A slow ddos attack detection mechanism using feature weighing and ranking

Abstract

A Denial of Service (DOS) attack is a continuous security risk in cyberspace. They are weaponized with advanced technologies and becoming more and more powerful as Distributed Denial of Service (DDoS) attacks. DDoS is one of the most occurring attacks nowadays and new methods are being needed to be able to detect such attacks. Attackers use many different techniques to perform DDoS attacks. Different DoS attack types has different characteristics and research is still needed to identify such attacks. In this paper, we analyse slow DDoS attack types (slowloris, slow http attack, etc) and propose a framework to detect them using machine learning techniques. We utilize gain-ratio and chi-squared ranking methods to select optimal feature subset for training detection mechanism. CICIDS2017 and CSE-CIC-IDS 2018 datasets are used to evaluate the proposed detection mechanism.