilayer Perceptron (MLP), and Random Forest. Among these techniques it is shown that MLP achieved the highest accuracy rate (98.63) [1]. Sanguk Noh et al. works on all the flags within the TCP header and they analyze the relationship between the flags and the TCP packets. To analyze the features of the DDoS attacks, therefore, this paper presents the network traffic analysis mechanism which computes the ratio of the number of TCP flags to the total number of TCP packets. Based upon the calculation of TCP flag rates, they compile a pair of the TCP flag rates and the presence (or absence) of the DDoS attack into state-action rules using machine