avatar
Nanda Kishore Rao
Previous
All Case Studies
Next
Data Science

DDoS Attack Detection

Building machine learning models for early detection of DDoS attacks using time series classification

Machine LearningClassificationPredictive ModelingTime SeriesDimensionality ReductionFeature EngineeringPythonScikit-learnMatplotlib

Problem Statement

A Russian entrepreneur was looking for a way to detect DDoS attacks using machine learning. A labeled dataset of time series of pings from hundreds of IPs was available and it was required to develop an approach to detect malicious IPs.

Challenges

  • Unlike typical supervised classification where it is required to assign a label to each record, in this task it was required to assign labels to each time instant of each time series.
  • Addressing class imbalance since number of DDoS attack time instants were far fewer than non-DDoS time instants.

Solution

Summary

I designed a time series classification approach to achieve good detection accuracy. The approach involved converting the time series data into a featurized dataset of statistical measures and using supervised ML classifiers on the featurized data. This way, new predictions could be made each second on each IP, thus improving reliability of the attack detection system.

Approach

  • Considering only DDoS IPs and using patterns during attack instants to perform classification
  • Creating featurized dataset by computing time series features like min, max, median, quantiles, % change before, during and after attack, etc.
  • Splitting the dataset into training and detection while addressing class imbalance through random oversampling
  • Dimensionality reduction of the features using PCA to reduce overfitting
  • Training a classifier on lower dimensional data - Support Vector classifier worked best
  • Using the classifier to make predictions and then augmenting the predictions with a rule based approach to improve detection accuracy.
  • Evaluating performance using precision, recall and accuracy

Results

Using my approach, detection accuracy increased for longer time series data. Therefore, longer the malicious IP attacked, greater was the chance that it would be detected

Model Recall by Time Series Length

Model Recall by Time Series Length

Model Accuracy by Time Series Length

Model Accuracy by Time Series Length

Have a similar challenge?

Let's discuss how we can develop solutions for your specific use case.

More Case Studies

Data Science

Loan Delinquency Prediction

Prediction of charge-off and customer delinquency for a micro-finance company

View Case Study
Generative AI

Managed AI Chat Assistant

SaaS platform that enables users to seamlessly create a conversational AI assistant based on their content

View Case Study
Generative AI

Managed AI Search Product

SaaS platform that enables users to seamlessly integrate semantic AI search on their platform

View Case Study
Business Analytics

Financials Data Analytics Pipeline

Periodic gathering of newly reported financials data and computation of fundamental ratios

View Case Study
Data Science

RFM Segmentation of Customers

Behavioral segmentation of customers of an online casino to tailor marketing efforts

View Case Study
Business Analytics

Epidemiology Forecasting

Forecasting the available patient population of a disease area using a natural history model

View Case Study
Algorithmic Trading

Crypto Options Strategies Backtesting

Evaluating and optimizing options strategies for a crypto hedge fund trading on Derebit

View Case Study
Algorithmic Trading

NSE Options Screener

Screener to filter stocks based on their options market dynamics

View Case Study
Algorithmic Trading

Iron Condor Trading Bot

Trading Bot designed to schedule and execute SPX iron condor trades on Interactive Brokers

View Case Study
Data Science

Customer Behavioral Segmentation

Behavioral segmentation of retail customers aimed at improving response to price promotions

View Case Study
Algorithmic Trading

Short Strangle Trading Bot

Trading Bot designed for scalping 0DTE SPX short strangles on TastyTrade

View Case Study
Algorithmic Trading

Solana DEX Screener

Screener for early identification of Solana tokens that are pumping

View Case Study
Data Science

Dealer Churn Prediction

Strategizing retention improvement by estimating each subscribed dealer's propensity to churn

View Case Study
Algorithmic Trading

Automated TP/SL Management

Trading Bot to automatically manage staggered stop loss and take profit orders on Zerodha

View Case Study
Business Analytics

Trading Journal Application

A web application that allows traders to log and analyze their trades over time

View Case Study
Algorithmic Trading

Crypto Futures-Spot Arbitrage Trading Bot

Capitalizing on large disparities in futures and spot prices of crypto tokens trading on ByBit

View Case Study
Business Analytics

Player Odds API for Online Casino

Dynamic computation of player odds for numerous casino games using Monte Carlo simulation

View Case Study
Data Science

Driver Behavioral Segmentation

Behavioral segmentation of drivers for a ride-hailing platform aimed at reducing incentive burn

View Case Study
Business Analytics

Ads Performance Analytics

Analysis of the performance of Facebook ads aimed at understanding root cause of trends

View Case Study
Data Science

Econometric Forecasting

Using regression and classification techniques to forecast macroeconomic indicators

View Case Study
Business Analytics

Live Options OI Tracker

Excel-based tool for tracking and analysis of OI changes in options that trade on NSE

View Case Study
DDoS Attack Detection | Case Study