Machine learning classification of port scanning and DDoS attacks: A comparative analysis
Cyber security is one of the major concerns of today's connected world. For all the platforms of today's communication technology such as wired, wireless, local and remote access, the hackers are present to corrupt the system functionalities, circumvent the security measures and steal sens...
Saved in:
| Published in | Mehran University research journal of engineering and technology Vol. 40; no. 1; pp. 215 - 229 |
|---|---|
| Main Authors | , , , , |
| Format | Journal Article |
| Language | English |
| Published |
Mehran University of Engineering and Technology
01.01.2021
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 0254-7821 2413-7219 |
| DOI | 10.22581/muet1982.2101.19 |
Cover
Loading…
| Abstract | Cyber security is one of the major concerns of today's connected world. For all the platforms of today's communication technology such as wired, wireless, local and remote access, the hackers are present to corrupt the system functionalities, circumvent the security measures and steal sensitive information. Amongst many techniques of hackers, port scanning and Distributed Denial of Service (DDoS) attacks are very common. In this paper, the benefits of machine learning are taken into consideration for classification of port scanning and DDoS attacks in a mix of normal and attack traffic. Different machine learning algorithms are trained and tested on a recently published benchmark dataset (CICIDS2017) to identify the best performing algorithms on the data which contains more recent vectors of port scanning and DDoS attacks. The classification results show that all the variants of discriminant analysis and Support Vector Machine (SVM) provide good testing accuracy i.e. more than 90%. According to a subjective rating criterion mentioned in this paper, 9 algorithms from a set of machine learning experiments receive the highest rating (good) as they provide more than 85% classification (testing) accuracy out of 22 total algorithms. This comparative analysis is further extended to observe training performance of machine learning models through k-fold cross validation, Area Under Curve (AUC) analysis of the Receiver Operating Characteristic (ROC) curves, and dimensionality reduction using the Principal Component Analysis (PCA). To the best of our knowledge, a comprehensive comparison of various machine learning algorithms on CICIDS2017 dataset is found to be deficient for port scanning and DDoS attacks while considering such recent features of attack. |
|---|---|
| AbstractList | Cyber security is one of the major concerns of today’s connected world. For all the platforms of today’s communication technology such as wired, wireless, local and remote access, the hackers are present to corrupt the system functionalities, circumvent the security measures and steal sensitive information. Amongst many techniques of hackers, port scanning and Distributed Denial of Service (DDoS) attacks are very common. In this paper, the benefits of machine learning are taken into consideration for classification of port scanning and DDoS attacks in a mix of normal and attack traffic. Different machine learning algorithms are trained and tested on a recently published benchmark dataset (CICIDS2017) to identify the best performing algorithms on the data which contains more recent vectors of port scanning and DDoS attacks. The classification results show that all the variants of discriminant analysis and Support Vector Machine (SVM) provide good testing accuracy i.e. more than 90%. According to a subjective rating criterion mentioned in this paper, 9 algorithms from a set of machine learning experiments receive the highest rating (good) as they provide more than 85% classification (testing) accuracy out of 22 total algorithms. This comparative analysis is further extended to observe training performance of machine learning models through k-fold cross validation, Area Under Curve (AUC) analysis of the Receiver Operating Characteristic (ROC) curves, and dimensionality reduction using the Principal Component Analysis (PCA). To the best of our knowledge, a comprehensive comparison of various machine learning algorithms on CICIDS2017 dataset is found to be deficient for port scanning and DDoS attacks while considering such recent features of attack. Cyber security is one of the major concerns of today's connected world. For all the platforms of today's communication technology such as wired, wireless, local and remote access, the hackers are present to corrupt the system functionalities, circumvent the security measures and steal sensitive information. Amongst many techniques of hackers, port scanning and Distributed Denial of Service (DDoS) attacks are very common. In this paper, the benefits of machine learning are taken into consideration for classification of port scanning and DDoS attacks in a mix of normal and attack traffic. Different machine learning algorithms are trained and tested on a recently published benchmark dataset (CICIDS2017) to identify the best performing algorithms on the data which contains more recent vectors of port scanning and DDoS attacks. The classification results show that all the variants of discriminant analysis and Support Vector Machine (SVM) provide good testing accuracy i.e. more than 90%. According to a subjective rating criterion mentioned in this paper, 9 algorithms from a set of machine learning experiments receive the highest rating (good) as they provide more than 85% classification (testing) accuracy out of 22 total algorithms. This comparative analysis is further extended to observe training performance of machine learning models through k-fold cross validation, Area Under Curve (AUC) analysis of the Receiver Operating Characteristic (ROC) curves, and dimensionality reduction using the Principal Component Analysis (PCA). To the best of our knowledge, a comprehensive comparison of various machine learning algorithms on CICIDS2017 dataset is found to be deficient for port scanning and DDoS attacks while considering such recent features of attack. Keywords: Classification, DDoS Attacks, Machine Learning, Port Scanning, Supervised Learning. |
| Audience | Academic |
| Author | Manzoor Ahmed Hashmani Muhammad Aamir Syed Sajjad Hussain Rizvi Muhammad Zubair Jawwad Ahmad |
| Author_xml | – sequence: 1 givenname: Muhammad surname: Aamir fullname: Aamir, Muhammad organization: Shaheed Zulfikar Ali Bhutto Institute of Science & Technology (SZABIST), Karachi, Pakistan – sequence: 2 givenname: Syed Sajjad Hussain surname: Rizvi fullname: Rizvi, Syed Sajjad Hussain organization: Shaheed Zulfikar Ali Bhutto Institute of Science & Technology (SZABIST), Karachi, Pakistan – sequence: 3 givenname: Manzoor Ahmed surname: Hashmani fullname: Hashmani, Manzoor Ahmed organization: Department of Computer and Information Sciences, Centre for Research in Data Science (CERDAS), Universiti Teknologi PETRONAS, Seri Iskander, Malaysia – sequence: 4 givenname: Muhammad surname: Zubair fullname: Zubair, Muhammad organization: Iqra University, Karachi, Pakistan – sequence: 5 givenname: Jawwad Ahmed surname: Usman fullname: Usman, Jawwad Ahmed organization: Institute of Technology, Karachi, Pakistan |
| BookMark | eNp9kU1v1DAQhiNUJJbSH8AtfyCLPxJ_IC6rlkKlIg7AgZM1GduLlyRe2aZS_z3eLL30gHwYaWae16P3fd1cLHFxTfOWki1jg6Lv5j-uUK3YllFCt1S_aDasp7yTjOqLZkPY0HdSMfqqucr5QAihYugF55vm5xfAX2Fx7eQgLWHZtzhBzsEHhBLi0kbfHmMqbUZY1jkstr25id9aKAXwd37f7lqM8xFSBR5cncP0mEN-07z0MGV39a9eNj9uP36__tzdf_10d72775BLUTo5IneUoGUCFcJggTFr0Q_OMRitBc-90xKdAj8SKa0YlJZKMkUcKGH5ZXN31rURDuaYwgzp0UQIZm3EtDeQSsDJmR7GnlOmtfSyZ0KDIszjUJ3qaxlPWtuz1h7qelh8LAmwPuvmgNV0H2p_J4RiUvdcVkCeAUwx5-S8wVBW4yoYJkOJWRMyTwmZU0KG6krSZ-TT6f9jPpyZNIdiME6Tw9Nf-QAlnzjOqVjPXhfkwHouhOAD0T3j_C_-Bqt- |
| CitedBy_id | crossref_primary_10_1109_ACCESS_2022_3152577 crossref_primary_10_1016_j_micpro_2023_104823 crossref_primary_10_3389_frsip_2021_814129 crossref_primary_10_3390_electronics13122404 crossref_primary_10_1142_S0218001422500239 crossref_primary_10_1057_s41288_022_00266_6 crossref_primary_10_1016_j_comnet_2023_109935 |
| Cites_doi | 10.1515/jisys-2017-0472 10.3390/info10040122 10.22581/muet1982.1803.19 10.1109/asiajcis.2016.24 10.1109/isi.2007.379535 10.1007/978-3-319-40162-1_4 10.14569/ijacsa.2016.070159 10.1002/9781118874059.ch7 10.1016/j.jksuci.2019.02.003 10.1109/cisda.2009.5356528 10.1016/j.jnca.2016.03.011 10.1002/sec.1149 10.5220/0006639801080116 10.1177/875647939000600106 10.1007/978-3-642-30220-6_2 10.1016/j.future.2017.10.016 10.1007/978-1-4899-7641-3_9 10.1016/j.cose.2019.06.005 10.1109/raics.2015.7488411 10.4036/iis.2013.173 10.1007/s10207-019-00434-1 10.1145/2980258.2982110 10.1007/978-3-319-92624-7_2 10.26686/wgtn.14214497.v1 10.1109/icitech.2017.8080006 10.1145/3022227.3022260 10.1109/tsmcc.2008.923876 10.1109/cnsr.2007.22 10.1109/milcis.2015.7348942 10.1007/978-81-322-2550-8_41 10.1109/tpami.2015.2435740 |
| ContentType | Journal Article |
| Copyright | COPYRIGHT 2021 Mehran University of Engineering and Technology |
| Copyright_xml | – notice: COPYRIGHT 2021 Mehran University of Engineering and Technology |
| DBID | AAYXX CITATION DOA |
| DOI | 10.22581/muet1982.2101.19 |
| DatabaseName | CrossRef DOAJ Directory of Open Access Journals |
| DatabaseTitle | CrossRef |
| DatabaseTitleList | CrossRef |
| Database_xml | – sequence: 1 dbid: DOA name: DOAJ Directory of Open Access Journals url: https://www.doaj.org/ sourceTypes: Open Website |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Engineering |
| EISSN | 2413-7219 |
| EndPage | 229 |
| ExternalDocumentID | oai_doaj_org_article_4ab4312997f74269a802fc54134fc5bd A668279437 10_22581_muet1982_2101_19 10.3316/informit.752436663509423 |
| Genre | Journal Article |
| GeographicLocations | Taiwan |
| GeographicLocations_xml | – name: Taiwan |
| GroupedDBID | 188 5VS ADBBV AINHJ ALMA_UNASSIGNED_HOLDINGS BCNDV GROUPED_DOAJ IAO ITC KQ8 M~E OK1 RIG AAYXX CITATION |
| ID | FETCH-LOGICAL-c376t-7bc3e10cd26c8ca5da22ddcf5ee2abddaf3fe97ce8afb077d6589787280ea86d3 |
| IEDL.DBID | DOA |
| ISSN | 0254-7821 |
| IngestDate | Wed Aug 27 01:31:00 EDT 2025 Sat Mar 08 18:02:40 EST 2025 Tue Jul 01 00:21:02 EDT 2025 Thu Apr 24 22:55:55 EDT 2025 Wed Jan 29 00:06:30 EST 2025 |
| IsDoiOpenAccess | true |
| IsOpenAccess | true |
| IsPeerReviewed | true |
| IsScholarly | true |
| Issue | 1 |
| Language | English |
| License | https://creativecommons.org/licenses/by/4.0 |
| LinkModel | DirectLink |
| MergedId | FETCHMERGED-LOGICAL-c376t-7bc3e10cd26c8ca5da22ddcf5ee2abddaf3fe97ce8afb077d6589787280ea86d3 |
| Notes | MURJET.jpg Mehran University Research Journal Of Engineering & Technology, Vol. 40, No. 1, Jan 2021: 215-229 |
| OpenAccessLink | https://doaj.org/article/4ab4312997f74269a802fc54134fc5bd |
| PageCount | 15 |
| ParticipantIDs | doaj_primary_oai_doaj_org_article_4ab4312997f74269a802fc54134fc5bd gale_infotracacademiconefile_A668279437 crossref_citationtrail_10_22581_muet1982_2101_19 crossref_primary_10_22581_muet1982_2101_19 rmit_collectionsjats_10_3316_informit_752436663509423 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 20210101 2021-1-1 2021-01-01 |
| PublicationDateYYYYMMDD | 2021-01-01 |
| PublicationDate_xml | – month: 01 year: 2021 text: 20210101 day: 01 |
| PublicationDecade | 2020 |
| PublicationTitle | Mehran University research journal of engineering and technology |
| PublicationYear | 2021 |
| Publisher | Mehran University of Engineering and Technology |
| Publisher_xml | – name: Mehran University of Engineering and Technology |
| References | ref13 ref35 ref12 ref34 ref15 ref37 ref14 ref36 ref31 ref30 ref11 ref33 ref10 ref32 ref0 ref2 ref1 ref17 ref16 ref19 ref18 ref24 ref23 ref26 ref25 ref20 ref22 ref21 ref28 ref27 ref29 ref8 ref7 ref9 ref4 ref3 ref6 ref5 |
| References_xml | – ident: ref15 doi: 10.1515/jisys-2017-0472 – ident: ref1 – ident: ref3 – ident: ref35 doi: 10.3390/info10040122 – ident: ref36 doi: 10.22581/muet1982.1803.19 – ident: ref14 doi: 10.1109/asiajcis.2016.24 – ident: ref10 doi: 10.1109/isi.2007.379535 – ident: ref18 doi: 10.1007/978-3-319-40162-1_4 – ident: ref20 doi: 10.14569/ijacsa.2016.070159 – ident: ref9 – ident: ref26 doi: 10.1002/9781118874059.ch7 – ident: ref33 doi: 10.1016/j.jksuci.2019.02.003 – ident: ref11 – ident: ref29 doi: 10.1109/cisda.2009.5356528 – ident: ref27 doi: 10.1016/j.jnca.2016.03.011 – ident: ref5 doi: 10.1002/sec.1149 – ident: ref7 doi: 10.5220/0006639801080116 – ident: ref31 doi: 10.1177/875647939000600106 – ident: ref8 doi: 10.1007/978-3-642-30220-6_2 – ident: ref37 doi: 10.1016/j.future.2017.10.016 – ident: ref25 doi: 10.1007/978-1-4899-7641-3_9 – ident: ref28 doi: 10.1016/j.cose.2019.06.005 – ident: ref22 doi: 10.1109/raics.2015.7488411 – ident: ref4 doi: 10.4036/iis.2013.173 – ident: ref32 doi: 10.1007/s10207-019-00434-1 – ident: ref2 doi: 10.1145/2980258.2982110 – ident: ref23 – ident: ref34 doi: 10.1007/978-3-319-92624-7_2 – ident: ref6 doi: 10.26686/wgtn.14214497.v1 – ident: ref17 doi: 10.1109/icitech.2017.8080006 – ident: ref19 doi: 10.1145/3022227.3022260 – ident: ref12 doi: 10.1109/tsmcc.2008.923876 – ident: ref13 doi: 10.1109/cnsr.2007.22 – ident: ref30 doi: 10.1109/milcis.2015.7348942 – ident: ref21 doi: 10.1007/978-81-322-2550-8_41 – ident: ref24 doi: 10.1109/tpami.2015.2435740 – ident: ref0 – ident: ref16 |
| SSID | ssj0001654633 |
| Score | 2.2291012 |
| Snippet | Cyber security is one of the major concerns of today's connected world. For all the platforms of today's communication technology such as wired, wireless,... Cyber security is one of the major concerns of today’s connected world. For all the platforms of today’s communication technology such as wired, wireless,... |
| SourceID | doaj gale crossref rmit |
| SourceType | Open Website Aggregation Database Enrichment Source Index Database Publisher |
| StartPage | 215 |
| SubjectTerms | Algorithms Classification Communication Comparative analysis Computer hackers Computer security Cyberterrorism Data mining Denial of service attacks Evaluation Machine learning Security management Supervised learning (Machine learning) Technology |
| Title | Machine learning classification of port scanning and DDoS attacks: A comparative analysis |
| URI | https://search.informit.org/documentSummary;dn=752436663509423;res=IELENG https://doaj.org/article/4ab4312997f74269a802fc54134fc5bd |
| Volume | 40 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LS8NAEF7Ekx7EJ9YXexAEIW2ym2QTb7W1FKFeaqGels0-BNFUbPr_ndmkNSe9eAqEDUxmJ_PYzHwfIdesEDYtwPtZG7EgtiIPFOcucNzkKtc5c_5oYPKUjmfx4zyZt6i-sCeshgeuFdeLVQExDpymcALHLlUWMqcT8L0xXAqD3hdiXquY8qcrOKNT88hDBRRAGIzqX5pgvlnU-1jZCqpt1oWCJ-oiyk4rKHns_o2Hbs3V-5Az2id7Ta5I-7WMB2TLlodkt4UgeEReJr4Z0tIGJ_WVepZL7P_xKqcLR7FZlE51TU5EVWnocLiY0n5V4Xz9He3TwQ8EOF2jlByT2ejheTAOGraEQIOTqAJRaG6jUBuW6kyrxCjGjNEusZapwhjluLO50DZTrgiFMJB7QAmJ9FRWZanhJ2S7XJT2lFCE5cozSBUdtzFioIkkUgZ5rcJY6zjskHCtLqkbKHFktHiXUFJ4Dcu1hiVqWEZ5h9xuHvmscTR-W3yPe7BZiBDY_gYYhmwMQ_5lGB1ygzso8UMF4bRq5g3gFRHySvbTNGMIjyc6JMFNlvjl-f63cvmmqiXKx3mUyhrCFhaIhMU8xRwNimLGz_5DzHOyw7BNxp_qXJDt6mtlLyHPqYorb9LfjEr1dQ |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Machine+learning+classification+of+port+scanning+and+DDoS+attacks%3A+A+comparative+analysis&rft.jtitle=Mehran+University+research+journal+of+engineering+and+technology&rft.au=Muhammad+Aamir&rft.au=Syed+Sajjad+Hussain+Rizvi&rft.au=Manzoor+Ahmed+Hashmani&rft.au=Muhammad+Zubair&rft.date=2021-01-01&rft.issn=0254-7821&rft.eissn=2413-7219&rft.volume=40&rft.issue=1&rft.spage=215&rft.epage=229&rft_id=info:doi/10.22581%2Fmuet1982.2101.19&rft.externalDBID=n%2Fa&rft.externalDocID=10.3316%2Finformit.752436663509423 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=0254-7821&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=0254-7821&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=0254-7821&client=summon |