A feature reduction based reflected and exploited DDoS attacks detection system

Abstract

The hacker attempts distributed denial of service (DDoS) attacks towards network resources to disturb or deny services. The hacker degrades the quality of service to legitimate users by performing reflection and exploitation based DDoS attacks with a trusted third party server that hides information of the attacker. It is, therefore, necessary to propose an intelligent intrusion detection system to detect reflection and exploitation based DDoS attacks efficiently and effectively. The present study proposes a feature reduction method by the combination of information gain (IG) and correlation (CR) feature selection techniques. This study presents a DDoS attack detection framework to detect reflection and exploitation based DDoS attacks in an efficient manner. The framework is tested on the latest DDoS evaluation (CICDDoS2019) dataset with J48 classifier. The feature reduction method obtains minimum and maximum reduction by 56 and 82.92% respectively, of the original features. The experimentation results show that the proposed framework outperforms using a reduced features subset. The validation of the proposed framework on knowledge discovery and data mining (KDD Cup 1999) dataset provides improvement in performance for binary and multi-level classification using feature reduction by 60.97% of the original features. The proposed feature reduction method is also compared to the relevant existing feature selection methods used for intrusion detection on CICDoS 2019 and KDD Cup 1999 datasets.