Towards an Optimal Feature Selection Method for AI-Based DDoS Detection System

Abstract

Cyber-attacks are increasing rapidly, so developing effective intrusion detection and prevention tools for a secure and safer cyberspace is crucial. DDoS (Distributed Denial of Services) is one of the most well-known digital threats, endangering any cyber-physical system. DDoS prevents the host from serving the legitimate traffic by overflowing the host node with unwanted service requests. Nowadays, machine learning-based IDS (Intrusion Detection System) uses different Feature Selection (FS) methods to extract a feature subset from a large dataset to increase the model performance and decrease the training time. In this research work, we used the UNSW-NB15 dataset [1] to conduct a comprehensive analysis for evaluating the performance of different FS techniques in DDoS attack classification using both Machine Learning (ML) and Deep Learning (DL) models. Furthermore, an Ensemble Feature Selection (EN-FS) technique called Majority Voting (MV) has been implemented to combine the individual FS method’s output to extract an optimal feature set. Our ensemble feature selection approach significantly reduces the features from 42 to 15, which is 64% less than the original features. Lastly, an extensive experiment has been performed to estimate and compare the performance of individual, ensemble, and original feature set in both ML and DL-based DDoS detection systems. According to our analysis, the ensemble feature set-based classification model exhibits higher accuracy, lower False Positive Rate (FPR), and better execution time than the other individual feature set-based models.