DDoS Attack Modeling and Detection Using SMO

摘要

Over the last decade, Distributed Denial of Service (DDoS) attacks have been employed to cause huge financial and prestige loss to different kinds of e-business. Attackers also target governmental websites using DDoS attacks as a new weapon in the world of cyber war. The importance of the issue has inspired many researchers from academia and the industry to provide solutions to this type of challenging attack. In this study, we simulated DDoS attacks in a virtual lab and then collected firewall logs from the Security Information and Event Management (SIEM) platform of a company in the field of security management solutions. We extracted 14 research features from firewall logs and applied a SMO algorithm to train our data using 10 fold cross-validation. The SMO with PolyKernel was able to create a prediction model without any false alarm. We also tested our model with two different datasets. This research is an ongoing multistep study. Future research will concentrate on online DDoS detection.