A generalized machine learning model for DDoS attacks detection using hybrid feature selection and hyperparameter tuning

Abstract

In the digital era, the usage of network-connected devices is rapidly growing which leads to an increase in cyberattacks. Among them, Distributed Denial of Service (DDoS) attacks are becoming more complex to detect. Recently, several models have been reported in the literature to identify them, but it remains a challenging issue due to the significant changes in signatures and traffic rate. To address this problem, a new automatic detection methodology is developed by reducing the feature space, which in turn reduces overfitting and computational time of the model. Initially, data pre-processing is performed to improve the generalizability of the model. Next, feature selection is applied to select the most appropriate features, which helps in improving classification accuracy. Further, the performance of the model is enhanced using hyperparameter tuning by selecting the appropriate parameters for learning approaches. Finally, both the optimal features and hyperparameters are fed to various supervised learning approaches namely-Logistic regression(LR), Decision tree (DT), Gradient boost(GB), K-nearest neighbor (KNN), and Support vector machine (SVM). All these experiments are evaluated on the CICDDoS2019 dataset. The experimental results show that the GB model performed well compared to the state-of-the-art methods with an accuracy of 99.97 %.