DETECTION OF DDOS ATTACKS BASED ON DENSE NEURAL NETWORKS, AUTOENCODERS AND PEARSON CORRELATION COEFFICIENT
Distributed Denial of Service (DDoS) is a set of frequent cyber attacks used against public servers. Because DDoS attacks can be launched remotely and reflected by legit- imated users on networks, it is hard for victims to detect and prevent them. The ob- jective of this thesis is to explore the detection of DDoS attacks, especially those that have arisen in recent years, by a combination of dense neural networks, autoencoders and Pearson Correlation Coefficient. Three different classification models are de- signed, trained and tested. In order to gain information about the most recent DDoS attack types, the CICDDoS2019 dataset is selected as the training and testing set. This dataset contains Microsoft SQL Server(MSSQL), Simple Service Discovery Pro- tocol(SSDP), Network Time Protocol(NTP), Trivial File Transfer Protocol(TFTP), Domain Name System(DNS), Lightweight Directory Access Protocol(LDAP), Net- work Basic Input/Output System(NetBIOS), Simple Network Management Proto- col(SNMP), SYN flood, User Datagram Protocol(UDP) flood and UDP-Lag. To imitate the real network environment, the data used in this thesis is raw PCAP files. CIC-FlowMeter, a packet analysis tool, will be used to convert the raw packets into features. Three different deep-learning models are proposed to be used in DDoS detection. The models consist of DNN, Auto Encoder and Pearson Correlation Coef- ficient, in which the autoencoder works as a feature compressor. The performance of each model on different types of attacks is compared. The thesis also set up a bench- mark using traditional machine learning models. The proposed models outperform the traditional machine learning classification models. Furthermore, the F1-score of the proposed models is higher than other approaches.