DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation

DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation

This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:International journal of information security 2019-12, Vol.18 (6), p.761-785
Hauptverfasser: Aamir, Muhammad, Zaidi, Syed Mustafa Ali
Format: Artikel
Sprache:eng
Schlagworte:
Algorithms
Artificial intelligence
Coding and Information Theory
Collinearity
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Datasets
Denial of service attacks
Engineering
Engineering education
Experimentation
Machine learning
Management of Computing and Information Systems
Mathematical models
Networks
Operating Systems
Performance evaluation
Reduction
Regular Contribution
Support vector machines
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
container_end_page 785
container_issue 6
container_start_page 761
container_title International journal of information security
container_volume 18
creator Aamir, Muhammad
Zaidi, Syed Mustafa Ali
description This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy.
doi_str_mv 10.1007/s10207-019-00434-1
format Article
fullrecord <record><control><sourceid>proquest_cross</sourceid><recordid>TN_cdi_proquest_journals_2207652272</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2207652272</sourcerecordid><originalsourceid>FETCH-LOGICAL-c319t-6832818c31ff94eb464c8005db18fd96a4f315f87e84ac7e71cfbe46f47fe8dd3</originalsourceid><addsrcrecordid>eNp9kM1OwzAQhC0EEqXwApwscQ7YjhM73FDLn1SJA3C2XGfdpm2cYLtUvD1ug-DGaXdHM7PSh9AlJdeUEHETKGFEZIRWGSE85xk9QiNa0iIrmCDHv3vJTtFZCCtCGCUVHaF2Ou1esY5RmzWuIYKJTefwrolLbEHHrQcMbtE4AN-4Bdauxq02yyTgDWjvkniL4xKw9bqFXefXB08P3na-1c6k_KfebPW-9xydWL0JcPEzx-j94f5t8pTNXh6fJ3ezzOS0ilkpcyapTIe1FYc5L7mRhBT1nEpbV6XmNqeFlQIk10aAoMbOgZeWCwuyrvMxuhp6e999bCFEteq23qWXiiVOZcGYYMnFBpfxXQgerOp902r_pShRe6xqwKoSVnXAqmgK5UMo9Hsg4P-q_0l9A0ErfEY</addsrcrecordid><sourcetype>Aggregation Database</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype><pqid>2207652272</pqid></control><display><type>article</type><title>DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation</title><source>Springer Nature - Complete Springer Journals</source><source>Business Source Complete</source><creator>Aamir, Muhammad ; Zaidi, Syed Mustafa Ali</creator><creatorcontrib>Aamir, Muhammad ; Zaidi, Syed Mustafa Ali</creatorcontrib><description>This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy.</description><identifier>ISSN: 1615-5262</identifier><identifier>EISSN: 1615-5270</identifier><identifier>DOI: 10.1007/s10207-019-00434-1</identifier><language>eng</language><publisher>Berlin/Heidelberg: Springer Berlin Heidelberg</publisher><subject>Algorithms ; Artificial intelligence ; Coding and Information Theory ; Collinearity ; Communications Engineering ; Computer Communication Networks ; Computer Science ; Cryptology ; Datasets ; Denial of service attacks ; Engineering ; Engineering education ; Experimentation ; Machine learning ; Management of Computing and Information Systems ; Mathematical models ; Networks ; Operating Systems ; Performance evaluation ; Reduction ; Regular Contribution ; Support vector machines</subject><ispartof>International journal of information security, 2019-12, Vol.18 (6), p.761-785</ispartof><rights>Springer-Verlag GmbH Germany, part of Springer Nature 2019</rights><rights>International Journal of Information Security is a copyright of Springer, (2019). All Rights Reserved.</rights><lds50>peer_reviewed</lds50><woscitedreferencessubscribed>false</woscitedreferencessubscribed><citedby>FETCH-LOGICAL-c319t-6832818c31ff94eb464c8005db18fd96a4f315f87e84ac7e71cfbe46f47fe8dd3</citedby><cites>FETCH-LOGICAL-c319t-6832818c31ff94eb464c8005db18fd96a4f315f87e84ac7e71cfbe46f47fe8dd3</cites></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><linktopdf>$$Uhttps://link.springer.com/content/pdf/10.1007/s10207-019-00434-1$$EPDF$$P50$$Gspringer$$H</linktopdf><linktohtml>$$Uhttps://link.springer.com/10.1007/s10207-019-00434-1$$EHTML$$P50$$Gspringer$$H</linktohtml><link.rule.ids>314,776,780,27901,27902,41464,42533,51294</link.rule.ids></links><search><creatorcontrib>Aamir, Muhammad</creatorcontrib><creatorcontrib>Zaidi, Syed Mustafa Ali</creatorcontrib><title>DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation</title><title>International journal of information security</title><addtitle>Int. J. Inf. Secur</addtitle><description>This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy.</description><subject>Algorithms</subject><subject>Artificial intelligence</subject><subject>Coding and Information Theory</subject><subject>Collinearity</subject><subject>Communications Engineering</subject><subject>Computer Communication Networks</subject><subject>Computer Science</subject><subject>Cryptology</subject><subject>Datasets</subject><subject>Denial of service attacks</subject><subject>Engineering</subject><subject>Engineering education</subject><subject>Experimentation</subject><subject>Machine learning</subject><subject>Management of Computing and Information Systems</subject><subject>Mathematical models</subject><subject>Networks</subject><subject>Operating Systems</subject><subject>Performance evaluation</subject><subject>Reduction</subject><subject>Regular Contribution</subject><subject>Support vector machines</subject><issn>1615-5262</issn><issn>1615-5270</issn><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2019</creationdate><recordtype>article</recordtype><sourceid>BENPR</sourceid><recordid>eNp9kM1OwzAQhC0EEqXwApwscQ7YjhM73FDLn1SJA3C2XGfdpm2cYLtUvD1ug-DGaXdHM7PSh9AlJdeUEHETKGFEZIRWGSE85xk9QiNa0iIrmCDHv3vJTtFZCCtCGCUVHaF2Ou1esY5RmzWuIYKJTefwrolLbEHHrQcMbtE4AN-4Bdauxq02yyTgDWjvkniL4xKw9bqFXefXB08P3na-1c6k_KfebPW-9xydWL0JcPEzx-j94f5t8pTNXh6fJ3ezzOS0ilkpcyapTIe1FYc5L7mRhBT1nEpbV6XmNqeFlQIk10aAoMbOgZeWCwuyrvMxuhp6e999bCFEteq23qWXiiVOZcGYYMnFBpfxXQgerOp902r_pShRe6xqwKoSVnXAqmgK5UMo9Hsg4P-q_0l9A0ErfEY</recordid><startdate>20191201</startdate><enddate>20191201</enddate><creator>Aamir, Muhammad</creator><creator>Zaidi, Syed Mustafa Ali</creator><general>Springer Berlin Heidelberg</general><general>Springer Nature B.V</general><scope>AAYXX</scope><scope>CITATION</scope><scope>0-V</scope><scope>3V.</scope><scope>7SC</scope><scope>7WY</scope><scope>7WZ</scope><scope>7XB</scope><scope>87Z</scope><scope>88F</scope><scope>8AL</scope><scope>8AM</scope><scope>8AO</scope><scope>8FD</scope><scope>8FE</scope><scope>8FG</scope><scope>8FK</scope><scope>8FL</scope><scope>ABUWG</scope><scope>AFKRA</scope><scope>ALSLI</scope><scope>ARAPS</scope><scope>AZQEC</scope><scope>BENPR</scope><scope>BEZIV</scope><scope>BGLVJ</scope><scope>BGRYB</scope><scope>CCPQU</scope><scope>DWQXO</scope><scope>FRNLG</scope><scope>F~G</scope><scope>GNUQQ</scope><scope>HCIFZ</scope><scope>JQ2</scope><scope>K60</scope><scope>K6~</scope><scope>K7-</scope><scope>K7.</scope><scope>L.-</scope><scope>L7M</scope><scope>L~C</scope><scope>L~D</scope><scope>M0C</scope><scope>M0N</scope><scope>M0O</scope><scope>M1Q</scope><scope>P5Z</scope><scope>P62</scope><scope>PQBIZ</scope><scope>PQBZA</scope><scope>PQEST</scope><scope>PQQKQ</scope><scope>PQUKI</scope><scope>Q9U</scope></search><sort><creationdate>20191201</creationdate><title>DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation</title><author>Aamir, Muhammad ; Zaidi, Syed Mustafa Ali</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-LOGICAL-c319t-6832818c31ff94eb464c8005db18fd96a4f315f87e84ac7e71cfbe46f47fe8dd3</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2019</creationdate><topic>Algorithms</topic><topic>Artificial intelligence</topic><topic>Coding and Information Theory</topic><topic>Collinearity</topic><topic>Communications Engineering</topic><topic>Computer Communication Networks</topic><topic>Computer Science</topic><topic>Cryptology</topic><topic>Datasets</topic><topic>Denial of service attacks</topic><topic>Engineering</topic><topic>Engineering education</topic><topic>Experimentation</topic><topic>Machine learning</topic><topic>Management of Computing and Information Systems</topic><topic>Mathematical models</topic><topic>Networks</topic><topic>Operating Systems</topic><topic>Performance evaluation</topic><topic>Reduction</topic><topic>Regular Contribution</topic><topic>Support vector machines</topic><toplevel>peer_reviewed</toplevel><toplevel>online_resources</toplevel><creatorcontrib>Aamir, Muhammad</creatorcontrib><creatorcontrib>Zaidi, Syed Mustafa Ali</creatorcontrib><collection>CrossRef</collection><collection>ProQuest Social Sciences Premium Collection</collection><collection>ProQuest Central (Corporate)</collection><collection>Computer and Information Systems Abstracts</collection><collection>ABI/INFORM Collection</collection><collection>ABI/INFORM Global (PDF only)</collection><collection>ProQuest Central (purchase pre-March 2016)</collection><collection>ABI/INFORM Global (Alumni Edition)</collection><collection>Military Database (Alumni Edition)</collection><collection>Computing Database (Alumni Edition)</collection><collection>Criminal Justice Database (Alumni Edition)</collection><collection>ProQuest Pharma Collection</collection><collection>Technology Research Database</collection><collection>ProQuest SciTech Collection</collection><collection>ProQuest Technology Collection</collection><collection>ProQuest Central (Alumni) (purchase pre-March 2016)</collection><collection>ABI/INFORM Collection (Alumni Edition)</collection><collection>ProQuest Central (Alumni Edition)</collection><collection>ProQuest Central UK/Ireland</collection><collection>Social Science Premium Collection</collection><collection>Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest Central Essentials</collection><collection>ProQuest Central</collection><collection>Business Premium Collection</collection><collection>Technology Collection</collection><collection>Criminology Collection</collection><collection>ProQuest One Community College</collection><collection>ProQuest Central Korea</collection><collection>Business Premium Collection (Alumni)</collection><collection>ABI/INFORM Global (Corporate)</collection><collection>ProQuest Central Student</collection><collection>SciTech Premium Collection</collection><collection>ProQuest Computer Science Collection</collection><collection>ProQuest Business Collection (Alumni Edition)</collection><collection>ProQuest Business Collection</collection><collection>Computer Science Database</collection><collection>ProQuest Criminal Justice (Alumni)</collection><collection>ABI/INFORM Professional Advanced</collection><collection>Advanced Technologies Database with Aerospace</collection><collection>Computer and Information Systems Abstracts – Academic</collection><collection>Computer and Information Systems Abstracts Professional</collection><collection>ABI/INFORM Global</collection><collection>Computing Database</collection><collection>ProQuest Criminal Justice</collection><collection>Military Database</collection><collection>Advanced Technologies &amp; Aerospace Database</collection><collection>ProQuest Advanced Technologies &amp; Aerospace Collection</collection><collection>ProQuest One Business</collection><collection>ProQuest One Business (Alumni)</collection><collection>ProQuest One Academic Eastern Edition (DO NOT USE)</collection><collection>ProQuest One Academic</collection><collection>ProQuest One Academic UKI Edition</collection><collection>ProQuest Central Basic</collection><jtitle>International journal of information security</jtitle></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext</fulltext></delivery><addata><au>Aamir, Muhammad</au><au>Zaidi, Syed Mustafa Ali</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation</atitle><jtitle>International journal of information security</jtitle><stitle>Int. J. Inf. Secur</stitle><date>2019-12-01</date><risdate>2019</risdate><volume>18</volume><issue>6</issue><spage>761</spage><epage>785</epage><pages>761-785</pages><issn>1615-5262</issn><eissn>1615-5270</eissn><abstract>This paper applies an organized flow of feature engineering and machine learning to detect distributed denial-of-service (DDoS) attacks. Feature engineering has a focus to obtain the datasets of different dimensions with significant features, using feature selection methods of backward elimination, chi2, and information gain scores. Different supervised machine learning models are applied on the feature-engineered datasets to demonstrate the adaptability of datasets for machine learning under optimal tuning of parameters within given sets of values. The results show that substantial feature reduction is possible to make DDoS detection faster and optimized with minimal performance hit. The paper proposes a strategic-level framework which incorporates the necessary elements of feature engineering and machine learning with a defined flow of experimentation. The models are also validated with cross-validation and evaluated for area-under-curve analyses. It provides comprehensive solutions which can be trusted to avoid the overfitting and collinearity problems of data while detecting DDoS attacks. In the case study of DDoS datasets, K-nearest neighbors algorithm overall exhibits the best performance followed by support vector machine, whereas low-dimensional datasets of discrete feature types perform better under the Random Forest model as compared to high dimensions with numerical features. The accuracy scores of dataset with the lowest number of features remain competitive with other datasets under all machine learning models, leading to a substantially reduced processing overhead. The experiments show that approximately 68% reduction in the feature space is possible with an impact of only about 0.03% on accuracy.</abstract><cop>Berlin/Heidelberg</cop><pub>Springer Berlin Heidelberg</pub><doi>10.1007/s10207-019-00434-1</doi><tpages>25</tpages></addata></record>
fulltext fulltext
identifier ISSN: 1615-5262
ispartof International journal of information security, 2019-12, Vol.18 (6), p.761-785
issn 1615-5262
1615-5270
language eng
recordid cdi_proquest_journals_2207652272
source Springer Nature - Complete Springer Journals; Business Source Complete
subjects Algorithms
Artificial intelligence
Coding and Information Theory
Collinearity
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Datasets
Denial of service attacks
Engineering
Engineering education
Experimentation
Machine learning
Management of Computing and Information Systems
Mathematical models
Networks
Operating Systems
Performance evaluation
Reduction
Regular Contribution
Support vector machines
title DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation
url https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-02-13T01%3A45%3A01IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-proquest_cross&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=DDoS%20attack%20detection%20with%20feature%20engineering%20and%20machine%20learning:%20the%20framework%20and%20performance%20evaluation&rft.jtitle=International%20journal%20of%20information%20security&rft.au=Aamir,%20Muhammad&rft.date=2019-12-01&rft.volume=18&rft.issue=6&rft.spage=761&rft.epage=785&rft.pages=761-785&rft.issn=1615-5262&rft.eissn=1615-5270&rft_id=info:doi/10.1007/s10207-019-00434-1&rft_dat=%3Cproquest_cross%3E2207652272%3C/proquest_cross%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_pqid=2207652272&rft_id=info:pmid/&rfr_iscdi=true