A feature reduction based reflected and exploited DDoS attacks detection system

Abstract

The hacker attempts distributed denial of service (DDoS) attacks towards network resources to disturb or deny services. The hacker degrades the quality of service to legitimate users by performing reflection and exploitation based DDoS attacks with a trusted third party server that hides information of the attacker. It is, therefore, necessary to propose an intelligent intrusion detection system to detect reflection and exploitation based DDoS attacks efficiently and effectively. The present study proposes a feature reduction method by the combination of information gain (IG) and correlation (CR) feature selection techniques. This study presents a DDoS attack detection framework to detect reflection and exploitation based DDoS attacks in an efficient manner. The framework is tested on the latest DDoS evaluation (CICDDoS2019) dataset with J48 classifier. The feature reduction method obtains minimum and maximum reduction by 56 and 82.92% respectively, of the original features. The experimentation results show that the proposed framework outperforms using a reduced features subset. The validation of the proposed framework on knowledge discovery and data mining (KDD Cup 1999) dataset provides improvement in performance for binary and multi-level classification using feature reduction by 60.97% of the original features. The proposed feature reduction method is also compared to the relevant existing feature selection methods used for intrusion detection on CICDoS 2019 and KDD Cup 1999 datasets.

This is a preview of subscription content, access via your institution.

Fig. 1

References

  1. Aamir M, Zaidi SMA (2019) Clustering based semi-supervised machine learning for DDoS attack classification. J King Saud Univ Comput Inf Sci

  2. Abdulrahman AA, Ibrahem MK (2018) Evaluation of DDoS attacks detection in a new intrusion dataset based on classification algorithms. Iraqi J Inf Commun Technol 1(3):49–55

    Article  Google Scholar 

  3. Agrawal N, Tapaswi S (2020) Detection of low-rate cloud DDoS attacks in frequency domain using fast hartley transform. Wirel Pers Commun 112(1735–1762):1–28

    Google Scholar 

  4. Akamai (2016) Internet of things and the rise of 300 gbps DDoS attacks. https://www.akamai.com/us/en/multimedia/documents/social/q4-state-of-the-internet-security-spotlight-iot-rise-of-300-gbp-ddos-attacks.pdf

  5. Aksu D, Üstebay S, Aydin MA, Atmaca T (2018) Intrusion detection with comparative analysis of supervised learning techniques and fisher score feature selection algorithm. In: International symposium on computer and information sciences. Springer, pp 141–149

  6. Balkanli E, Zincir-Heywood AN, Heywood MI (2015) Feature selection for robust backscatter ddos detection. In: 2015 IEEE 40th local computer networks conference workshops (LCN Workshops). IEEE, pp 611–618

  7. Barati M, Abdullah A, Udzir NI, Mahmod R, Mustapha N (2014) Distributed denial of service detection using hybrid machine learning technique. In: 2014 International symposium on biometrics and security technologies (ISBAST). IEEE, pp 268–273

  8. Bharot N, Verma P, Sharma S, Suraparaju V (2018) Distributed denial-of-service attack detection and mitigation using feature selection and intensive care request processing unit. Arab J Sci Eng 43(2):959–967

    Article  Google Scholar 

  9. Bindra N, Sood M (2019) Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset. Autom Control Comput Sci 53(5):419–428

    Article  Google Scholar 

  10. Bulletproof (2019) Annual cyber security report 2019. https://www.bulletproof.co.uk/industry-reports/2019.pdf

  11. David J, Thomas C (2019) Efficient DDoS flood attack detection using dynamic thresholding on flow-based network traffic. Comput Secur 82:284–295

    Article  Google Scholar 

  12. Devi P, Kannammal A (2016) An integrated intelligent paradigm to detect DDoS attack in mobile ad hoc networks. Int J Embed Syst 8(1):69–77

    Article  Google Scholar 

  13. Ferrag MA, Maglaras L, Moschoyiannis S, Janicke H (2020) Deep learning for cyber security intrusion detection: approaches, datasets, and comparative study. J Inf Secur Appl 50:102419

    Google Scholar 

  14. Gu Y, Li K, Guo Z, Wang Y (2019) Semi-supervised k-means DDoS detection method using hybrid feature selection algorithm. IEEE Access 7:64351–64365

    Article  Google Scholar 

  15. Hezavehi SM, Rahmani R (2020) An anomaly-based framework for mitigating effects of DDoS attacks using a third party auditor in cloud computing environments. Clust Comput 23:2609–2627

    Article  Google Scholar 

  16. Hosseini S, Azizi M (2019) The hybrid technique for DDoS detection with supervised learning algorithms. Comput Netw 158:35–45

    Article  Google Scholar 

  17. Hosseini S, Seilani H (2019) Anomaly process detection using negative selection algorithm and classification techniques. Evolv Syst 1–10

  18. Idhammad M, Afdel K, Belouch M (2018) Distributed intrusion detection system for cloud environments based on data mining techniques. Procedia Comput Sci 127:35–41

    Article  Google Scholar 

  19. Kim J, Shin Y, Choi E et al (2019) An intrusion detection model based on a convolutional neural network. J Multimedia Inf Syst 6(4):165–172

    Article  Google Scholar 

  20. Manzoor I, Kumar N et al (2017) A feature reduced intrusion detection system using ANN classifier. Expert Syst Appl 88:249–257

    Article  Google Scholar 

  21. Mayuranathan M, Murugan M, Dhanakoti V (2019) Best features based intrusion detection system by RBM model for detecting DDoS in cloud environment. J Ambient Intell Humaniz Comput 1–11

  22. Niyaz Q, Sun W, Javaid AY (2016) A deep learning based ddos detection system in software-defined networking (sdn). arXiv preprint arXiv:161107400

  23. NSFOCUS (2018) 2017 ddos and web application attack landscape. https://nsfocusglobal.com/2017-ddos-and-web-application-attack-landscape/

  24. Obaid HS, Abeed EH (2020) Dos and DDoS attacks at OSI layers. Int J Multidiscip Res Publ 2(8):1–9

    Google Scholar 

  25. Osanaiye O, Cai H, Choo KKR, Dehghantanha A, Xu Z, Dlodlo M (2016) Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing. EURASIP J Wirel Commun Netw 2016(1):130

    Article  Google Scholar 

  26. Patil R, Dudeja H, Gawade S, Modi C (2018) Protocol specific multi-threaded network intrusion detection system (pm-nids) for dos/ddos attack detection in cloud. In: 2018 9th International conference on computing, communication and networking technologies (ICCCNT). IEEE, pp 1–7

  27. Polat H, Polat O, Cetin A (2020) Detecting DDoS attacks in software-defined networks through feature selection methods and machine learning models. Sustainability 12(3):1035

    Article  Google Scholar 

  28. Prasad M, Tripathi S, Dahal K (2020) An efficient feature selection based Bayesian and rough set approach for intrusion detection. Appl Soft Comput 87:105980

    Article  Google Scholar 

  29. Prathyusha DJ, Kannayaram G (2020) A cognitive mechanism for mitigating DDoS attacks using the artificial immune system in a cloud environment. Evolut Intell 1–12

  30. Procopiou A, Komninos N, Douligeris C (2019) Forchaos: real time application DDoS detection using forecasting and chaos theory in smart home iot network. Wirel Commun Mob Comput 2019:1–14

    Article  Google Scholar 

  31. Saad RM, Anbar M, Manickam S, Alomari E (2016) An intelligent icmpv6 DDoS flooding-attack detection framework (v6iids) using back-propagation neural network. IETE Tech Rev 33(3):244–255

    Article  Google Scholar 

  32. Saied A, Overill RE, Radzik T (2016) Detection of known and unknown DDoS attacks using artificial neural networks. Neurocomputing 172:385–393

    Article  Google Scholar 

  33. Selvakumar K, Karuppiah M, SaiRamesh L, Islam SH, Hassan MM, Fortino G, Choo KKR (2019) Intelligent temporal classification and fuzzy rough set-based feature selection algorithm for intrusion detection system in WSNs. Inf Sci 497:77–90

    Article  Google Scholar 

  34. Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In: 2019 International carnahan conference on security technology (ICCST). IEEE, pp 1–8

  35. Shin D (2018) How to defend against amplified reflection DDoS attacks. https://www.a10networks.com/blog/how-defend-against-amplified-reflection-ddos-attacks/. Accessed 16 July 2018

  36. Shreevyas HM, Kumar S, Sonone S (2019) False positive reduction in DDoS attack classification using ann simulation. Network 92:7

    Google Scholar 

  37. Sreeram I, Vuppala VPK (2019) Http flood attack detection in application layer using machine learning metrics and bio inspired bat algorithm. Appl Comput Inform 15(1):59–66

    Article  Google Scholar 

  38. Suresh M, Anitha R (2011) Evaluating machine learning algorithms for detecting ddos attacks. In: International conference on network security and applications. Springer, pp 441–452

  39. Tan Z, Jamdagni A, He X, Nanda P, Liu RP, Hu J (2014) Detection of denial-of-service attacks based on computer vision techniques. IEEE Trans Comput 64(9):2519–2533

    MathSciNet  Article  Google Scholar 

  40. Verma P, Tapaswi S, Godfrey WW (2020) An adaptive threshold-based attribute selection to classify requests under DDoS attack in cloud-based systems. Arab J Sci Eng 45(4):2813–2834

    Article  Google Scholar 

  41. Wang C, Yao H, Liu Z (2019) An efficient DDoS detection based on SU-genetic feature selection. Clust Comput 22(1):2505–2515

    Article  Google Scholar 

  42. Wang M, Lu Y, Qin J (2020) A dynamic MLP-based DDoS attack detection method using feature selection and feedback. Comput Secur 88:101645

    Article  Google Scholar 

  43. Wei W, Ke Q, Nowak J, Korytkowski M, Scherer R, Woźniak M (2020) Accurate and fast url phishing detector: a convolutional neural network approach. Comput Netw 178:107275

    Article  Google Scholar 

  44. Wozniak M, Silka J, Wieczorek M, Alrashoud M (2020) Recurrent neural network model for IoT and networking malware threads detection. IEEE Trans Ind Inform 14(8):1–11

    Google Scholar 

  45. Yusof AR, Udzir NI, Selamat A, Hamdan H, Abdullah MT (2017) Adaptive feature selection for denial of services (dos) attack. In: 2017 IEEE conference on application, information and network security (AINS). IEEE, pp 81–84

  46. Zhao F, Zhao J, Niu X, Luo S, Xin Y (2018) A filter feature selection algorithm based on mutual information for intrusion detection. Appl Sci 8(9):1535

    Article  Google Scholar 

  47. Zhao T, Lo DCT, Qian K (2015) A neural-network based DDoS detection system using Hadoop and HBase. In: 2015 IEEE 17th international conference on high performance computing and communications, 2015 IEEE 7th international symposium on cyberspace safety and security, and 2015 IEEE 12th international conference on embedded software and systems. IEEE, New York, pp 1326–1331

  48. Zong Y, Huang G (2019) A feature dimension reduction technology for predicting DDoS intrusion behavior in multimedia internet of things. Multimedia Tools Appl 1–14

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to Deepak Kshirsagar.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Reprints and Permissions

About this article

Verify currency and authenticity via CrossMark

Cite this article

Kshirsagar, D., Kumar, S. A feature reduction based reflected and exploited DDoS attacks detection system. J Ambient Intell Human Comput (2021). https://doi.org/10.1007/s12652-021-02907-5

Download citation

Keywords

  • Distributed denial of service (DDoS)
  • Information gain
  • Correlation
  • Feature reduction
  • Intrusion detection