Critical review of machine learning approaches to apply big data analytics in DDoS forensics

Distributed Denial of Service (DDoS) attacks are becoming more frequent and easier to execute. The sharp increase in network traffic presents challenges to conduct DDoS forensics. Despite different tools being developed, few take into account of the increase in network traffic. This research aims to recommend the best learning model for DDoS forensics. To this extend, the paper reviewed different literature to understand the challenges and opportunities of employing big data in DDoS forensics. Multiple simulations were carried out to compare the performance of different models. Two data mining tools WEKA and H2O were used to implement both supervised and unsupervised learning models. The training and testing of the models made use of intrusion dataset from oN-Line System - Knowledge Discovery & Data mining (NSL-KDD). The models are then evaluated according to their efficiency and accuracy. Overall, result shows that supervised learning algorithms perform better than unsupervised learning algorithms. It was found that Naïve Bayes, Gradient Boosting Machine and Distributed Random Forest are the most suitable model for DDoS detection because of its accuracy and time taken to train. Both Gradient Boosting Machine and Distributed Random Forest were further investigated to determine the parameters that can yield better accuracy. Future research can be extended by installing different DDoS detection models in an actual environment and compare their performances in actual attacks.