LDAP DDoS attack detection using SVM with different kernel functions.

Distributed Denial of Service (DDoS) is one of the key cyber-attack nowadays. DDoS attacks disrupt the target systems to unavailable to the legitimate users. Lightweight Directory Access Protocol (LDAP) is a reflection DDoS attack, it makes target server inaccessible to the legitimate users by sending large number of LDAP requests to the target server. Inaccessibility of digital service creates many negative consequences nowadays because everything is digitalized these days. Attack detection is very essential to reduce losses in all aspects. This study proposed detection of LDAP DDoS using Support Vector Machine (SVM) classifier linear, sigmoid, RBF and poly kernels using network flow features. The LDAP_DrDoS dataset was used in this study to conduct experiments on it, which was collected from the CIC-DDoS2019 evolution datasets. This study evaluates the proposed model with four different uncorrelated features subsets. Among these four subsets, three are collected by Pearson, Kendall and Spearman correlation methods and fourth one which is called PSK formed with common features of three uncorrelated features subsets. Classification results are evaluated with accuracy, log-loss value, ROC-AUC score and K-fold cross validation evaluation metrics. Among kernel functions, poly and RBF kernel functions give better results for LDAP DDoS attack detection. Among feature subsets, Pearson produce the better classification results. Overall, The SVM poly kernel is most effective in detecting LDAP DDoS attacks with Pearson features subsets. [ABSTRACT FROM AUTHOR]