Affiliation:
1. College of Science, North China University of Science and Technology, Tangshan 063210, China
2. Hebei Key Laboratory of Data Science and Application, Tangshan 063210, China
3. Tangshan Key Laboratory of Data Science, Tangshan 063210, China
Abstract
Distributed Denial of Service (DDoS) is still one of the main threats to network security today. Attackers are able to run DDoS in simple steps and with high efficiency to slow down or block users’ access to services. In this paper, we propose a framework based on feature and model selection (FAMS), which is used for detecting DDoS attacks with the aim of identifying the features and models with a high generalization capability, high prediction accuracy, and short prediction time. The FAMS framework is divided into four main phases. The first phase is data pre-processing, including operations such as feature coding, outlier processing, duplicate elimination, data balancing, and normalization. In the second stage, 79 features are extracted from the dataset and selected by the feature selection algorithms filter, wrapper, embedded, variance, mutual information, backward elimination, Lasso.L1, and random forest. The purpose of feature selection is to simplify the model, avoid dimensional disasters, reduce computational costs, and reduce the prediction time. The third stage is model selection, which aims to select the most ideal algorithm from GD, SVM, LR, RF, HVG, SVG, HVR, and SVR using a model selection algorithm for the selected 21 features, and the results show that RF is far ahead in all evaluation indexes compared to the other models. The fourth stage is model optimization, which aims to further improve the performance of the RF algorithm in detecting DDoS attacks by optimizing the parameters max_samples, max_depth, n_estimators for the initially selected RF by the RF optimization algorithm. Finally, by testing the 100,000 CIC-IDS2018, CIC-IDS2017, and CIC-DoS2016 synthetic datasets, the results show that all the results have achieved excellent performance in the same category. Moreover, the framework also shows an excellent generalization performance by testing over 1 million synthetic datasets and over 330,000 CIC-DDoS2019 datasets.
Funder
National Natural Science Foundation of China
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering
Reference60 articles.
1. Detection of DDoS attacks and flash events using information theory metrics-An empirical investigation;Behal;Comput. Commun.,2017
2. Mallikarjunan, K.N., Muthupriya, K., and Shalinie, S.M. (2016, January 7–8). A survey of distributed denial of service attack. Proceedings of the 2016 10th International Conference on Intelligent Systems and Control (ISCO), Coimbatore, India.
3. DDoS attack protection in the era of cloud computing and software-defined networking;Wang;Comput. Netw.,2015
4. Nagpal, B., Sharma, P., Chauhan, N., and Panesar, A. (2015, January 11–13). DDoS tools: Classification, analysis and comparison. Proceedings of the 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India.
5. Machine learning: Trends, perspectives, and prospects;Jordan;Science,2015
Cited by
4 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献