DETECTION AND ANALYSIS OF DDOS ATTACK AT APPLICATION LAYER USING NAÏVE BAYES CLASSIFIER

Most of the services provided through internet becomes vulnerable because of DDoS attacks. It is very difficult to detect these attacks at application layer because time to time these attacks change its characteristics to avoid detection using present DDoS attack detection techniques. So, it is compulsory to understand the characteristics of these attacks before mitigation. A NSDA (Network Security against DDoS Attack) model is proposed here which generates new features i.e. difference of two consecutive times of requests per IP address and Bpt denoting similarity and dissimilarity in byte size (BS) from the log file to efficiently detect these attacks at the application layer. In this model, preprocessing is performed using java programming and Weka 3.8 machine learning tool. Re-sampling method SMOTE (Synthetic Minority Oversampling Technique), RANDOMIZE, RESAMPLE of Weka is used to convert the main dataset into a training set, cross-validation set, and test set. A naive bayes classification in Weka 3.8 is for analyzing and detection of a DDoS attack. A website www.wielson.com is designed to collect pure data set of DDoS attacks so that good quality of analysis can be achieved. DDoS attack testing tool Zombies is used to perform HTTP attack.