Journal of the Korea Institute of Information and Communication Engineering (한국정보통신학회논문지)

The Korea Institute of Information and Commucation Engineering (한국정보통신학회)
권호 표지
DOI QR코드

DOI QR Code

DDoS traffic analysis using decision tree according by feature of traffic flow

트래픽 속성 개수를 고려한 의사 결정 트리 DDoS 기반 분석

  • Jin, Min-Woo (Department of Information & Communication Engineering Department, WonKwang University) ;
  • Youm, Sung-Kwan (Department of Information & Communication Engineering Department, WonKwang University)
  • Received : 2020.11.13
  • Accepted : 2020.12.16
  • Published : 2021.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

Internet access is also increasing as online activities increase due to the influence of Corona 19. However, network attacks are also diversifying by malicious users, and DDoS among the attacks are increasing year by year. These attacks are detected by intrusion detection systems and can be prevented at an early stage. Various data sets are used to verify intrusion detection algorithms, but in this paper, CICIDS2017, the latest traffic, is used. DDoS attack traffic was analyzed using the decision tree. In this paper, we analyzed the traffic by using the decision tree. Through the analysis, a decisive feature was found, and the accuracy of the decisive feature was confirmed by proceeding the decision tree to prove the accuracy of detection. And the contents of false positive and false negative traffic were analyzed. As a result, learning the feature and the two features showed that the accuracy was 98% and 99.8% respectively.

코로나19의 영향으로 온라인 활동이 늘어나면서 인터넷 접속량도 늘어나고 있다. 하지만 악의적인 사용자에 의해서 네트워크 공격도 다양해지고 있으며 그중에서 DDoS 공격은 해마다 증가하는 추세이다. 이러한 공격은 침입 탐지 시스템에 의해서 탐지되며 조기에 차단할 수 있다. 침입 탐지 알고리즘을 검증하기 위해 다양한 데이터 세트를 이용하고 있으나 본 논문에서는 최신 트래픽 데이터 세트인 CICIDS2017를 이용한다. 의사 결정 트리를 이용하여 DDoS 공격 트래픽을 분석하였다. 중요도가 높은 결정적인 속성(Feature)을 찾아서 해당 속성에 대해서만 의사 결정 트리를 진행하여 정확도를 확인하였다. 그리고 위양성 및 위음성 트래픽의 내용을 분석하였다. 그 결과 하나의 속성은 98%, 두 가지 속성은 99.8%의 정확도를 각각 나타냈다.

Keywords

References

  1. FotiGuard Labs. Global Threat Trend Report [Internet]. Available: https://www.fortinet.com/content/dam/fortinet/assets/threat-reports/ko_kr/threat-report-h1-2020-kr.pdf.
  2. KISA. Cyber Security Issue Report Q2 2020 [Internet]. Available: https://www.boho.or.kr/data/reportView.do?bulletin_writing_sequence=35506.
  3. H. J. Gil and S. H. Kim, "A Tree-based Intrusion Detection System (IDS) considering Data features," in Conference Proceeding of The Korean Operations Research and Management Science Society, Seoul: SU, pp. 605-608, Oct. 2009.
  4. I. Lee and S. Oh, "Optimization of Intrusion Detection Systems based on signature-based rules," Communications of the Korean Institute of Information Scientists and Engineers, vol. 33, no. 6, pp. 55-60, Jun. 2015.
  5. E. M. Yang and C. H. Seo, " A Study on Intrusion Detection in Network Intrusion Detection System using SVM," Journal of Digital Convergence, vol. 16, no. 5, pp. 399-406, May. 2018. https://doi.org/10.14400/JDC.2018.16.5.399
  6. I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, " Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization," In Proceeding of the 4th International Conference on Information Systems Security and Privacy, Funchal: FNC, pp. 108-116, Jan. 2018.
  7. S. H. Choi, M. H. Jang, and M. S. Kim, "A Study on AI algorithms to Improve Precision Rate in a Managed Security Service," The transactions of The Korean Institute of Electrical Engineers, vol. 69, no. 7, pp. 1046-1052, Jul. 2020. https://doi.org/10.5370/KIEE.2020.69.7.1046
  8. B. H. Menze, B. M. Kelm, R. Masuch, R. U. Himmelreich, P. Bachert, W. Petrich, and F. A. Hamprecht, "A comparison of random forest and its Gini importance with standard chemometric methods for the feature selection and classification of spectral data," BMC Bioinformat, vol. 10, no. 213, pp. 1-16, Jul. 2009. https://doi.org/10.1186/1471-2105-10-1
  9. G. Louppe, "Understanding random forests," Ph. D. dissertation, University of Liege, liege, Be, Jul. 2014.
  10. Intrusion Detection Evaluation Dataset (CIC-IDS2017) [Internet]. Available: https://www.unb.ca/cic/datasets/ids-2017.html.