A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning

Batchu, Raj Kumar; Setiapraja, Hari

doi:10.1016/j.comnet.2021.108498

Cited by 39 publications

(7 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many intelligent machine learning algorithms have been developed to facilitate the detection of DDoS attacks. [71][72][73][74] Since a DDoS attack has two attributes (attack and normal), we categorize it as a binary classification problem.…”

Section: Performance Evaluation With Machine Learning Modelsmentioning

confidence: 99%

Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

Habib

Khursheed

2022

Concurrency and Computation

View full text Add to dashboard Cite

This article gives the framework of extensive experimentation of various machine learning models to detect distributed denial of service attacks (DDoS). We use six-tier feature ranking methods that use statistical techniques as well as machine learning based classifiers to obtain the significant features. The measurable statistical based feature selection involves Chi-Square (Chi2), information gain (IG), merged Chi-Square (Chi2)-IG ranking and machine learning classifiers involve ensemble classifiers, that is, decision tree, random forest and eXtreme gradient boosting (XGBoost). Different supervised machine learning models (logistic regression, decision tree classifier, linear support vector machine, k-nearest neighbors, Gaussian Naive Bayes, random forest classifier, XGBoost) are trained on a feature-engineered datasets. To further our research, we use neural networks (ANN and CNN) using both feature-selected and auto-feature selection training setup. We check the validation and adaptability of these models with the optimal tuning of various parameters using GridSearchCV and the effectiveness of random sampling in overcoming the class imbalance problem. Based on various feature selection methods, the models are evaluated for their best performance. The experimental results show that our trained machine learning models and neural networks outperformed the ones in the state of art. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate, sensitivity, specificity, false-positive rate, F1 score, area under curve analysis and loss functions on well-known KDD Cup 99 and UNSW-NB15 datasets. This study is significant for furthering the research in DDoS detection with machine learning and deep neural networks.

show abstract

Section: Performance Evaluation With Machine Learning Modelsmentioning

confidence: 99%

Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

Habib

Khursheed

2022

Concurrency and Computation

View full text Add to dashboard Cite

show abstract

“…It should be noted that most of the proposed methods have only included CIC-IDS2017 or CSE-CIC-IDS2018 in their analysis. Reference [13] included CIC-DoS2017 (besides IDS2017 and IDS2018), references [14] and [15] were validated on CIC-DDoS2019 and reference [16] included all four CIC datasets.…”

Section: B Proposed Ml-ids Detection and Feature Selection Systemsmentioning

confidence: 99%

“…CIC Collection (IDS17, IDS18, DoS17, DDoS19) [27] 2020 PSH flag count, fwd packet length min, bwd packet length min, down/up ratio [28] 2020 protocol, down/up ratio, active std [13] 2021 PSH flag count, active std [16] 2021 fwd packet length min, packet length min, PSH flag count, ACK flag count [14] 2021 protocol, bwd packet length min [15] 2021 packet length min, bwd packet length min [29] 2022 PSH flag count, packet length min, protocol, fwd packet length min, bwd packet length min active std, idle std, ACK flag count, ECE flag count, RST flag count, down/up ratio [33]) proposed for cyber security ML systems on six criteria. They conclude that white-box techniques (full model access) such as integrated gradients and layer-wise relevance propagation comply best with the tested criteria.…”

Section: Yearmentioning

confidence: 99%

Discovering Non-Metadata Contaminant Features in Intrusion Detection Datasets

D’hooge

Verkerken

Wauters

et al. 2022

2022 19th Annual International Conference on Privacy, Security &Amp; Trust (PST)

View full text Add to dashboard Cite

Most newly proposed detection methods in intrusion detection incorporate machine learning models to distinguish between benign and malicious traffic. The models are validated on a handful of academic datasets and ranked based on their classification performance. This article aims to demonstrate that unbeknownst to the new models' authors, there are features in these datasets which heavily bias the results and obscure a realistic, reliable estimate of the separability of the datasets. This paper proposes a methodology to estimate the contaminating influence of a dataset's features based on the concept of blind generalization. The novel methodology is subsequently used to assess the features of six widely adopted intrusion detection datasets. In each dataset, several features show a pattern where regardless of training attack class, the models blindly generalize towards all available attack classes with nearly identical classification metrics. These features provide undeserved boosts in the baseline classification scores for each dataset. By themselves, some contaminant features even push these baselines upwards of 90% accuracy (balanced).

show abstract

“…Intruders skilfully reap the benefits of exploitable vulnerabilities in a variety of methods that are generally difficult to pinpoint due to technological advancements. Therefore, it’s important to identify current shortcomings, how they can be used by adversaries in the manufacturing environment, and most crucially the facts they are most keen on 5 . The greatest approach to understand how to defend something is to be aware of what is going on within, which argues for security observability.…”

Section: Introductionmentioning

confidence: 99%

Containerized cloud-based honeypot deception for tracking attackers

Priya

Chakkaravarthy

2023

Sci Rep

View full text Add to dashboard Cite

Discovering malicious packets amid a cloud of normal activity, whether you use an IDS or gather and analyze machine and device log files on company infrastructure, may be challenging and time consuming. The vulnerability landscape is rapidly evolving, and it will only become worse as more and more developing technologies, such as IoT, Industrial Automation, CPS, Digital Twins, etc are digitally connected. A honey trap aids in identifying malicious packets easily as, after a few rapid calibrations to eliminate false positives. Besides analyzing and reporting particular invasion patterns or toolkits exploited, it also assists in preventing access to actual devices by simulating the genuine systems and applications functioning in the network thus delaying as well as baffling the invader. In order to analyze and evaluate the hackers’ behavior, an ensemble of research honeypot detectors has been deployed in our work. This paper delivers a robust outline of the deployment of containerized honeypot deployment, as a direct consequence, these are portable, durable, and simple to deploy and administer. The instrumented approach was monitored and generated countless data points on which significant judgments about the malevolent users’ activities and purpose could be inferred.

show abstract

A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning

Cited by 39 publications

References 23 publications

Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

Discovering Non-Metadata Contaminant Features in Intrusion Detection Datasets

Containerized cloud-based honeypot deception for tracking attackers

Contact Info

Product

Resources

About