نوع مقاله : کامپیوتر - شبکه های کامپیوتری
نویسندگان
1 دانشکده مهندسی کامپیوتر، دانشگاه شهید مدنی آذربایجان
2 گروه مهندسی کامپیوتر-دانشکده مهندسی برق و کامپیوتر-دانشگاه تبریز-تبریز-ایران
3 گروه مهندسی برق قدرت-دانشکده مهندسی برق و کامپیوتر-دانشگاه تبریز
چکیده
کلیدواژهها
موضوعات
عنوان مقاله [English]
نویسندگان [English]
With the increasing use of online services, DDoS attacks have been recognized as one of the most serious threats to Internet services. These attacks are able to quickly disrupt online systems and services. In this research, four machine learning algorithms for detecting DDoS attacks have been investigated and analyzed. For this purpose, the Intrusion Detection Evaluation Dataset (CIC-IDS2017) database, which includes botnet traffic samples, has been used. KNN, RF, Naive Bayes, and J48 algorithms were trained using the selected features with the SelectKBest function and the scikit-learn library. The results show that the RF, KNN, and J48 algorithms are very close in terms of accuracy and have performed well in identifying botnet traffic and normal traffic. The RF algorithm with a higher F1-score compared to KNN has provided more accuracy in identifying botnet traffic. On the other hand, the Naive Bayes algorithm, despite its high overall accuracy, has performed poorly in identifying botnet traffic, and its precision and recall are very low for botnet classification. The J48 algorithm has also performed relatively well, but due to the low recall value, a significant part of the attack traffic has been mistakenly identified as normal traffic. This research emphasizes that to deal with DDoS attacks, the use of modern machine learning algorithms can improve the accuracy and speed of identification. In the future, it will be necessary to test the models in real-world conditions with more diverse data in order to increase the accuracy and capabilities of Internet attack detection models.
کلیدواژهها [English]