It first identifies if the traffic is normal or an attack, if it is an attack, it identifies if it is part of a high rate or low rate DDoS attack. The system can be configured to provide the specific attack name.
Normal, high rate, and low rate data whose features were extracted using KDD99 Feature extractor
Classification
- J48
- IBk
- Naive Bayes
- Random Forest
- SMO
- None (baseline)
- Information gain
- Attribute correlation
- J48 wrapper
- Naive Bayes wrapper
- Mysql
A trained model
Probability of being in a certain class as well as the IP addresses involved in the flow