AIMM: Artificial Intelligence Merged Methods for flood DDoS attacks detection

DDoS is one of the most common attacks on the web today. Hence, a quick detection system can enable automatic blocking or notification of an attack. In this paper, we propose a framework called AIMM (Artificial Intelligence Merged Methods). Our solution is based on three modules: preprocessing data incoming to the server, classification, and decision-making. The last stage is the decision-making module which gets the probability from all implemented AI methods and analyzes/aggregates them for making a final decision about the attack. The idea is based on the analysis of the TCP/UDP information reaching the target server and a quick decision method. The described technique is not limited to the selected AI method, and just for the tests, we used two different: neural networks and the k-nearest neighbors. As the aggregation solution, we used soft sets inference and averaging, weighted averaging technique. The proposal was subjected to performance tests on a publicly available database known as BOUN DDoS Dataset (and reached accuracy on 99,5%). The results were compared with the state-of-art and dis-cussed in terms of its advantages and disadvantages.(c) 2022 The Authors. Published by Elsevier B.V. on behalf of King Saud University. This is an open access article under the CC BY license (http://creativecommons.org/licenses/by/4.0/).

Automated summary

This paper presents a framework called AIMM (Artificial Intelligence Merged Methods) for fast detection and defense against DDoS attacks. The framework consists of three modules: data preprocessing, classification, and decision-making, using various AI methods for decision-making. By analyzing the TCP/UDP information reaching the target server and employing a quick decision-making method, the framework achieves high accuracy in attack detection.