Abstract
DDoS attacks still be a critical threat to online services. To defend against attacks, many features are proposed to measure the difference between attack traffic and normal traffic in DDoS detection. However, the feature importance of the features has not been evaluated, and the distinctive features need to be selected for effective detection. In this paper, we propose a comprehensive feature importance evaluation for DDoS detection. We extract 22 features and use four feature selection methods to evaluate the importance in five DDoS attacks detection. We also evaluate and select the distinctive features in the specific, mixed types of attacks detection and attacks identification scenarios. The comprehensive experimental results show that the selected important features perform better than all extracted features using the six popular classifiers.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Center for Applied Internet Data Analysis (CAIDA). https://www.caida.org/data/passive/ddos-20070804_dataset.xml. accessed 8 Jun 2021
Information marketplace for policy and analysis of cyber-risk & trust. http://www.impactcybertrust.org. Accessed 8 Jun 2021
Information security centre of excellence. https://www.unb.ca/cic/datasets/ids-2017.html. Accessed 8 Jun 2021
Netscout’s 14th annual worldwide infrastructure security report. https://www.netscout.com/report/. Accessed 8 Jun 2021
scikit-learn. https://scikit-learn.org/stable/. Accessed 8 Jun 2021
Battiti, R.: Using mutual information for selecting features in supervised neural net learning. IEEE Trans. Neural Netw. 5(4), 537–550 (1994)
Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recognit. 30(7), 1145–1159 (1997)
Breiman, L.: Random forests. Mach. Learn. 45(1), 5–32 (2001)
Chen, X., Wasikowski, M.: FAST: a ROC-based feature selection metric for small samples and imbalanced data classification problems. In: 14th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pp. 124–132. ACM, New York (2008). https://doi.org/10.1145/1401890.1401910
Cover, T., Hart, P.: Nearest neighbor pattern classification. IEEE Trans. Inf. Theor. 13(1), 21–27 (1967)
Dong, S., Sarem, M.: DDoS attack detection method based on improved KNN with the degree of DDoS attack in software-defined networks. IEEE Access 8, 5039–5048 (2020)
Hu, J., Yang, H., Lyu, R., King, I., Man-Cho, A.: Online nonlinear AUC maximization for imbalanced data sets. IEEE Trans. Neural Netw. Learn. Syst 29(4), 882–895 (2018)
Jia, Y., Zhong, F., Alrawais, A., Gong, B., Cheng, X.: FlowGuard: an intelligent edge defense mechanism against IoT DDoS attacks. IEEE Internet Things J. 7(10), 9552–9562 (2020)
Kambourakis, G., Moschos, T., Geneiatakis, D., Gritzalis, S.: Detecting DNS amplification attacks. In: Lopez, J., Hämmerli, B.M. (eds.) CRITIS 2007. LNCS, vol. 5141, pp. 185–196. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-89173-4_16
Kleinbaum, D.G., Klein, M.: Logistic Regression. Springer, New York (2002). https://doi.org/10.1007/b97379
Kumar, P., Tripathi, M., Nehra, A., Conti, M., Lal, C.: SAFETY: early detection and mitigation of TCP SYN flood utilizing entropy in SDN. IEEE Trans. Netw. Serv. Manag. 15(4), 1545–1559 (2018)
LeCun, Y., Bengio, Y., Hinton, G.: Deep learning. Nature 521(7553), 436–444 (2015)
Liu, Z., Cao, Y., Zhu, M., Ge, W.: Umbrella: enabling ISPs to offer readily deployable and privacy-preserving DDoS prevention services. IEEE Trans. Inf. Forensics Secur. 14(4), 1098–1108 (2019)
Oo, K.K., Ye, K.Z., Tun, H., Lin, K.Z., Portnov, E.M.: Enhancement of preventing application layer based on DDOS attacks by using hidden semi-Markov model. In: Zin, T.T., Lin, J.C.-W., Pan, J.-S., Tin, P., Yokota, M. (eds.) Genetic and Evolutionary Computing. AISC, vol. 387, pp. 125–135. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-23204-1_14
Rasti, R., Murthy, M., Weaver, N., Paxson, V.: Temporal lensing and its application in pulsing denial-of-service attacks. In: 2015 IEEE Symposium on Security and Privacy, San Jose, CA, USA, pp. 187–198 (2015). https://doi.org/10.1109/SP.2015.19
Safavian, S., Landgrebe, D.: A survey of decision tree classifier methodology. IEEE Trans. Syst. Man Cybern. Syst. 21(3), 660–674 (1991)
Suykens, J.A., Vandewalle, J.: Least squares support vector machine classifiers. Neural Process. Lett. 9(3), 293–300 (1999)
Wang, A., Chang, W., Chen, S., Mohaisen, A.: Delving into internet DDoS attacks by botnets: characterization and analysis. IEEE/ACM Trans. Netw. 26(6), 2843–2855 (2018)
Xiang, Y., Li, K., Zhou, W.: Low-rate DDoS attacks detection and traceback by using new information metrics. IEEE Trans. Inf. Forensics Secur. 6(2), 426–437 (2011)
Yu, S., Zhou, W., Doss, R., Jia, W.: Traceback of DDoS attacks using entropy variations. IEEE Trans. Parallel Distrib. Syst. 22(3), 412–425 (2011)
Zheng, J., Li, Q., Gu, G., Cao, J., Yau, D.K.Y., Wu, J.: Realtime DDoS defense using COTS SDN switches via adaptive correlation analysis. IEEE Trans. Inf. Forensics Secur. 13(7), 1838–1853 (2018)
Zhou, L., Liao, M., Yuan, C., Zhang, H.: Low-rate DDoS attack detection using expectation of packet size. Secur. Commun. Netw. 2017, 14 (2017)
Zhou, L., Sood, K., Xiang, Y.: ERM: an accurate approach to detect DDoS attacks using entropy rate measurement. IEEE Commun. Lett. 23(10), 1700–1703 (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 Springer Nature Switzerland AG
About this paper
Cite this paper
Zhou, L., Zhu, Y., Xiang, Y. (2022). A Comprehensive Feature Importance Evaluation for DDoS Attacks Detection. In: Li, B., et al. Advanced Data Mining and Applications. ADMA 2022. Lecture Notes in Computer Science(), vol 13087. Springer, Cham. https://doi.org/10.1007/978-3-030-95405-5_25
Download citation
DOI: https://doi.org/10.1007/978-3-030-95405-5_25
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95404-8
Online ISBN: 978-3-030-95405-5
eBook Packages: Computer ScienceComputer Science (R0)