On the performance of intelligent techniques for intensive and stealthy DDos detection

Distributed Denial of Services (DDoS) attacks continue to be one of the most challenging threats to the Internet. The intensity and frequency of these attacks are increasing at an alarming rate. With the promising results presented by Machine Learning (ML) techniques in variety fields, researchers have proposed numerous intelligent schemes to defend against DDoS attacks and mitigate their impact. This paper presents a taxonomy of the ML-based DDoS detection schemes, focusing on the important features and mechanisms that each scheme uses to detect and mitigate the impact of these attacks. The taxonomy is developed based on a thorough and extensive review of the literature, focusing on the most prominent and highly cited schemes that have been proposed over the last decade. The taxonomy is then used as a basis for the development of a framework to conduct a comprehensive empirical evaluation of the basic mechanisms underling the design of the selected ML-based DDoS defense schemes against a variety of attack scenarios. Rather than dealing with the specific details of a particular DDoS defense scheme, this work focuses on the building blocks of the intelligent DDoS detection and prevention schemes. The intelligent mechanisms underlying the selected schemes are implemented and evaluated using different performance metrics. The impact of different influential factors are also explored, including the observable traffic proportions, attack intensities and the Class Imbalance Problem of ML-based DDoS detection. The results of the comparative analysis show that no single technique outperforms all others in all test cases. Furthermore, the results underscore the need for a method oriented feature selection model to enhance the capabilities of ML-based detection techniques. Finally, the results show that the class imbalance problem significantly impact performance, underscoring the need for further research to address this problem and ensure high-quality DDoS detection in real-time. (C) 2019 Elsevier B.V. All rights reserved.