Sathish Kumar M, Praveena T


Internet is the global network that interconnects entities all over the world. This unparalleled network has occupied the mandatory part in the life of every individual. In recent days, due to the increase in the number of flow, the internet traffic is increased. The increasing traffic is flooding with the DDoS flows from multiple DDoS attackers. If DDoS flow traffic enters the internet, then there will be a drastic increase in the utilization of resources. Due to this, the legitimate traffic will not get proper service. In order to address the above issues, this paper has proposed an approach that classifies the internet traffic as Normal traffic flow or DDoS traffic flow. A huge volume of traffic flows is analyzed in this paper and the results are presented. The MapReduce is implemented for the classification as it accurately maps the flow features and reduces them into the appropriate traffic type. The incoming traffic is classified into one of the three categories as Web Traffic, DDoS Traffic (Heavy User) or DDoS Traffic (Spoofed IP). The main objective of this paper is to classify structured as well as unstructured data of IP, TCP, HTTP and NetFlow analysis. The experimental observations were carried out in the Hadoop 2.7.2 environment. The dataset is obtained from Wireshark, which consists of traffic flow based on latest traffic pattern. Hadoop Distributed File System (HDFS) and MapReduce components of Hadoop are used under the metrics as Work Completion Time, Throughput and Accuracy.


DDoS Traffic, Hadoop, Internet Traffic, MapReduce, Spoofed IP

Full Text:



