K-Means clustering-based semi-supervised for DDoS attacks classification

Abstract

Network attacks of the distributed denial of service (DDoS) form are used to disrupt server replies and services. It is popular because it is easy to set up and challenging to detect. We can identify DDoS attacks on network traffic in a variety of ways. However, the most effective methods for detecting and identifying a DDoS attack are machine learning approaches. This attack is considered to be among the most dangerous internet threats. In order for supervised machine learning algorithms to function, there needs to be tagged network traffic data sets. On the other hand, an unsupervised method uses network traffic analysis to find assaults. In this research, the K-Means clustering algorithm was developed as a semi-supervised approach for DDoS classification. The proposed algorithm is trained and tested with the CICIDS2017 dataset. After using the proposed hybrid feature selection methods and applying multiple training, testing, and carefully sorting DDoS traffic through a series of experiments, the optimum 2 centroids were found to be DDoS and normal. The generated centroids can be used to classify network traffic. So the proposed method succeeded to cluster the network traffic to safe and theat.