Machine Learning-Based Feature Engineering to Detect DDoS Attacks

  • Muhammad Nur Faiz Politeknik Negeri Cilacap
  • Oman Somantri Politeknik Negeri Cilacap
  • Arif Wirawan Muhammad IT Telkom Purwokerto
Keywords: DDoS, Feature Selection, Neural Networks, Machine Learning

Abstract

Distributed network attacks, also known as distributed denial of service (DDoS) are a major threat and problem for internet security. DDoS is an attack on a network aiming to disable server resources. These attacks increase every year with the current state of the COVID-19 pandemic. One of countermeasures to minimize the DDoS impact is the intrusion detection system (IDS) command. IDS techniques are currently still employing traditional methods so that they have many limitations compared to techniques and tools used by attackers because traditional IDS methods only use signature-based detection or anomaly-based detection models which cause many errors. Network data packet traffic has a complex nature, both in terms of sizes and sources. This research utilized the ability of artificial neural network (ANN) to detect normal attacks or DDoS. A classification technique with ANN method is a solution to these issues. Based on the shortcomings of the traditional IDS, this study aims to detect DDoS attacks using feeder machine learning-based feature engineering techniques to improve the IDS development. Using the UNSW-NB15 dataset with the ANN method, this study also aims to analyze and obtain training function combinations and the best hidden layer architectures of ANNs to solve the detection and classification problems of DDoS packets in computer networks. As a result, the training function combinations and hidden layer architectures of the ANN can provide a high level of DDoS recognition accuracy. Based on experiments conducted with three schemes and an ANN schema architecture technique with eight features as input, the highest accuracy was 98.22%. Feature selection plays an essential role in detection result accuracies and machine learning performances in classification problems.

References

K. Kurniabudi, A. Harris, and A. Rahim, “Seleksi Fitur dengan Information Gain untuk Meningkatkan Deteksi Serangan DDoS Menggunakan Random Forest,” Techno.COM, Vol. 19, No. 1, pp. 56–66, Feb. 2020.

S. Haider, et al., “A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks,” IEEE Access, Vol. 8, pp. 53972–53983, Feb. 2020.

H. Parmar and A. Gosai, “Analysis and Study of Network Security at Transport Layer,” Int. J. Comput. Appl., Vol. 121, No. 13, pp. 35–40, Jul. 2015.

Cisco “Cisco Annual Internet Report (2018–2023),” 2020, [Online], https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html.

I. Cvitić, D. Peraković, M. Periša, and M. Botica, “Novel Approach for Detection of IoT Generated DDoS Traffic,” Wirel. Netw., Vol. 27, No. 3, pp. 1573–1586, Jun. 2021.

A.W. Muhammad, C.F.M. Foozy, and A. Azhari, “Machine Learning-Based Distributed Denial of Service Attack Detection on Intrusion Detection System Regarding to Feature Selection,” Int. J. Artif. Intell. Res., Vol. 4, No. 1, pp. 1–8, Jun. 2020.

S.M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J. Big Data, Vol. 7, pp. 1–20, Nov. 2020.

M. Merouane, “An Approach for Detecting and Preventing DDoS Attacks in Campus,” Autom. Control Comput. Sci., Vol. 51, No. 1, pp. 13–23, Mar. 2017.

Z. Ahmad, et al., “Anomaly Detection Using Deep Neural Network for IoT Architecture,” Appl. Sci., Vol. 11, No. 15, Jul. 2021.

O.F. Rashid, “DNA Encoding for Misuse Intrusion Detection System Based on UNSW-NB15 Data Set,” Iraqi J. Sci., Vol. 61, No. 12, pp. 3408–3416, Dec. 2020.

N. Moustafa and J. Slay, “UNSW-NB15: A Comprehensive Data Set for Network Intrusion Detection Systems (UNSW-NB15 Network Data Set),” 2015 Mil. Commun., Inf. Syst. Conf. (MilCIS), 2015, pp. 1–6.

M.S. Al-Daweri, K.A.Z. Ariffin, S. Abdullah, and M.F.E.Md. Senan, “An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System,” Symmetry, Vol. 12, No. 10, pp. 1-32, Oct. 2020.

J.H. Corrêa, P.M. Ciarelli, M.R.N. Ribeiro, and R.S. Villaça, “ML-Based DDoS Detection and Identification Using Native Cloud Telemetry Macroscopic Monitoring,” J. Netw. Syst. Manag., Vol. 29, No. 2, pp. 1–28, Jan. 2021.

M. Tayyab, B. Belaton, and M. Anbar, “ICMPV6-Based DOS and DDoS Attacks Detection Using Machine Learning Techniques, Open Challenges, and Blockchain Applicability: A Review,” IEEE Access, Vol. 8, pp. 170529–170547, Sep. 2020.

G.A. Jaafar, S.M. Abdullah, and S. Ismail, “Review of Recent Detection Methods for HTTP DDoS Attack,” J. Comput. Netw. Commun., Vol. 2019, pp. 1–10, Jan. 2019.

S. Rajagopal, K.S. Hareesha, and P.P. Kundapur, “Feature Relevance Analysis and Feature Reduction of UNSW NB-15 Using Neural Networks on MAMLS,” in Advanced Computing and Intelligent Engineering. Advances in Intelligent Systems and Computing, Vol. 1082, B. Pati, C. Panigrahi, R. Buyya, and K.C. Li, Eds., Singapore, Singapore: Springer, 2018, pp. 321–332.

A.M. Aleesa, M. Younis, A.A. Mohammed, and N.M. Sahar, “Deep-Intrusion Detection System with Enhanced UNSW-NB15 Dataset Based on Deep Learning Techniques,” J. Eng. Sci. Technol., Vol. 16, No. 1, pp. 711–727, 2021.

N. Moustafa and J. Slay, “The Evaluation of Network Anomaly Detection Systems: Statistical Analysis of the UNSW-NB15 Data Set and the Comparison with the KDD99 Data Set,” Inf. Secur. J., A Global Perspec., Vol. 25, No. 1–3, pp. 18–31, Apr. 2016.

A. Thakkar and R. Lohiya, “A Survey on Intrusion Detection System: Feature Selection, Model, Performance Measures, Application Perspective, Challenges, and Future Research Directions,” Artif. Intell. Rev., Vol. 55, pp. 453-563, Jan. 2021.

N. Kunhare and R. Tiwari, “Study of the Attributes Using Four Class Labels on KDD99 and NSL-KDD Datasets with Machine Learning Techniques,” 2018 8th Int. Conf. Commun. Syst., Netw. Technol. (CSNT), 2018, pp. 127–131.

B. Bouyeddou, B. Kadri, F. Harrou, and Y. Sun, “Nonparametric Kullback-Leibler Distance-Based Method for Networks Intrusion Detection,” 2020 Int. Conf. Data Anal. Bus., Ind., Way Towards a Sustain. Econ. (ICDABI), 2020, pp. 1–5.

S. Khan, A. Gani, A.W.A. Wahab, and P.K. Singh, “Feature Selection of Denial-of-Service Attacks Using Entropy and Granular Computing,” Arab. J. Sci. Eng., Vol. 43, No. 2, pp. 499–508, Feb. 2018.

G.S. Kushwah and V. Ranga, “Voting Extreme Learning Machine Based Distributed Denial of Service Attack Detection in Cloud Computing,” J. Inf. Secur. Appl., Vol. 53, pp. 1-12, Aug. 2020.

J. Schmidt-Hieber, “The Kolmogorov–Arnold Representation Theorem Revisited,” Neural Netw., Vol. 137, pp. 119–126, Mei 2021.

G. Kocher and G. Kumar, “Analysis of Machine Learning Algorithms with Feature Selection for Intrusion Detection using UNSW-NB15 Dataset,” Int. J. Netw. Secur., Its Appl., Vol. 13, No. 1, pp. 21–31, Jan. 2021.

M. Madhiarasan and S.N. Deepa, “Comparative Analysis on Hidden Neurons Estimation in Multi Layer Perceptron Neural Networks for Wind Speed Forecasting,” Artif. Intell. Rev., Vol. 48, No. 4, pp. 449–471, Dec. 2017.

A. Sagheer, M. Zidan, and M.M. Abdelsamea, “A Novel Autonomous Perceptron Model for Pattern Classification Applications,” Entropy, Vol. 21, No. 8, pp. 1–24, Aug. 2019.

Published
2022-08-24
How to Cite
Muhammad Nur Faiz, Oman Somantri, & Arif Wirawan Muhammad. (2022). Machine Learning-Based Feature Engineering to Detect DDoS Attacks. Jurnal Nasional Teknik Elektro Dan Teknologi Informasi, 11(3), 176-182. https://doi.org/10.22146/jnteti.v11i3.3423
Section
Articles