Skip to main content
SpringerLink
Log in

A Comprehensive Feature Importance Evaluation for DDoS Attacks Detection

  • Conference paper
  • First Online:
Book cover Advanced Data Mining and Applications (ADMA 2022)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 13087))

Included in the following conference series:

  • 1037 Accesses

Abstract

DDoS attacks still be a critical threat to online services. To defend against attacks, many features are proposed to measure the difference between attack traffic and normal traffic in DDoS detection. However, the feature importance of the features has not been evaluated, and the distinctive features need to be selected for effective detection. In this paper, we propose a comprehensive feature importance evaluation for DDoS detection. We extract 22 features and use four feature selection methods to evaluate the importance in five DDoS attacks detection. We also evaluate and select the distinctive features in the specific, mixed types of attacks detection and attacks identification scenarios. The comprehensive experimental results show that the selected important features perform better than all extracted features using the six popular classifiers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Center for Applied Internet Data Analysis (CAIDA). https://www.caida.org/data/passive/ddos-20070804_dataset.xml. accessed 8 Jun 2021

  2. Information marketplace for policy and analysis of cyber-risk & trust. http://www.impactcybertrust.org. Accessed 8 Jun 2021

  3. Information security centre of excellence. https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 8 Jun 2021

  4. Netscout’s 14th annual worldwide infrastructure security report. https://www.netscout.com/report/. Accessed 8 Jun 2021

  5. scikit-learn. https://scikit-learn.org/stable/. Accessed 8 Jun 2021

  6. Battiti, R.: Using mutual information for selecting features in supervised neural net learning. IEEE Trans. Neural Netw. 5(4), 537–550 (1994)

    Article  Google Scholar 

  7. Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognit. 30(7), 1145–1159 (1997)

    Article  Google Scholar 

  8. Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)

    Article  Google Scholar 

  9. Chen, X., Wasikowski, M.: FAST: a ROC-based feature selection metric for small samples and imbalanced data classification problems. In: 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 124–132. ACM, New York (2008). https://doi.org/10.1145/1401890.1401910

  10. Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theor. 13(1), 21–27 (1967)

    Article  Google Scholar 

  11. Dong, S., Sarem, M.: DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8, 5039–5048 (2020)

    Article  Google Scholar 

  12. Hu, J., Yang, H., Lyu, R., King, I., Man-Cho, A.: Online nonlinear AUC maximization for imbalanced data sets. IEEE Trans. Neural Netw. Learn. Syst 29(4), 882–895 (2018)

    Article  Google Scholar 

  13. Jia, Y., Zhong, F., Alrawais, A., Gong, B., Cheng, X.: FlowGuard: an intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet Things J. 7(10), 9552–9562 (2020)

    Article  Google Scholar 

  14. Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 185–196. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89173-4_16

    Chapter  Google Scholar 

  15. Kleinbaum, D.G., Klein, M.: Logistic Regression. Springer, New York (2002). https://doi.org/10.1007/b97379

  16. Kumar, P., Tripathi, M., Nehra, A., Conti, M., Lal, C.: SAFETY: early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Trans. Netw. Serv. Manag. 15(4), 1545–1559 (2018)

    Article  Google Scholar 

  17. LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)

    Article  Google Scholar 

  18. Liu, Z., Cao, Y., Zhu, M., Ge, W.: Umbrella: enabling ISPs to offer readily deployable and privacy-preserving DDoS prevention services. IEEE Trans. Inf. Forensics Secur. 14(4), 1098–1108 (2019)

    Article  Google Scholar 

  19. Oo, K.K., Ye, K.Z., Tun, H., Lin, K.Z., Portnov, E.M.: Enhancement of preventing application layer based on DDOS attacks by using hidden semi-Markov model. In: Zin, T.T., Lin, J.C.-W., Pan, J.-S., Tin, P., Yokota, M. (eds.) Genetic and Evolutionary Computing. AISC, vol. 387, pp. 125–135. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-23204-1_14

    Chapter  Google Scholar 

  20. Rasti, R., Murthy, M., Weaver, N., Paxson, V.: Temporal lensing and its application in pulsing denial-of-service attacks. In: 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, pp. 187–198 (2015). https://doi.org/10.1109/SP.2015.19

  21. Safavian, S., Landgrebe, D.: A survey of decision tree classifier methodology. IEEE Trans. Syst. Man Cybern. Syst. 21(3), 660–674 (1991)

    Article  MathSciNet  Google Scholar 

  22. Suykens, J.A., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)

    Article  Google Scholar 

  23. Wang, A., Chang, W., Chen, S., Mohaisen, A.: Delving into internet DDoS attacks by botnets: characterization and analysis. IEEE/ACM Trans. Netw. 26(6), 2843–2855 (2018)

    Article  Google Scholar 

  24. Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011)

    Article  Google Scholar 

  25. Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3), 412–425 (2011)

    Article  Google Scholar 

  26. Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K.Y., Wu, J.: Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838–1853 (2018)

    Article  Google Scholar 

  27. Zhou, L., Liao, M., Yuan, C., Zhang, H.: Low-rate DDoS attack detection using expectation of packet size. Secur. Commun. Netw. 2017, 14 (2017)

    Google Scholar 

  28. Zhou, L., Sood, K., Xiang, Y.: ERM: an accurate approach to detect DDoS attacks using entropy rate measurement. IEEE Commun. Lett. 23(10), 1700–1703 (2019)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Deakin University, Melbourne, 3125, Australia

    Lu Zhou, Ye Zhu & Yong Xiang

Authors
  1. Lu Zhou
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ye Zhu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yong Xiang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lu Zhou .

Editor information

Editors and Affiliations

  1. Nanjing University of Aeronautics and Astronautics, Nanjing, China

    Bohan Li

  2. University of Queensland, Brisbane, QLD, Australia

    Lin Yue

  3. University of Technology Sydney, Sydney, NSW, Australia

    Jing Jiang

  4. University of Queensland, Brisbane, QLD, Australia

    Weitong Chen

  5. University of Queensland, Brisbane, QLD, Australia

    Xue Li

  6. University of Technology Sydney, Sydney, NSW, Australia

    Guodong Long

  7. Carnegie Mellon University, Pittsburgh, USA

    Fei Fang

  8. Nanyang Technological University, Singapore, Singapore

    Han Yu

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhou, L., Zhu, Y., Xiang, Y. (2022). A Comprehensive Feature Importance Evaluation for DDoS Attacks Detection. In: Li, B., et al. Advanced Data Mining and Applications. ADMA 2022. Lecture Notes in Computer Science(), vol 13087. Springer, Cham. https://doi.org/10.1007/978-3-030-95405-5_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-95405-5_25

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-95404-8

  • Online ISBN: 978-3-030-95405-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation