Using Machine Learning to Detect Malicious DDoS Attack Traffic

Started Aug. 3, 2021

Abstract or project description

(Included in notebook as well) When we open a web page, play an online game, or watch a video online, we send and receive data. This data can be separated into two main categories: benign and malicious. Benign traffic is your everyday "regular" traffic where the data you send and receive are expected by the service you are using. In other words, everything you're telling the service is normal and you're just trying to use it normally. Malicious traffic is when someone sends unexpected data that the server was never designed to handle with the intention of negatively impacting the server. This can include slowdowns or even full outages of a service. My project focuses on DDoS attacks.

A DDoS attack is short for a Distributed Denial of Service attack. It involves a third party flooding a host with malicious requests with the intention of slowing down or even halting operations. This can result in anything from minor dips in server performance to a complete outage of a service. DDoS attacks work by using up system resources. For example, a server's CPU may be forced to spend most of its cycles performing operations on garbage data sent by a DDoS botnet rather than handling legitimate requests from actual people.

If DDoS traffic is detected and dropped before it can be fully processed, the vast majority of the attack's effect will be mitigated and users may not even notice a difference. We approached this by using machine learning. By using CatBoost, we were able to accurately and efficiently detect malicious traffic. (Note - the zip I'm sending is just the final product, please let me know if I should submit additional resources)