Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method

Abstract

Cloud computing facilitates the users with on-demand services over the Internet. The services are accessible from anywhere at any time. Despite the valuable services, the paradigm is, also, prone to security issues. A Distributed Denial of Service (DDoS) attack affects the availability of cloud services and causes security threats to cloud computing. Detection of DDoS attacks is necessary for the availability of services for legitimate users. The topic has been studied by many researchers, with better accuracy for different datasets. This article presents a method for DDoS attack detection in cloud computing. The primary objective of this article is to reduce misclassification error in DDoS detection. In the proposed work, we select the most relevant features, by applying two feature selection techniques, i.e., the Mutual Information (MI) and Random Forest Feature Importance (RFFI) methods. Random Forest (RF), Gradient Boosting (GB), Weighted Voting Ensemble (WVE), K Nearest Neighbor (KNN), and Logistic Regression (LR) are applied to selected features. The experimental results show that the accuracy of RF, GB, WVE, and KNN with 19 features is 0.99. To further study these methods, misclassifications of the methods are analyzed, which lead to more accurate measurements. Extensive experiments conclude that the RF performed well in DDoS attack detection and misclassified only one attack as normal. Comparative results are presented to validate the proposed method.