Abstract:
Machine learning is one of the most speedily evolving domains of computer science and its application for detection of network attacks has proved to be a great help in prevention of such attacks. DDoS is a class of attacks that brings down the services of computer systems and networks. These kind of attacks have their effects more pronounced in case of wireless networks specially Wireless Sensor Networks. Anomaly based Intrusion Detection Systems make use of machine learning techniques to identify attack traffic from that of non-attack traffic. They employ network statistical features or packet attributes to find the anomalies in network traffic. There is, however, very less research work done to further identify the exact intrusions of DDoS attacks like TCP Syn Flooding, ICMP/UDP flooding.
In this thesis, we explore various machine learning techniques with the focus on decision tree algorithms to propose a model that identifies the exact intrusion types in a WSN network. We evaluate the performance of various decision tree algorithms (C4.5 / VFDT / EVFDT) using packet attributes as a feature set. The proposed model sets up the WSN network on a simulated platform and generates the DDoS attacks on this network to capture the attack data traces. The data in turn is used to train and test different decision tree classifiers to evaluate their performance on this multi-class machine learning problem and come up with an appropriate feature set for exact intrusion detection. The results reveal that EVFDT successfully classify the DDoS attack into exact intrusion types with accuracy up to 97.647%.
