- Organization
- Universidad del Norte
- Type
- Academic Sector
- Years
- 2024
- Countries
- Colombia
Distributed denial of service (DDoS) is a frequent threat to computer networks due to its disruption of the services they offer. This disruption results in network instability and/or inoperability. There are different types of DDoS attacks, each with a different mode of operation, so that their detection has become a difficult task for network monitoring and control systems.
The joint stacking of Machine Learning (ML) models consists of establishing a two-layer architecture, where layer 0 (base models) consists of two or more different learning algorithms that are trained with the same data set, and layer 1 (metamodel), which is trained in the best way from the predictions of the base models to establish the final prediction.
This work is based on the exploration and selection of a data set that represents DDoS attack events and carrying out its treatment in a pre-processing phase, resulting in the training, validation and test data sets. Subsequently, in layer 0, a set of ML models will be instantiated to be trained. Once trained, predictions are made on the validation set. Finally, the base models make predictions on the test data set. These predictions feed the metamodel to make the final predictions and, consequently, obtain the metrics of the joint stacked model, such as accuracy, precision, recall, F1 score, confusion matrix, and ROC-AUC, among others. Throughout the training of the models, different configurations will be tested and the hyper-parameters that present a better result based on the proposed metrics will be chosen.
