Performance evaluation of machine learning models for distributed denial of service attack detection using improved feature selection and hyper‐parameter optimization techniques

Abstract

SummaryThis article gives the framework of extensive experimentation of various machine learning models to detect distributed denial of service attacks (DDoS). We use six‐tier feature ranking methods that use statistical techniques as well as machine learning based classifiers to obtain the significant features. The measurable statistical based feature selection involves Chi‐Square (Chi2), information gain (IG), merged Chi‐Square (Chi2)‐IG ranking and machine learning classifiers involve ensemble classifiers, that is, decision tree, random forest and eXtreme gradient boosting (XGBoost). Different supervised machine learning models (logistic regression, decision tree classifier, linear support vector machine, k‐nearest neighbors, Gaussian Naive Bayes, random forest classifier, XGBoost) are trained on a feature‐engineered datasets. To further our research, we use neural networks (ANN and CNN) using both feature‐selected and auto‐feature selection training setup. We check the validation and adaptability of these models with the optimal tuning of various parameters using GridSearchCV and the effectiveness of random sampling in overcoming the class imbalance problem. Based on various feature selection methods, the models are evaluated for their best performance. The experimental results show that our trained machine learning models and neural networks outperformed the ones in the state of art. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate, sensitivity, specificity, false‐positive rate, F1 score, area under curve analysis and loss functions on well‐known KDD Cup 99 and UNSW‐NB15 datasets. This study is significant for furthering the research in DDoS detection with machine learning and deep neural networks.