Abstract
Denial-of-service (DoS) attacks conducted on online systems cause the targeted resources to become inoperative. This is caused by the abnormal traffic intentionally directed toward the system resources by the attacker(s). Several techniques can be used to detect and mitigate such attacks, and machine learning (ML) is one of them. Herein, the literature on ML techniques used to address DDoS attacks is systematically reviewed. Five search engines are used to identify relevant studies, the results are filtered based on specific selection criteria, and 48 studies are shortlisted and analyzed. Considerable variations are observed in the literature with respect to the datasets used for training ML models, with more than 20 datasets being used. To conduct performance evaluations, most studies have employed the accuracy metric. More than 30 modeling algorithms have been used to build the ML models. The outcomes of this review reveal the state of the literature and the manner in which the problem of DDoS attacks has been dealt with. Our results can guide future studies toward more constructive methods than the existing ones to address this problem.
Similar content being viewed by others
References
Apruzzese, G.; Colajanni M.; Ferretti L.; et al.: On the effectiveness of machine and deep learning for cyber security. In: 2018 10th International Conference on Cyber Conflict (CyCon), IEEE, pp 371–390 (2018)
Ford, V.; Siraj, A.: Applications of machine learning in cyber security. In: Proceedings of the 27th International Conference on Computer Applications in Industry and Engineering, IEEE Xplore Kota Kinabalu (2014)
Gupta, B.B.; Sheng, Q.Z.: Machine Learning for Computer and Cyber Security: Principle, Algorithms, and Practices. CRC Press (2019)
Rege, M.; Mbah, R.B.K.: Machine learning for cyber defense and attack. Data Anal. 2018, 83 (2018)
Towardsdatascience (2021) Artificial intelligence vs. machine learning vs. deep learning. URL https://towardsdatascience.com/artificial-intelligence-vs-machine-learning-vs-deep-learning-2210ba8cc4ac2. Accessed 23 Oct 2021
Vollmer, M.: How to make it simple to explain ai, ml, dl together with data science, data analysis & analytics and data mining? (2021) https://medium.com/@marcellvollmer/how-to-make-it-simple-to-explain-ai-ml-dl-together-with-data-science-data-analysis. Accessed 23 Oct 2021
ÖzgürGenc: Notes on artificial intelligence, machine learning and deep learning for curious people. (2021) https://towardsdatascience.com/. Accessed 23 Oct 20212
Hermit-notebook: Taxonomy of machine learning. (2021) https://hermit-notebook.site/en/notebook/computer-sciences/artificial-intelligence/machine-learning/taxonomy-of-machine-learning/. Accessed 23 Oct 2021
Denning, D.E.: An intrusion-detection model. IEEE Trans. Softw. Eng. 2, 222–232 (1987)
Ayub, M.; El-Alfy, E.S.M.: Urlcam: Toolkit for malicious url analysis and modeling. J. Intell. Fuzzy Syst. pp 1–15 (2020)
Polyakov, A.: Machine learning for cybersecurity 101. (2021) https://towardsdatascience.com/machine-learning-for-cybersecurity-101-7822b802790b, Accessed 23 Oct 2021
Carpenter, P.: Using the predict, prevent, detect, respond framework to communicate your security program strategy. (2006) https://www.gartner.com/en/documents/3286317/using-the-predict-prevent-detect-respond-framework-to-co. Accessed 20 Feb 2022
Handa, A.; Sharma, A.; Shukla, S.K.: Machine learning in cybersecurity: a review. Data Mining Knowl. Discov. 9(4), e1306 (2019)
Shaukat, K.; Luo, S.; Varadharajan, V., et al.: A survey on machine learning techniques for cyber security in the last decade. IEEE Access 8, 222310–222354 (2020)
Chen, Z.: Deep learning for cybersecurity: a review. In: 2020 International Conference on Computing and Data Science (CDS). (2020) https://doi.org/10.1109/cds49703.2020.00009
Tripathi, N.; Hubballi, N.: Application layer denial-of-service attacks and defense mechanisms: a survey. ACM Comput. Surv. 54(4), 1–33 (2021)
Praseed, A.; Thilagam, P.S.: Ddos attacks at the application layer: challenges and research perspectives for safeguarding web applications. IEEE Commun. Surv. Tutor. 21(1), 661–685 (2018)
Odusami, M.; Misra, S.; Abayomi-Alli, O., et al.: A survey and meta-analysis of application-layer distributed denial-of-service attack. Int. J. Commun Syst 33(18), e4603 (2020)
Masdari, M.; Jalali, M.: A survey and taxonomy of dos attacks in cloud computing. Secur. Commun. Netw. 9(16), 3724–3751 (2016)
Zargar, S.T.; Joshi, J.; Tipper, D.: A survey of defense mechanisms against distributed denial of service (ddos) flooding attacks. IEEE Commun. Surv. Tutor. 15(4), 2046–2069 (2013)
Bhardwaj, A.; Mangat, V.; Vig, R., et al.: Distributed denial of service attacks in cloud: state-of-the-art of scientific and commercial solutions. Comput. Sci. Rev. 39(100), 332 (2021)
Khalaf, B.A.; Mostafa, S.A.; Mustapha, A., et al.: Comprehensive review of artificial intelligence and statistical approaches in distributed denial of service attack and defense methods. IEEE Access 7, 51691–51713 (2019)
Paffenroth, R.C.; Zhou, C.: Modern machine learning for cyber-defense and distributed denial-of-service attacks. IEEE Eng. Manage. Rev. 47(4), 80–85 (2019)
Arshi, M.; Nasreen, M.; Madhavi, K.: A survey of ddos attacks using machine learning techniques. In: E3S Web of Conferences, EDP Sciences (2020)
Aamir, M.; Zaidi, S.M.A.: Clustering based semi-supervised machine learning for ddos attack classification. J. King Saud Univ. Comput. Inf. Sci. 33(4), 436–446 (2021)
Akanji, O.S.; Abisoye, O.A.; Iliyasu, M.A.: Mitigating slow hypertext transfer protocol distributed denial of service attacks in software defined networks. J. Inf. Commun. Technol. 20(3), 277–304 (2021)
Aljumah, A.: Securing modern web services from distributed denial of service using svm. IJCSNS Int. J. Comput. Sci. Netw. Secur. 17(10), 23–31 (2017)
Alkasassbeh, M.; Al-Naymat, G.; Hassanat, A., et al.: Detecting distributed denial of service attacks using data mining techniques. Int. J. Adv. Comput. Sci. Appl. 7(1), 436–445 (2016)
Chen, J.; Yang, Y.; Hu, K.; et al.: Dad-mcnn: Ddos attack detection via multi-channel CNN. In: Proceedings of the 2019 11th International Conference on Machine Learning and Computing, pp 484–488 (2019)
Garcia, N.; Alcaniz, T.; González-Vidal, A., et al.: Distributed realtime slowdos attacks detection over encrypted traffic using artificial intelligence. J. Netw. Comput. Appl. 173(102), 871 (2021)
Ghourabi, A.; Abbes, T.; Bouhoula, A.: Characterization of attacks collected from the deployment of web service honeypot. Secur. Commun. Netw. 7(2), 338–351 (2014)
Gormez, Y.; Aydin, Z.; Karademir, R., et al.: A deep learning approach with bayesian optimization and ensemble classifiers for detecting denial of service attacks. Int. J. Commun Syst 33(11), e4401 (2020)
Johnson Singh, K.; Thongam, K.; De, T.: Entropy-based application layer ddos attack detection using artificial neural networks. Entropy 18(10), 350 (2016)
Muraleedharan, N.; Janet, B.: A deep learning based http slow dos classification approach using flow data. ICT Exp. 7(2), 210–214 (2021)
Prasad, K.M.; Reddy, A.R.M.; Rao, K.V.G.: An experiential metrics-based machine learning approach for anomaly based real time prevention (artp) of app-ddos attacks on web. In: Artificial Intelligence and Evolutionary Computations in Engineering Systems. Springer, pp. 99–112 (2018)
Rahman, R.; Tomar, D.; Jijin, A.: Application layer ddos attack detection using hybrid machine learning approach. Int. J. Secur. Appl. 11, 85–96 (2017)
Sangodoyin, A.O.; Akinsolu, M.O.; Pillai, P., et al.: Detection and classification of ddos flooding attacks on software-defined networks: a case study for the application of machine learning. IEEE Access 9, 122495–122508 (2021)
Vedula, V.; Lama, P.; Boppana, R.V., et al.: On the detection of low-rate denial of service attacks at transport and application layers. Electronics 10(17), 2105 (2021)
Velliangiri, S.; Premalatha, J.: Tree based classifiers for distributed denial of service attack classification in biotech and science as a service. In: International Conference on Emerging Multidisciplinary Research and Computational Intelligence-ICEMRCI, p 162 (2016)
Veluchamy, S.; Kathavarayan, R.: Deep reinforcement learning for building honeypots against runtime dos attack (2021)
Xu, C.; Shen, J.; Du, X.: Low-rate dos attack detection method based on hybrid deep neural networks. J. Inf. Secur. Appl. 60(102), 879 (2021)
Amruta, M.; Talhar, N.: Effective denial of service attack detection using artificial neural network for wired lan. In: 2016 International Conference on Signal Processing, Communication, Power and Embedded System (SCOPES) (2016) https://doi.org/10.1109/scopes.2016.7955826
Baskaya, D.; Samet, R.: Ddos attacks detection by using machine learning methods on online systems. In: 2020 5th International Conference on Computer Science and Engineering (UBMK) (2020) https://doi.org/10.1109/ubmk50275.2020.9219476
Ghanbari, M.; Kinsner, W.; Ferens, K.: Detecting a distributed denial of service attack using a pre-processed convolutional neural network. In: 2017 IEEE Electrical Power and Energy Conference (EPEC). (2017) https://doi.org/10.1109/epec.2017.8286243
Hakak, R.; Ahmad, M.: Automatic defense against distributed denial of service using anomaly based method in machine learning. 2021 Third International Conference on Intelligent Communication Technologies and Virtual Mobile Networks (ICICV) (2021) https://doi.org/10.1109/icicv50876.2021.9388548
Kachavimath, A.V.; Nazare, S.V.; Akki, S.S.: Distributed denial of service attack detection using naïve bayes and k-nearest neighbor for network forensics. In: 2020 2nd International Conference on Innovative Mechanisms for Industry Applications (ICIMIA) (2020) https://doi.org/10.1109/icimia48430.2020.9074929
Kemp, C.; Calvert, C.; Khoshgoftaar, T.M.: Detecting slow application layer dos attacks with pca. 2021 IEEE 22nd International Conference on Information Reuse and Integration for Data Science (IRI). (2021) https://doi.org/10.1109/iri51335.2021.00030
Kumar, S.; Bhatia, A.: Detecting domain generation algorithms to prevent ddos attacks using deep learning. 2019 IEEE International Conference on Advanced Networks and Telecommunications Systems (ANTS). (2019) https://doi.org/10.1109/ants47819.2019.9118156
Maslan, A.; Mohammad, K.M.; Foozy, F.B.M.; et al.: Ddos detection on network protocol using neural network with feature extract optimization. 2019 2nd International Conference on Applied Information Technology and Innovation (ICAITI). (2019) https://doi.org/10.1109/icaiti48442.2019.8982136
Mendonca, R.V.; Teodoro, A.A.M.; Rosa, R.L., et al.: Intrusion detection system based on fast hierarchical deep convolutional neural network. IEEE Access 9, 61024–61034 (2021). https://doi.org/10.1109/access.2021.3074664
Mishra, S.; Yadav, A.; Kumar, A.; et al.: Intrusion detection using convolutional neural networks with feature reduction. In: 2021 9th International Conference on Cyber and IT Service Management (CITSM). (2021) https://doi.org/10.1109/citsm52892.2021.9588921
Nayyar, S.; Arora, S.; Singh, M.: Recurrent neural network based intrusion detection system. In: 2020 International Conference on Communication and Signal Processing (ICCSP). (2020) https://doi.org/10.1109/iccsp48568.2020.9182099
Ndibwile, J.D.; Govardhan, A.; Okada, K.; et al.: Web server protection against application layer ddos attacks using machine learning and traffic authentication. In: 2015 IEEE 39th Annual Computer Software and Applications Conference. (2015) https://doi.org/10.1109/compsac.2015.240
Ribeiro, A.D.R.L.; Santos, R.Y.C.; Nascimento, A.C.A.: Anomaly detection technique for intrusion detection in sdn environment using continuous data stream machine learning algorithms. In: 2021 IEEE International Systems Conference (SysCon). (2021) https://doi.org/10.1109/syscon48628.2021.9447092
Ruiz, N.; Tavera, B.; Abuzneid, A.S.: Intrusion detection system: The use of neural network packet classification. In: 2020 International Conference on Computational Science and Computational Intelligence (CSCI). (2020) https://doi.org/10.1109/csci51800.2020.00239
Sahoo, K.S.; Iqbal, A.; Maiti, P.; et al.: A machine learning approach for predicting ddos traffic in software defined networks. In: 2018 International Conference on Information Technology (ICIT). (2018) https://doi.org/10.1109/icit.2018.00049
Saleem, S.; Sheeraz, M.; Hanif, M.; et al.: Web server attack detection using machine learning. In: 2020 International Conference on Cyber Warfare and Security (ICCWS). (2020) https://doi.org/10.1109/iccws48432.2020.9292393
Shinde, P.J.; Chatterjee, M.: A novel approach for classification and detection of dos attacks. In: 2018 International Conference on Smart City and Emerging Technology (ICSCET). (2018) https://doi.org/10.1109/icscet.2018.8537341
Ugwu, C.C.; Obe, O.O.; Popoqla, O.S.; et al.: A distributed denial of service attack detection system using long short term memory with singular value decomposition. In: 2020 IEEE 2nd International Conference on Cyberspac (CYBER NIGERIA). (2021) https://doi.org/10.1109/cybernigeria51635.2021.9428870
Umar, R.; Olalere, M.; Idris, I.; et al.: Performance evaluation of machine learning algorithms for hypertext transfer protocol distributed denial of service intrusion detection. In: 2019 15th International Conference on Electronics, Computer and Computation (ICECCO). (2019) https://doi.org/10.1109/icecco48375.2019.9043262
Yadav, S.; Subramanian, S.: Detection of application layer ddos attack by feature learning using stacked autoencoder. In: 2016 International Conference on Computational Techniques in Information and Communication Technologies (ICCTICT). (2016) https://doi.org/10.1109/icctict.2016.7514608
Yan, J.; Yun, X.; Zhang, P.; et al.: A new weighted ensemble model for detecting dos attack streams. In: 2010 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology. (2010) https://doi.org/10.1109/wi-iat.2010.264
Muraleedharan, N.; Janet, B.: Flow-based machine learning approach for slow http distributed denial of service attack classification. Int. J. Comput. Sci. Eng. 24(2), 147–161 (2021)
Muraleedharan, N.; Janet, B.: Scaffy: a slow denial-of-service attack classification model using flow data. Int. J. Inf. Secur. Priv. 15(3), 106–128 (2021)
Swami, R.; Dave, M.; Ranga, V.: Voting-based intrusion detection framework for securing software-defined networks. Concurr. Comput. Pract. Exp. 32(24), e5927 (2020)
Dennis, J.B.; Priya, M.S.: Deep belief network and support vector machine fusion for distributed denial of service and economical denial of service attack detection in cloud. Concurr. Comput. Pract. Exp. (2021). https://doi.org/10.1002/cpe.6543
Gohil, M.; Kumar, S.: Evaluation of classification algorithms for distributed denial of service attack detection. In: 2020 IEEE Third International Conference on Artificial Intelligence and Knowledge Engineering (AIKE). (2020) https://doi.org/10.1109/aike48582.2020.00028
Kim, J.; Kim, J.; Kim, H., et al.: Cnn-based network intrusion detection against denial-of-service attacks. Electronics 9(6), 916 (2020). https://doi.org/10.3390/electronics9060916
Li, C.; Wu, Y.; Yuan, X., et al.: Detection and defense of ddos attack based on deep learning in openflow-based sdn. Int. J. Commun Syst (2018). https://doi.org/10.1002/dac.3497
Sambangi, S.; Gondi, L.: A machine learning approach for ddos (distributed denial of service) attack detection using multiple linear regression. Proceedings 63(1), 51. (2020) https://doi.org/10.3390/proceedings2020063051
Sumathi, S.; Karthikeyan, N.: Detection of distributed denial of service using deep learning neural network. J. Ambient. Intell. Humaniz. Comput. 12(6), 5943–5953 (2020). https://doi.org/10.1007/s12652-020-02144-2
Velliangiri, S.; Selvam, R.: Investigation distributed denial of service attack classification using mlpnn-bp and mlpnn-lm. J. Comput. Theor. Nanosci. 15(9), 2764–2768 (2018). https://doi.org/10.1166/jctn.2018.7536
Catak, F.O.; Mustacoglu, A.F.: Distributed denial of service attack detection using autoencoder and deep neural networks. J. Intell. Fuzzy Syst. 37(3), 3969–3979 (2019)
Acknowledgements
The authors would like to thank King Fahd University of Petroleum and Minerals for supporting this work.
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors emphasize that there is no competing interest to declare.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Ayub, M., Lajam, O., Alnajim, A. et al. Use of Machine Learning for Web Denial-of-Service Attacks: A Multivocal Literature Review. Arab J Sci Eng 48, 9559–9574 (2023). https://doi.org/10.1007/s13369-022-07517-7
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13369-022-07517-7