Impact of Feature Selection Methods on Machine Learning-based for Detecting DDoS Attacks : Literature Review
Authors
Muhammad Nur Faiz , Oman Somantri , Abdul Rohman Supriyono , Arif Wirawan MuhammadDOI:
10.31289/jite.v5i2.6112Published:
2022-01-26Issue:
Vol. 5 No. 2 (2022): Issues January 2022Downloads
Abstract
Cybersecurity attacks are becoming increasingly sophisticated and increasing with the development of technology so that they present threats to both the private and public sectors, especially Denial of Service (DoS) attacks and their variants which are often known as Distributed Denial of Service (DDoS). One way to minimize this attack is by using traditional mitigation solutions such as human-assisted network traffic analysis techniques but experiencing some limitations and performance problems. To overcome these limitations, Machine Learning (ML) has become one of the main techniques to enrich, complement and enhance the traditional security experience. The way ML works are based on the process of data collection, training and output. ML is influenced by several factors, one of which is feature engineering. In this study, we focus on the literature review of several recent studies which show that the feature selection process greatly impacts the level of accuracy of this ML. Datasets such as KDD, UNSW-NB15 and others also affect the level of accuracy of ML. Based on this literature review, this study can observe several feature engineering strategies with relevant impacts that can be chosen to improve ML solutions on DDoS attacks.References
Aamir, M., & Zaidi, S. M. A. (2019a). DDoS attack detection with feature engineering and machine learning : the framework and performance evaluation. International Journal of Information Security, 18, 761–785. https://doi.org/10.1007/s10207-019-00434-1
Aamir, M., & Zaidi, S. M. A. (2019b). DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation. International Journal of Information Security, 18(6), 761–785. https://doi.org/10.1007/s10207-019-00434-1
Al-Daweri, M. S., Zainol Ariffin, K. A., Abdullah, S., & Md. Senan, M. F. E. (2020). An Analysis of the KDD99 and UNSW-NB15 Datasets for the Intrusion Detection System. Symmetry, 12(10), 1666. https://doi.org/10.3390/sym12101666
Aleesa, A. M., Younis, M., Mohammed, A. A., & Sahar, N. M. (2021). Deep-intrusion detection system with enhanced UNSW-NB15 dataset based on deep learning techniques. Journal of Engineering Science and Technology, 16(1), 711–727.
Ambusaidi, M. A., He, X., Nanda, P., & Tan, Z. (2016). Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm. IEEE Transactions on Computers, 65(10), 2986–2998. https://doi.org/10.1109/TC.2016.2519914
Bagui, S., Kalaimannan, E., Bagui, S., Nandi, D., & Pinto, A. (2019). Using machine learning techniques to identify rare cyberâ€attacks on the UNSWâ€NB15 dataset. Security and Privacy, 2(6), 1–13. https://doi.org/10.1002/spy2.91
BÃ¥rli, E. M., Yazidi, A., Viedma, E. H., & Haugerud, H. (2021). DoS and DDoS mitigation using Variational Autoencoders. Computer Networks, 199(June), 108399. https://doi.org/10.1016/j.comnet.2021.108399
Belouch, M., Elhadaj, S., & Idhammad, M. (2018). A hybrid filter-wrapper feature selection method for DDoS detection in cloud computing. Intelligent Data Analysis, 22(6), 1209–1226. https://doi.org/10.3233/IDA-173624
Bindra, N., & Sood, M. (2020). Evaluating the impact of feature selection methods on the performance of the machine learning models in detecting DDoS attacks. Romanian Journal of Information Science and Technology, 23(3), 250–261.
Cepheli, Ö., Büyükçorak, S., & Karabulut Kurt, G. (2016). Hybrid Intrusion Detection System for DDoS Attacks. Journal of Electrical and Computer Engineering, 2016. https://doi.org/10.1155/2016/1075648
Chowdhury, F. Z. (2017). Economic Denial of Sustainability ( EDoS ) Mitigation Approaches in Cloud : Analysis and Open Challenges. IEEE International Conference on Electrical Engineering and Computer Science (ICECOS) 2017 Economic, 206–211.
Cvitić, I., Peraković, D., Periša, M., & Botica, M. (2021). Novel approach for detection of IoT generated DDoS traffic. Wireless Networks, 27(3), 1573–1586. https://doi.org/10.1007/s11276-019-02043-1
D’hooge, L., Wauters, T., Volckaert, B., & De Turck, F. (2020). Inter-dataset generalization strength of supervised machine learning methods for intrusion detection. Journal of Information Security and Applications, 54, 102564. https://doi.org/10.1016/j.jisa.2020.102564
Deka, R. K., Bhattacharyya, D. K., & Kalita, J. K. (2019). Active learning to detect DDoS attack using ranked features. Computer Communications, 145(May), 203–222. https://doi.org/10.1016/j.comcom.2019.06.010
Dong, H., Sun, J., & Sun, X. (2021). A Multi-Objective Multi-Label Feature Selection Algorithm Based on Shapley Value. Entropy, 23(8), 1094. https://doi.org/10.3390/e23081094
Eliyan, L. F., & Di Pietro, R. (2021). DoS and DDoS attacks in Software Defined Networks: A survey of existing solutions and research challenges. Future Generation Computer Systems, 122, 149–171. https://doi.org/10.1016/j.future.2021.03.011
Feroz Khan, A. B., & Anandharaj, G. (2020). A Multi-layer Security approach for DDoS detection in Internet of Things. International Journal of Intelligent Unmanned Systems, 9(3), 178–191. https://doi.org/10.1108/IJIUS-06-2019-0029
Fuertes, W., Tunala, A., Moncayo, R., Meneses, F., & Toulkeridis, T. (2017). Software-based Platform for Education and Training of DDoS Attacks using Virtual Networks. 2017 International Conference on Software Security and Assurance (ICSSA), 94–99. https://doi.org/10.1109/ICSSA.2017.19
Gaur, V., & Kumar, R. (2021). Analysis of Machine Learning Classifiers for Early Detection of DDoS Attacks on IoT Devices. Arabian Journal for Science and Engineering. https://doi.org/10.1007/s13369-021-05947-3
Gopi, R., Sathiyamoorthi, V., Selvakumar, S., Manikandan, R., Chatterjee, P., Jhanjhi, N. Z., & Luhach, A. K. (2021). Enhanced method of ANN based model for detection of DDoS attacks on multimedia internet of things. Multimedia Tools and Applications. https://doi.org/10.1007/s11042-021-10640-6
Haider, S., Akhunzada, A., Mustafa, I., Patel, T. B., Fernandez, A., Choo, K. R., & Iqbal, J. (2020). A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks. IEEE Access, 8, 53972–53983. https://doi.org/10.1109/ACCESS.2020.2976908
Hajar, S., Ali, A., Ozawa, S., Ban, T., Nakazato, J., Shimamura, J., Tun, U., & Onn, H. (2016). A Neural Network Model for Detecting DDoS Attacks Using Darknet Traffic Features. IEEE 2016 International Joint Conference on Neural Networks (IJCNN), November 2014, 2979–2985.
Hildebrand, C. (2021). Latest NETSCOUT Threat Intelligence Report Highlights Unprecedented DDoS Attack Activity. https://www.netscout.com/blog/latest-netscout-threat-intelligence-report-highlights
Jaafar, G. A., Abdullah, S. M., & Ismail, S. (2019). Review of Recent Detection Methods for HTTP DDoS Attack. Journal of Computer Networks and Communications, 2019(12), 1–10. https://doi.org/10.1155/2019/1283472
Kasongo, S. M., & Sun, Y. (2020). Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset. Journal of Big Data, 7(1), 1–20. https://doi.org/10.1186/s40537-020-00379-6
Kim, M. (2019). Supervised learningâ€based DDoS attacks detection: Tuning hyperparameters. ETRI Journal, 41(5), 560–573. https://doi.org/10.4218/etrij.2019-0156
Kocher, G., & Kumar, G. (2021). Analysis of Machine Learning Algorithms with Feature Selection for Intrusion Detection using UNSW-NB15 Dataset. International Journal of Network Security & Its Applications, 13(1), 21–31. https://doi.org/10.5121/ijnsa.2021.13102
Kunhare, N., & Tiwari, R. (2018). Study of the Attributes using Four Class Labels on KDD99 and NSL-KDD Datasets with Machine Learning Techniques. 2018 8th International Conference on Communication Systems and Network Technologies (CSNT), November 2018, 127–131. https://doi.org/10.1109/CSNT.2018.8820244
Lima Filho, F. S. De, Silveira, F. A. F., de Medeiros Brito Junior, A., Vargas-Solar, G., & Silveira, L. F. (2019). Smart Detection: An Online Approach for DoS/DDoS Attack Detection Using Machine Learning. Security and Communication Networks, 2019, 1–15. https://doi.org/10.1155/2019/1574749
Machaka, P., & Bagula, A. (2016). Using Exponentially Weighted Moving Average Algorithm to Defend Against DDoS Attacks. IEEE 2016 Pattern Recognition Association of South Africa and Robotics and Mechatronics.
Mahjabin, T., Xiao, Y., Sun, G., & Jiang, W. (2017). A survey of distributed denial-of-service attack, prevention, and mitigation techniques. International Journal of Distributed Sensor Networks, 13(12), 155014771774146. https://doi.org/10.1177/1550147717741463
Marta, I. K. K. A., Hartawan, I. N. B., & Satwika, I. K. S. (2020). Analisis Sistem Monitoring Keamanan Server Dengan Sms Alert Berbasis Snort. INSERT : Information System and Emerging Technology Journal, 1(1), 25. https://doi.org/10.23887/insert.v1i1.25874
Marvi, M., Arfeen, A., & Uddin, R. (2020). A generalized machine learningâ€based model for the detection of DDoS attacks. International Journal of Network Management, October, 1–22. https://doi.org/10.1002/nem.2152
Maslan, A., Mohamad, K. M. Bin, & Mohd Foozy, F. B. (2020). Feature selection for DDoS detection using classification machine learning techniques. IAES International Journal of Artificial Intelligence, 9(1), 137–145. https://doi.org/10.11591/ijai.v9.i1.pp137-145
Merouane, M. (2017). An approach for detecting and preventing DDoS attacks in campus. Automatic Control and Computer Sciences, 51(1), 13–23. https://doi.org/10.3103/S0146411616060043
Miao, J., & Niu, L. (2016). A Survey on Feature Selection. Procedia Computer Science, 91(Information Technology and Quantitative Management (ITQM 2016)), 919–926. https://doi.org/10.1016/j.procs.2016.07.111
Min, E., Long, J., Liu, Q., Cui, J., & Chen, W. (2018). TR-IDS: Anomaly-Based Intrusion Detection through Text-Convolutional Neural Network and Random Forest. Security and Communication Networks, 2018, 1–9. https://doi.org/10.1155/2018/4943509
Moustafa, N., & Slay, J. (2016). The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set. Information Security Journal: A Global Perspective, 25(1–3), 18–31. https://doi.org/10.1080/19393555.2015.1125974
Nimbalkar, P., & Kshirsagar, D. (2021). Feature selection for intrusion detection system in Internet-of-Things (IoT). ICT Express, 7(2), 177–181. https://doi.org/10.1016/j.icte.2021.04.012
Novaes, M. P., Carvalho, L. F., Lloret, J., & Proença, M. L. (2021). Adversarial Deep Learning approach detection and defense against DDoS attacks in SDN environments. Future Generation Computer Systems, 125, 156–167. https://doi.org/10.1016/j.future.2021.06.047
Özgür, A., & Erdem, H. (2017). The impact of using large training data set KDD99 on classification accuracy. In PeerJ (Vol. 5). https://doi.org/10.7287/peerj.preprints.2838
Parmar, H., & Gosai, A. (2015). Analysis and Study of Network Security at Transport Layer. International Journal of Computer Applications, 121(13), 35–40. https://doi.org/10.5120/21604-4716
Polat, H., Polat, O., & Cetin, A. (2020). Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models. Sustainability, 12(3), 1035. https://doi.org/10.3390/su12031035
Ramadhan, G., Kurniawan, Y., Kim, C., Syn, A. T. C. P., & Ddos, F. (2016). Design of TCP SYN Flood DDoS Attack Detection Using Artificial Immune Systems. IEEE 6th International Conference on System Engineering and Technology, 72–76.
Renuga Devi, R., & Umamaheswari, N. (2020). Detection of DDoS Attack in Cloud Computing using an Artificial Intelligence Based Approaches. Journal of Critical Reviews, 7(18), 2855–2861. https://doi.org/10.31838/jcr.07.18.295
Rios, V. de M., Inácio, P. R. M., Magoni, D., & Freire, M. M. (2021). Detection of reduction-of-quality DDoS attacks using Fuzzy Logic and machine learning algorithms. Computer Networks, 186(December 2020), 107792. https://doi.org/10.1016/j.comnet.2020.107792
Rudnicki W.R., Wrzesień M., P. W. (2015). Feature Selection for Data and Pattern Recognition. In U. Stańczyk & L. C. Jain (Eds.), Feature selection for data and pattern classification (Vol. 584). Springer Berlin Heidelberg. https://doi.org/10.1007/978-3-662-45620-0
Somantri, O., & Khambali, M. (2017). Feature Selection Klasifikasi Kategori Cerita Pendek Menggunakan Naïve Bayes dan Algoritme Genetika. Jurnal Nasional Teknik Elektro Dan Teknologi Informasi (JNTETI), 6(3), 301–306. https://doi.org/10.22146/jnteti.v6i3.332
Somasundaram, A., & Meenakshi, V. S. (2020). Ensemble Feature Selection Method and Combining Classifier Approach for DDoS Detection in Cloud. International Journal of Advanced Science and Technology, 29(3), 14348–14364.
Sonule, A., Kalla, M., Jain, A., & Chouhan, D. S. (2020). Unsw-Nb15 Dataset and Machine Learning Based Intrusion Detection Systems. International Journal of Engineering and Advanced Technology (IJEAT), 9(3), 2638–2648. https://doi.org/10.35940/ijeat.C5809.029320
Thakkar, A., & Lohiya, R. (2021). A survey on intrusion detection system: feature selection, model, performance measures, application perspective, challenges, and future research directions. Artificial Intelligence Review. https://doi.org/10.1007/s10462-021-10037-9
Thapngam, T., Yu, S., Zhou, W., & Makki, S. K. (2014). Distributed Denial of Service (DDoS) detection by traffic pattern analysis. Peer-to-Peer Networking and Applications, 7(4), 346–358. https://doi.org/10.1007/s12083-012-0173-3
Tonkal, Ö., Polat, H., Başaran, E., Cömert, Z., & Kocaoğlu, R. (2021). Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking. Electronics, 10(11), 1227. https://doi.org/10.3390/electronics10111227
Torabi, M., Udzir, N. I., Abdullah, M. T., & Yaakob, R. (2021). A Review on Feature Selection and Ensemble Techniques for Intrusion Detection System. International Journal of Advanced Computer Science and Applications, 12(5), 538–553. https://doi.org/10.14569/IJACSA.2021.0120566
Venkatesh, B., & Anuradha, J. (2019). A Review of Feature Selection and Its Methods. Cybernetics and Information Technologies, 19(1), 3–26. https://doi.org/10.2478/cait-2019-0001
Wirawan, A., Feresa, C., Foozy, M., & Azhari, A. (2020). Machine Learning-Based Distributed Denial of Service Attack Detection on Intrusion Detection System Regarding to Feature Selection. International Journal Of Artificial Intelegence Research, 4(1), 1–8. https://doi.org/10.29099/ijair.v4i1.156
Zhang, J., Liu, P., He, J., & Zhang, Y. (2016). A Hadoop based analysis and detection model for IP Spoofing typed DDoS attack. 2016 IEEE TrustCom-BigDataSE-ISPA, 1978–1985. https://doi.org/10.1109/TrustCom.2016.300
Zhiqiang, L., Bing, L., & Zhijun, L. (2019). Modeling Network Intrusion Detection System Using Feed-Forward Neural Network Using UNSW-NB15 Dataset. 2019 IEEE 7th International Conference on Smart Energy Grid Engineering (SEGE), 299–303.
Zhou, L., Liao, M., Yuan, C., & Zhang, H. (2017). Low-Rate DDoS Attack Detection Using Expectation of Packet Size. Security and Communication Networks, 2017(5), 1–14. https://doi.org/10.1155/2017/3691629
Author Biography
Muhammad Nur Faiz, Politeknik Negeri Cilacap
License
This work is licensed under aCreative Commons Attribution 4.0 International License
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under Creative Commons Attribution 4.0 International License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (Refer to The Effect of Open Access).