Date of Conferral

2021

Degree

Doctor of Information Technology (D.I.T.)

School

Information Systems and Technology

Advisor

Jon McKeeby

Abstract

Distributed denial of service (DDoS) attack detection methods based on the clustering method are ineffective in detecting attacks correctly. Service interruptions caused by DDoS attacks impose concerns for IT leaders and their organizations, leading to financial damages. Grounded in the cross industry standard process for data mining framework, the purpose of this ex post facto study was to examine whether adding the filter and wrapper methods prior to the clustering method is effective in terms of lowering false positive rates of DDoS attack detection methods. The population of this study was 225,745 network traffic data records of the CICIDS2017 network traffic dataset. The 10-fold cross validation method was applied to identify effective DDoS attack detection methods. The results of the 10-fold cross validation method showed that in some instances, addition of the filter and wrapper methods prior to the clustering method was effective in terms of lowering false positive rates of DDoS attack detection methods; in some instances, it was not. A recommendation to IT leaders is to deploy the effective DDoS attack detection method that produced the lowest false positive rate of 0.013 in detecting attacks outside of demilitarized zones to identify attacks directly from the Internet. Implications for positive social change is potentially in enabling organizations to protect their systems and provide uninterrupted services to their communities with reduced financial damages.

Share

 
COinS