Abstract
The hacker attempts distributed denial of service (DDoS) attacks towards network resources to disturb or deny services. The hacker degrades the quality of service to legitimate users by performing reflection and exploitation based DDoS attacks with a trusted third party server that hides information of the attacker. It is, therefore, necessary to propose an intelligent intrusion detection system to detect reflection and exploitation based DDoS attacks efficiently and effectively. The present study proposes a feature reduction method by the combination of information gain (IG) and correlation (CR) feature selection techniques. This study presents a DDoS attack detection framework to detect reflection and exploitation based DDoS attacks in an efficient manner. The framework is tested on the latest DDoS evaluation (CICDDoS2019) dataset with J48 classifier. The feature reduction method obtains minimum and maximum reduction by 56 and 82.92% respectively, of the original features. The experimentation results show that the proposed framework outperforms using a reduced features subset. The validation of the proposed framework on knowledge discovery and data mining (KDD Cup 1999) dataset provides improvement in performance for binary and multi-level classification using feature reduction by 60.97% of the original features. The proposed feature reduction method is also compared to the relevant existing feature selection methods used for intrusion detection on CICDoS 2019 and KDD Cup 1999 datasets.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Aamir M, Zaidi SMA (2019) Clustering based semi-supervised machine learning for DDoS attack classification. J King Saud Univ Comput Inf Sci
Abdulrahman AA, Ibrahem MK (2018) Evaluation of DDoS attacks detection in a new intrusion dataset based on classification algorithms. Iraqi J Inf Commun Technol 1(3):49–55
Agrawal N, Tapaswi S (2020) Detection of low-rate cloud DDoS attacks in frequency domain using fast hartley transform. Wirel Pers Commun 112(1735–1762):1–28
Akamai (2016) Internet of things and the rise of 300 gbps DDoS attacks. https://www.akamai.com/us/en/multimedia/documents/social/q4-state-of-the-internet-security-spotlight-iot-rise-of-300-gbp-ddos-attacks.pdf
Aksu D, Üstebay S, Aydin MA, Atmaca T (2018) Intrusion detection with comparative analysis of supervised learning techniques and fisher score feature selection algorithm. In: International symposium on computer and information sciences. Springer, pp 141–149
Balkanli E, Zincir-Heywood AN, Heywood MI (2015) Feature selection for robust backscatter ddos detection. In: 2015 IEEE 40th local computer networks conference workshops (LCN Workshops). IEEE, pp 611–618
Barati M, Abdullah A, Udzir NI, Mahmod R, Mustapha N (2014) Distributed denial of service detection using hybrid machine learning technique. In: 2014 International symposium on biometrics and security technologies (ISBAST). IEEE, pp 268–273
Bharot N, Verma P, Sharma S, Suraparaju V (2018) Distributed denial-of-service attack detection and mitigation using feature selection and intensive care request processing unit. Arab J Sci Eng 43(2):959–967
Bindra N, Sood M (2019) Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset. Autom Control Comput Sci 53(5):419–428
Bulletproof (2019) Annual cyber security report 2019. https://www.bulletproof.co.uk/industry-reports/2019.pdf
David J, Thomas C (2019) Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput Secur 82:284–295
Devi P, Kannammal A (2016) An integrated intelligent paradigm to detect DDoS attack in mobile ad hoc networks. Int J Embed Syst 8(1):69–77
Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102419
Gu Y, Li K, Guo Z, Wang Y (2019) Semi-supervised k-means DDoS detection method using hybrid feature selection algorithm. IEEE Access 7:64351–64365
Hezavehi SM, Rahmani R (2020) An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments. Clust Comput 23:2609–2627
Hosseini S, Azizi M (2019) The hybrid technique for DDoS detection with supervised learning algorithms. Comput Netw 158:35–45
Hosseini S, Seilani H (2019) Anomaly process detection using negative selection algorithm and classification techniques. Evolv Syst 1–10
Idhammad M, Afdel K, Belouch M (2018) Distributed intrusion detection system for cloud environments based on data mining techniques. Procedia Comput Sci 127:35–41
Kim J, Shin Y, Choi E et al (2019) An intrusion detection model based on a convolutional neural network. J Multimedia Inf Syst 6(4):165–172
Manzoor I, Kumar N et al (2017) A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl 88:249–257
Mayuranathan M, Murugan M, Dhanakoti V (2019) Best features based intrusion detection system by RBM model for detecting DDoS in cloud environment. J Ambient Intell Humaniz Comput 1–11
Niyaz Q, Sun W, Javaid AY (2016) A deep learning based ddos detection system in software-defined networking (sdn). arXiv preprint arXiv:161107400
NSFOCUS (2018) 2017 ddos and web application attack landscape. https://nsfocusglobal.com/2017-ddos-and-web-application-attack-landscape/
Obaid HS, Abeed EH (2020) Dos and DDoS attacks at OSI layers. Int J Multidiscip Res Publ 2(8):1–9
Osanaiye O, Cai H, Choo KKR, Dehghantanha A, Xu Z, Dlodlo M (2016) Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J Wirel Commun Netw 2016(1):130
Patil R, Dudeja H, Gawade S, Modi C (2018) Protocol specific multi-threaded network intrusion detection system (pm-nids) for dos/ddos attack detection in cloud. In: 2018 9th International conference on computing, communication and networking technologies (ICCCNT). IEEE, pp 1–7
Polat H, Polat O, Cetin A (2020) Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3):1035
Prasad M, Tripathi S, Dahal K (2020) An efficient feature selection based Bayesian and rough set approach for intrusion detection. Appl Soft Comput 87:105980
Prathyusha DJ, Kannayaram G (2020) A cognitive mechanism for mitigating DDoS attacks using the artificial immune system in a cloud environment. Evolut Intell 1–12
Procopiou A, Komninos N, Douligeris C (2019) Forchaos: real time application DDoS detection using forecasting and chaos theory in smart home iot network. Wirel Commun Mob Comput 2019:1–14
Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 DDoS flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):244–255
Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393
Selvakumar K, Karuppiah M, SaiRamesh L, Islam SH, Hassan MM, Fortino G, Choo KKR (2019) Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNs. Inf Sci 497:77–90
Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In: 2019 International carnahan conference on security technology (ICCST). IEEE, pp 1–8
Shin D (2018) How to defend against amplified reflection DDoS attacks. https://www.a10networks.com/blog/how-defend-against-amplified-reflection-ddos-attacks/. Accessed 16 July 2018
Shreevyas HM, Kumar S, Sonone S (2019) False positive reduction in DDoS attack classification using ann simulation. Network 92:7
Sreeram I, Vuppala VPK (2019) Http flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl Comput Inform 15(1):59–66
Suresh M, Anitha R (2011) Evaluating machine learning algorithms for detecting ddos attacks. In: International conference on network security and applications. Springer, pp 441–452
Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J (2014) Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comput 64(9):2519–2533
Verma P, Tapaswi S, Godfrey WW (2020) An adaptive threshold-based attribute selection to classify requests under DDoS attack in cloud-based systems. Arab J Sci Eng 45(4):2813–2834
Wang C, Yao H, Liu Z (2019) An efficient DDoS detection based on SU-genetic feature selection. Clust Comput 22(1):2505–2515
Wang M, Lu Y, Qin J (2020) A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur 88:101645
Wei W, Ke Q, Nowak J, Korytkowski M, Scherer R, Woźniak M (2020) Accurate and fast url phishing detector: a convolutional neural network approach. Comput Netw 178:107275
Wozniak M, Silka J, Wieczorek M, Alrashoud M (2020) Recurrent neural network model for IoT and networking malware threads detection. IEEE Trans Ind Inform 14(8):1–11
Yusof AR, Udzir NI, Selamat A, Hamdan H, Abdullah MT (2017) Adaptive feature selection for denial of services (dos) attack. In: 2017 IEEE conference on application, information and network security (AINS). IEEE, pp 81–84
Zhao F, Zhao J, Niu X, Luo S, Xin Y (2018) A filter feature selection algorithm based on mutual information for intrusion detection. Appl Sci 8(9):1535
Zhao T, Lo DCT, Qian K (2015) A neural-network based DDoS detection system using Hadoop and HBase. In: 2015 IEEE 17th international conference on high performance computing and communications, 2015 IEEE 7th international symposium on cyberspace safety and security, and 2015 IEEE 12th international conference on embedded software and systems. IEEE, New York, pp 1326–1331
Zong Y, Huang G (2019) A feature dimension reduction technology for predicting DDoS intrusion behavior in multimedia internet of things. Multimedia Tools Appl 1–14
Author information
Authors and Affiliations
Corresponding author
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kshirsagar, D., Kumar, S. A feature reduction based reflected and exploited DDoS attacks detection system. J Ambient Intell Human Comput 13, 393–405 (2022). https://doi.org/10.1007/s12652-021-02907-5
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12652-021-02907-5