A multi-filter feature selection in detecting distributed denial-of-service attack

Yon, Yi Jun and Leau, Yu-Beng and Suraya Alias and Park, Yong Jin (2019) A multi-filter feature selection in detecting distributed denial-of-service attack. In: ICTCE 2019: 2019 The 3rd International Conference on Telecommunications and Communication Engineering, 9 - 12 November 2019, Tokyo, Japan.

	Text A multi-filter feature selection in detecting distributed denial-of-service attack.pdf Restricted to Registered users only Download (771kB)
	Text A multi-filter feature selection in detecting distributed denial-of-service attack_ABSTRACT.pdf Download (64kB)

Official URL: https://dl.acm.org/doi/pdf/10.1145/3369555.3369572

Abstract

Distributed Denial of Services (DDoS) has become the most intrusive security threat on the Internet. Flash crowd attack is the most challenging problem among the attacks which targeting the web server during the Flash Events (FEs). It mimics the behaviour of legitimate users and sends high rate malicious traffics toward the server and block the normal users from using the desired services. Thus, making it hard to detect and successfully bypasses the detection mechanism. The key semantic difference between FEs and DDoS is that the former represents legitimate access of the website while the latter does not. However, this does not help in discriminating them automatically. The behavioural differences between the two have to be developed after understanding their individual properties. In this research, a Multi-Filter Feature Selection (M2FS) method is proposed by combining the 3 filter methods which are Information Gain (IG), Gain Ratio (GR) and Relief. It consists of 3-stage procedures: feature ranking, feature selection and classification. Subsequently, an experimental evaluation of the proposed Multi-Filter Feature Selection (M2FS) method is performed by using the benchmark dataset, NSL-KDD and employed the J48 classification algorithm. The performance of the proposed M2FS method is evaluated by multi-criteria that take into account which are classification accuracy, True Positive Rate (TPR), False Positive Rate (FPR) and time to build the model. Meanwhile, the performance of effectiveness of the proposed M2FS method is then compared with the existing feature selection methods and also the proposed M2FS with PCA. In addition, the proposed M2FS method is developed through WEKA API with Java Programming language using the IDE of Eclipse Java. The findings show that the proposed M2FS method is effectively reduced the 41 features to 14 features and produced a high accuracy, high TPR, low FPR and shorter time build when compared to other existing feature selection methods.

Item Type:	Conference or Workshop Item (Paper)
Keyword:	Feature selection and classification , Distributed denial-of service attack , Flash crowd , Detection accuracy
Subjects:	Q Science > QA Mathematics > QA1-939 Mathematics > QA71-90 Instruments and machines > QA75.5-76.95 Electronic computers. Computer science > QA76.75-76.765 Computer software
Department:	FACULTY > Faculty of Computing and Informatics
Depositing User:	SAFRUDIN BIN DARUN -
Date Deposited:	16 Nov 2021 15:42
Last Modified:	16 Nov 2021 15:42
URI:	https://eprints.ums.edu.my/id/eprint/31039

Actions (login required)

View Item