According to the above diagram, first malicious traffic signatures should be obtained from the raw data and then added to the database. In order do this a dataset which is related to the NTP Amplification attack is used. Then by using the feature selection generation of the SDS will be done and afterwards the Machine Learning Algorithm is being trained. Then it is supplied to the system of traffic classification.
