Distributed Denial of Service (DDoS) attacks on web-based applications are on the rise, which can cause services to become unstable and even inaccessible. Even though each attack has a specific flow of execution, detecting DDoS attacks has always been challenging for network security specialists and tools due to the numerous nodes involved in the attacks. This paper presents an integrated approach that augments a Machine Learning (ML) based technique with model-based formal analysis to enhance DDoS attack detection in web-based applications. ML-based detection uses the famous CIC-DDoS2019 dataset, and the formal analysis relies on models inferred from the execution log files of the application on the HTTP level. We implement the proposed approach into a system that integrates the Wireshark [1] packet analyzer to monitor network traffic generated from the application, the Weka [2] toolset to run the ML detection model that is trained on the CIC-DDoS2019 dataset, and the model checker Spin [3] to conduct formal model analysis, which includes exhaustive simulation and property verification on the inferred PROMELA models. Our proposed system allows users to analyze any valid centralized web-based application, test its vulnerability to DDoS attacks, and point out which page of the application is the target of a potential attack.

Author: Shaikha Al Ali, Ghina Hallal, Hicham H. Hallal

Published in: International Conference for Internet Technology and Secured Transactions (ICITST-2024)

• Date of Conference: 4-6 November 2024
• DOI: 10.20533/ICITST.2024.0021
• ISBN: 978-1-913572-76-1
• Conference Location: St Anne’s College, Oxford University, UK