Skip to main content
SpringerLink
Log in

Use of Machine Learning for Web Denial-of-Service Attacks: A Multivocal Literature Review

  • Review Article-computer Engineering and Computer Science
  • Published:
Arabian Journal for Science and Engineering Aims and scope Submit manuscript

Abstract

Denial-of-service (DoS) attacks conducted on online systems cause the targeted resources to become inoperative. This is caused by the abnormal traffic intentionally directed toward the system resources by the attacker(s). Several techniques can be used to detect and mitigate such attacks, and machine learning (ML) is one of them. Herein, the literature on ML techniques used to address DDoS attacks is systematically reviewed. Five search engines are used to identify relevant studies, the results are filtered based on specific selection criteria, and 48 studies are shortlisted and analyzed. Considerable variations are observed in the literature with respect to the datasets used for training ML models, with more than 20 datasets being used. To conduct performance evaluations, most studies have employed the accuracy metric. More than 30 modeling algorithms have been used to build the ML models. The outcomes of this review reveal the state of the literature and the manner in which the problem of DDoS attacks has been dealt with. Our results can guide future studies toward more constructive methods than the existing ones to address this problem.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5

Similar content being viewed by others

References

  1. Apruzzese, G.; Colajanni M.; Ferretti L.; et al.: On the effectiveness of machine and deep learning for cyber security. In: 2018 10th International Conference on Cyber Conflict (CyCon), IEEE, pp 371–390 (2018)

  2. Ford, V.; Siraj, A.: Applications of machine learning in cyber security. In: Proceedings of the 27th International Conference on Computer Applications in Industry and Engineering, IEEE Xplore Kota Kinabalu (2014)

  3. Gupta, B.B.; Sheng, Q.Z.: Machine Learning for Computer and Cyber Security: Principle, Algorithms, and Practices. CRC Press (2019)

    Book  MATH  Google Scholar 

  4. Rege, M.; Mbah, R.B.K.: Machine learning for cyber defense and attack. Data Anal. 2018, 83 (2018)

    Google Scholar 

  5. Towardsdatascience (2021) Artificial intelligence vs. machine learning vs. deep learning. URL https://towardsdatascience.com/artificial-intelligence-vs-machine-learning-vs-deep-learning-2210ba8cc4ac2. Accessed 23 Oct 2021

  6. Vollmer, M.: How to make it simple to explain ai, ml, dl together with data science, data analysis & analytics and data mining? (2021) https://medium.com/@marcellvollmer/how-to-make-it-simple-to-explain-ai-ml-dl-together-with-data-science-data-analysis. Accessed 23 Oct 2021

  7. ÖzgürGenc: Notes on artificial intelligence, machine learning and deep learning for curious people. (2021) https://towardsdatascience.com/. Accessed 23 Oct 20212

  8. Hermit-notebook: Taxonomy of machine learning. (2021) https://hermit-notebook.site/en/notebook/computer-sciences/artificial-intelligence/machine-learning/taxonomy-of-machine-learning/. Accessed 23 Oct 2021

  9. Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)

    Article  Google Scholar 

  10. Ayub, M.; El-Alfy, E.S.M.: Urlcam: Toolkit for malicious url analysis and modeling. J. Intell. Fuzzy Syst. pp 1–15 (2020)

  11. Polyakov, A.: Machine learning for cybersecurity 101. (2021) https://towardsdatascience.com/machine-learning-for-cybersecurity-101-7822b802790b, Accessed 23 Oct 2021

  12. Carpenter, P.: Using the predict, prevent, detect, respond framework to communicate your security program strategy. (2006) https://www.gartner.com/en/documents/3286317/using-the-predict-prevent-detect-respond-framework-to-co. Accessed 20 Feb 2022

  13. Handa, A.; Sharma, A.; Shukla, S.K.: Machine learning in cybersecurity: a review. Data Mining Knowl. Discov. 9(4), e1306 (2019)

    Google Scholar 

  14. Shaukat, K.; Luo, S.; Varadharajan, V., et al.: A survey on machine learning techniques for cyber security in the last decade. IEEE Access 8, 222310–222354 (2020)

    Article  Google Scholar 

  15. Chen, Z.: Deep learning for cybersecurity: a review. In: 2020 International Conference on Computing and Data Science (CDS). (2020) https://doi.org/10.1109/cds49703.2020.00009

  16. Tripathi, N.; Hubballi, N.: Application layer denial-of-service attacks and defense mechanisms: a survey. ACM Comput. Surv. 54(4), 1–33 (2021)

    Article  Google Scholar 

  17. Praseed, A.; Thilagam, P.S.: Ddos attacks at the application layer: challenges and research perspectives for safeguarding web applications. IEEE Commun. Surv. Tutor. 21(1), 661–685 (2018)

    Article  Google Scholar 

  18. Odusami, M.; Misra, S.; Abayomi-Alli, O., et al.: A survey and meta-analysis of application-layer distributed denial-of-service attack. Int. J. Commun Syst 33(18), e4603 (2020)

    Google Scholar 

  19. Masdari, M.; Jalali, M.: A survey and taxonomy of dos attacks in cloud computing. Secur. Commun. Netw. 9(16), 3724–3751 (2016)

    Article  Google Scholar 

  20. Zargar, S.T.; Joshi, J.; Tipper, D.: A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)

    Article  Google Scholar 

  21. Bhardwaj, A.; Mangat, V.; Vig, R., et al.: Distributed denial of service attacks in cloud: state-of-the-art of scientific and commercial solutions. Comput. Sci. Rev. 39(100), 332 (2021)

    MathSciNet  Google Scholar 

  22. Khalaf, B.A.; Mostafa, S.A.; Mustapha, A., et al.: Comprehensive review of artificial intelligence and statistical approaches in distributed denial of service attack and defense methods. IEEE Access 7, 51691–51713 (2019)

    Article  Google Scholar 

  23. Paffenroth, R.C.; Zhou, C.: Modern machine learning for cyber-defense and distributed denial-of-service attacks. IEEE Eng. Manage. Rev. 47(4), 80–85 (2019)

    Article  Google Scholar 

  24. Arshi, M.; Nasreen, M.; Madhavi, K.: A survey of ddos attacks using machine learning techniques. In: E3S Web of Conferences, EDP Sciences (2020)

  25. Aamir, M.; Zaidi, S.M.A.: Clustering based semi-supervised machine learning for ddos attack classification. J. King Saud Univ. Comput. Inf. Sci. 33(4), 436–446 (2021)

    Google Scholar 

  26. Akanji, O.S.; Abisoye, O.A.; Iliyasu, M.A.: Mitigating slow hypertext transfer protocol distributed denial of service attacks in software defined networks. J. Inf. Commun. Technol. 20(3), 277–304 (2021)

    Google Scholar 

  27. Aljumah, A.: Securing modern web services from distributed denial of service using svm. IJCSNS Int. J. Comput. Sci. Netw. Secur. 17(10), 23–31 (2017)

    Google Scholar 

  28. Alkasassbeh, M.; Al-Naymat, G.; Hassanat, A., et al.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)

    Google Scholar 

  29. Chen, J.; Yang, Y.; Hu, K.; et al.: Dad-mcnn: Ddos attack detection via multi-channel CNN. In: Proceedings of the 2019 11th International Conference on Machine Learning and Computing, pp 484–488 (2019)

  30. Garcia, N.; Alcaniz, T.; González-Vidal, A., et al.: Distributed realtime slowdos attacks detection over encrypted traffic using artificial intelligence. J. Netw. Comput. Appl. 173(102), 871 (2021)

    Google Scholar 

  31. Ghourabi, A.; Abbes, T.; Bouhoula, A.: Characterization of attacks collected from the deployment of web service honeypot. Secur. Commun. Netw. 7(2), 338–351 (2014)

    Article  Google Scholar 

  32. Gormez, Y.; Aydin, Z.; Karademir, R., et al.: A deep learning approach with bayesian optimization and ensemble classifiers for detecting denial of service attacks. Int. J. Commun Syst 33(11), e4401 (2020)

    Article  Google Scholar 

  33. Johnson Singh, K.; Thongam, K.; De, T.: Entropy-based application layer ddos attack detection using artificial neural networks. Entropy 18(10), 350 (2016)

    Article  Google Scholar 

  34. Muraleedharan, N.; Janet, B.: A deep learning based http slow dos classification approach using flow data. ICT Exp. 7(2), 210–214 (2021)

    Article  Google Scholar 

  35. Prasad, K.M.; Reddy, A.R.M.; Rao, K.V.G.: An experiential metrics-based machine learning approach for anomaly based real time prevention (artp) of app-ddos attacks on web. In: Artificial Intelligence and Evolutionary Computations in Engineering Systems. Springer, pp. 99–112 (2018)

  36. Rahman, R.; Tomar, D.; Jijin, A.: Application layer ddos attack detection using hybrid machine learning approach. Int. J. Secur. Appl. 11, 85–96 (2017)

    Google Scholar 

  37. Sangodoyin, A.O.; Akinsolu, M.O.; Pillai, P., et al.: Detection and classification of ddos flooding attacks on software-defined networks: a case study for the application of machine learning. IEEE Access 9, 122495–122508 (2021)

    Article  Google Scholar 

  38. Vedula, V.; Lama, P.; Boppana, R.V., et al.: On the detection of low-rate denial of service attacks at transport and application layers. Electronics 10(17), 2105 (2021)

    Article  Google Scholar 

  39. Velliangiri, S.; Premalatha, J.: Tree based classifiers for distributed denial of service attack classification in biotech and science as a service. In: International Conference on Emerging Multidisciplinary Research and Computational Intelligence-ICEMRCI, p 162 (2016)

  40. Veluchamy, S.; Kathavarayan, R.: Deep reinforcement learning for building honeypots against runtime dos attack (2021)

  41. Xu, C.; Shen, J.; Du, X.: Low-rate dos attack detection method based on hybrid deep neural networks. J. Inf. Secur. Appl. 60(102), 879 (2021)

    Google Scholar 

  42. Amruta, M.; Talhar, N.: Effective denial of service attack detection using artificial neural network for wired lan. In: 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES) (2016) https://doi.org/10.1109/scopes.2016.7955826

  43. Baskaya, D.; Samet, R.: Ddos attacks detection by using machine learning methods on online systems. In: 2020 5th International Conference on Computer Science and Engineering (UBMK) (2020) https://doi.org/10.1109/ubmk50275.2020.9219476

  44. Ghanbari, M.; Kinsner, W.; Ferens, K.: Detecting a distributed denial of service attack using a pre-processed convolutional neural network. In: 2017 IEEE Electrical Power and Energy Conference (EPEC). (2017) https://doi.org/10.1109/epec.2017.8286243

  45. Hakak, R.; Ahmad, M.: Automatic defense against distributed denial of service using anomaly based method in machine learning. 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV) (2021) https://doi.org/10.1109/icicv50876.2021.9388548

  46. Kachavimath, A.V.; Nazare, S.V.; Akki, S.S.: Distributed denial of service attack detection using naïve bayes and k-nearest neighbor for network forensics. In: 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA) (2020) https://doi.org/10.1109/icimia48430.2020.9074929

  47. Kemp, C.; Calvert, C.; Khoshgoftaar, T.M.: Detecting slow application layer dos attacks with pca. 2021 IEEE 22nd International Conference on Information Reuse and Integration for Data Science (IRI). (2021) https://doi.org/10.1109/iri51335.2021.00030

  48. Kumar, S.; Bhatia, A.: Detecting domain generation algorithms to prevent ddos attacks using deep learning. 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). (2019) https://doi.org/10.1109/ants47819.2019.9118156

  49. Maslan, A.; Mohammad, K.M.; Foozy, F.B.M.; et al.: Ddos detection on network protocol using neural network with feature extract optimization. 2019 2nd International Conference on Applied Information Technology and Innovation (ICAITI). (2019) https://doi.org/10.1109/icaiti48442.2019.8982136

  50. Mendonca, R.V.; Teodoro, A.A.M.; Rosa, R.L., et al.: Intrusion detection system based on fast hierarchical deep convolutional neural network. IEEE Access 9, 61024–61034 (2021). https://doi.org/10.1109/access.2021.3074664

    Article  Google Scholar 

  51. Mishra, S.; Yadav, A.; Kumar, A.; et al.: Intrusion detection using convolutional neural networks with feature reduction. In: 2021 9th International Conference on Cyber and IT Service Management (CITSM). (2021) https://doi.org/10.1109/citsm52892.2021.9588921

  52. Nayyar, S.; Arora, S.; Singh, M.: Recurrent neural network based intrusion detection system. In: 2020 International Conference on Communication and Signal Processing (ICCSP). (2020) https://doi.org/10.1109/iccsp48568.2020.9182099

  53. Ndibwile, J.D.; Govardhan, A.; Okada, K.; et al.: Web server protection against application layer ddos attacks using machine learning and traffic authentication. In: 2015 IEEE 39th Annual Computer Software and Applications Conference. (2015) https://doi.org/10.1109/compsac.2015.240

  54. Ribeiro, A.D.R.L.; Santos, R.Y.C.; Nascimento, A.C.A.: Anomaly detection technique for intrusion detection in sdn environment using continuous data stream machine learning algorithms. In: 2021 IEEE International Systems Conference (SysCon). (2021) https://doi.org/10.1109/syscon48628.2021.9447092

  55. Ruiz, N.; Tavera, B.; Abuzneid, A.S.: Intrusion detection system: The use of neural network packet classification. In: 2020 International Conference on Computational Science and Computational Intelligence (CSCI). (2020) https://doi.org/10.1109/csci51800.2020.00239

  56. Sahoo, K.S.; Iqbal, A.; Maiti, P.; et al.: A machine learning approach for predicting ddos traffic in software defined networks. In: 2018 International Conference on Information Technology (ICIT). (2018) https://doi.org/10.1109/icit.2018.00049

  57. Saleem, S.; Sheeraz, M.; Hanif, M.; et al.: Web server attack detection using machine learning. In: 2020 International Conference on Cyber Warfare and Security (ICCWS). (2020) https://doi.org/10.1109/iccws48432.2020.9292393

  58. Shinde, P.J.; Chatterjee, M.: A novel approach for classification and detection of dos attacks. In: 2018 International Conference on Smart City and Emerging Technology (ICSCET). (2018) https://doi.org/10.1109/icscet.2018.8537341

  59. Ugwu, C.C.; Obe, O.O.; Popoqla, O.S.; et al.: A distributed denial of service attack detection system using long short term memory with singular value decomposition. In: 2020 IEEE 2nd International Conference on Cyberspac (CYBER NIGERIA). (2021) https://doi.org/10.1109/cybernigeria51635.2021.9428870

  60. Umar, R.; Olalere, M.; Idris, I.; et al.: Performance evaluation of machine learning algorithms for hypertext transfer protocol distributed denial of service intrusion detection. In: 2019 15th International Conference on Electronics, Computer and Computation (ICECCO). (2019) https://doi.org/10.1109/icecco48375.2019.9043262

  61. Yadav, S.; Subramanian, S.: Detection of application layer ddos attack by feature learning using stacked autoencoder. In: 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT). (2016) https://doi.org/10.1109/icctict.2016.7514608

  62. Yan, J.; Yun, X.; Zhang, P.; et al.: A new weighted ensemble model for detecting dos attack streams. In: 2010 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology. (2010) https://doi.org/10.1109/wi-iat.2010.264

  63. Muraleedharan, N.; Janet, B.: Flow-based machine learning approach for slow http distributed denial of service attack classification. Int. J. Comput. Sci. Eng. 24(2), 147–161 (2021)

    Google Scholar 

  64. Muraleedharan, N.; Janet, B.: Scaffy: a slow denial-of-service attack classification model using flow data. Int. J. Inf. Secur. Priv. 15(3), 106–128 (2021)

    Article  Google Scholar 

  65. Swami, R.; Dave, M.; Ranga, V.: Voting-based intrusion detection framework for securing software-defined networks. Concurr. Comput. Pract. Exp. 32(24), e5927 (2020)

    Article  Google Scholar 

  66. Dennis, J.B.; Priya, M.S.: Deep belief network and support vector machine fusion for distributed denial of service and economical denial of service attack detection in cloud. Concurr. Comput. Pract. Exp. (2021). https://doi.org/10.1002/cpe.6543

    Article  Google Scholar 

  67. Gohil, M.; Kumar, S.: Evaluation of classification algorithms for distributed denial of service attack detection. In: 2020 IEEE Third International Conference on Artificial Intelligence and Knowledge Engineering (AIKE). (2020) https://doi.org/10.1109/aike48582.2020.00028

  68. Kim, J.; Kim, J.; Kim, H., et al.: Cnn-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020). https://doi.org/10.3390/electronics9060916

    Article  MathSciNet  Google Scholar 

  69. Li, C.; Wu, Y.; Yuan, X., et al.: Detection and defense of ddos attack based on deep learning in openflow-based sdn. Int. J. Commun Syst (2018). https://doi.org/10.1002/dac.3497

    Article  Google Scholar 

  70. Sambangi, S.; Gondi, L.: A machine learning approach for ddos (distributed denial of service) attack detection using multiple linear regression. Proceedings 63(1), 51. (2020) https://doi.org/10.3390/proceedings2020063051

  71. Sumathi, S.; Karthikeyan, N.: Detection of distributed denial of service using deep learning neural network. J. Ambient. Intell. Humaniz. Comput. 12(6), 5943–5953 (2020). https://doi.org/10.1007/s12652-020-02144-2

    Article  Google Scholar 

  72. Velliangiri, S.; Selvam, R.: Investigation distributed denial of service attack classification using mlpnn-bp and mlpnn-lm. J. Comput. Theor. Nanosci. 15(9), 2764–2768 (2018). https://doi.org/10.1166/jctn.2018.7536

    Article  Google Scholar 

  73. Catak, F.O.; Mustacoglu, A.F.: Distributed denial of service attack detection using autoencoder and deep neural networks. J. Intell. Fuzzy Syst. 37(3), 3969–3979 (2019)

    Article  Google Scholar 

Download references

Acknowledgements

The authors would like to thank King Fahd University of Petroleum and Minerals for supporting this work.

Author information

Authors and Affiliations

  1. Department of Information and Computer Science, King Fahd University of Petroleum and Minerals, Dhahran, 31261, Saudi Arabia

    Mohammed Ayub, Omar Lajam, Abdullatif Alnajim & Mahmood Niazi

  2. Interdisciplinary Research Center for Intelligent Secure Systems, King Fahd University of Petroleum and Minerals, Dhahran, Saudi Arabia

    Mahmood Niazi

Authors
  1. Mohammed Ayub
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Omar Lajam
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Abdullatif Alnajim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mahmood Niazi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mahmood Niazi.

Ethics declarations

Conflict of interest

The authors emphasize that there is no competing interest to declare.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ayub, M., Lajam, O., Alnajim, A. et al. Use of Machine Learning for Web Denial-of-Service Attacks: A Multivocal Literature Review. Arab J Sci Eng 48, 9559–9574 (2023). https://doi.org/10.1007/s13369-022-07517-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13369-022-07517-7

Keywords

Search

Navigation