Distributed Denial of Service Attack Detection Using Machine Learning and Class Oversampling

Distributed Denial of Services (DDoS) attack, one of the most dangerous types of cyber attack, has been reported to increase during the COVID-19 pandemic. Machine learning techniques have been proposed in the literature to build models to detect DDoS attacks. Existing works in literature tested their models with old datasets where DDoS attacks are not specific. These works mainly focus on detecting the presence of an attack rather than the type of DDoS attacks. However, detection of the attack type is vital for the review and analysis of enterprise-level security policy. Cyber-attacks are inherently an imbalanced data problem, but none of the models treated DDoS attack detection from this perspective. In this work, we present a machine learning model that takes the imbalance nature of the DDoS attack data into consideration for both presence/absence and the type of DDoS attack detection. Extensive experiment analysis with the recent and DDoS attack-specific dataset shows that the proposed technique can effectively identify DDoS attacks.