An augmented K‐means clustering approach for the detection of distributed denial‐of‐service attacks

Abstract

SummaryThe problem of distributed denial‐of‐service (DDoS) attack detection remains challenging due to new and innovative methods developed by attackers to evade the deployed security systems. In this work, we devise an unsupervised machine learning (ML)‐based approach for the detection of different types of DDoS attacks by augmenting the performance of K‐means clustering algorithm with the aid of a hybrid method for feature selection and extraction. By sequentially combining an integrated feature selection (IFS) algorithm and a deep autoencoder (DAE), we develop the hybrid method for extracting encoded features, which can better separate the clusters of benign and malicious network flows. We formulate the problem of DDoS attack detection as a binary clustering of network flows. Although K‐means clustering is the simplest and widely used algorithm, we investigate its performance for DDoS attack detection before and after applying the proposed hybrid method for feature selection and extraction. Our results show that after employing the proposed hybrid method, the performance of K‐means clustering model improves, and it is comparable to the state‐of‐the‐art supervised ML and deep learning (DL)‐based methods developed for DDoS attack detection.