Machine Learning-Based Distributed Denial of Service Attack Detection on Intrusion Detection System Regarding to Feature Selection

Arif Wirawan Muhammad(1*), Cik Feresa Mohd Foozy(2), Ahmad Azhari(3),

(1) Insititut Teknologi Telkom Purwokerto
(2) Universiti Tun Hussein Onn
(3) Universitas Ahmad Dahlan
(*) Corresponding Author


Distributed Service Denial (DDoS) is a type of network attack, which each year increases in volume and intensity.  DDoS attacks also form part of the major types of cyber security threats so far. Early detection plays a key role in avoiding the catastrophic effects on server infrastructure from DDoS attacks. Detection techniques in the traditional Intrusion Detection System (IDS) are far from perfect compared to a number of modern techniques and tools used by attackers, because the traditional IDS only uses signature-based detection or anomaly-based detection models and causes a lot of false positive flags, since the flow of computer network data packets has complex properties in terms of both size and source. Based on the  deficiency in the ordinary IDS, this study aims to detect DDoS attacks by using machine learning techniques to enhance IDS policy development.  According to the experiment the selection of features plays an important role in the precision of the detection results and in the performance of machine learning in classification problems. The combination of seven key selected dataset features used as an input neural network classifier in this study provides the highest accuracy value at 97.76%.


IDS;DDoS;Feature;Machine Learning;

Full Text:


Article Metrics

Abstract view : 907 times
PDF - 272 times


S. Meysam, T. Nezhad, M. Nazari, and E. A. Gharavol, “A Novel DoS and DDoS Attacks Detection Algorithm Using ARIMA Time Series Model and Chaotic System in Computer Networks,” EEE Commun. Lett., vol. 20, no. 4, pp. 700–703, 2016.

M. Indra, W. Pramana, Y. Purwanto, and F. Y. Suratman, “DDoS Detection Using Modified K-Means Clustering with Chain Initialization Over Landmark Window,” in IEEE 2015 International Conference on Control, Electronics, Renewable Energy and Communications (ICCEREC), 2015, pp. 7–11.

W. Fuertes, A. Tunala, R. Moncayo, F. Meneses, and T. Toulkeridis, “Software-based Platform for Education and Training of DDoS Attacks using Virtual Networks,” 2017 Int. Conf. Softw. Secur. Assur., pp. 94–99, 2017, doi: 10.1109/ICSSA.2017.19.

F. Z. Chowdhury, “Economic Denial of Sustainability ( EDoS ) Mitigation Approaches in Cloud : Analysis and Open Challenges,” in IEEE International Conference on Electrical Engineering and Computer Science (ICECOS) 2017 Economic, 2017, pp. 206–211.

M. A. Ambusaidi, X. He, P. Nanda, and Z. Tan, “Building an Intrusion Detection System Using a Filter-Based Feature Selection Algorithm,” IEEE Trans. Comput., vol. 65, no. 10, pp. 2986–2998, 2016, doi: 10.1109/TC.2016.2519914.

J. Zhang, P. Liu, J. He, and Y. Zhang, “A Hadoop based analysis and detection model for IP Spoofing typed DDoS attack,” in 2016 IEEE TrustCom-BigDataSE-ISPA, 2016, pp. 1978–1985, doi: 10.1109/TrustCom.2016.300.

G. Ramadhan, Y. Kurniawan, C. Kim, A. T. C. P. Syn, and F. Ddos, “Design of TCP SYN Flood DDoS Attack Detection Using Artificial Immune Systems,” in IEEE 6th International Conference on System Engineering and Technology, 2016, pp. 72–76.

P. Machaka and A. Bagula, “Using Exponentially Weighted Moving Average Algorithm to Defend Against DDoS Attacks,” in IEEE 2016 Pattern Recognition Association of South Africa and Robotics and Mechatronics, 2016.

S. Hajar et al., “A Neural Network Model for Detecting DDoS Attacks Using Darknet Traffic Features,” in IEEE 2016 International Joint Conference on Neural Networks (IJCNN), 2016, no. November 2014, pp. 2979–2985.

N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” 2015 Mil. Commun. Inf. Syst. Conf. MilCIS 2015 - Proc., 2015, doi: 10.1109/MilCIS.2015.7348942.

N. Moustafa and J. Slay, “The evaluation of Network Anomaly Detection Systems: Statistical analysis of the UNSW-NB15 data set and the comparison with the KDD99 data set,” Inf. Secur. J., vol. 25, no. 1–3, pp. 18–31, 2016, doi: 10.1080/19393555.2015.1125974.

N. M. A. Moustafa, “Designing an online and reliable statistical anomaly detection framework for dealing with large high-speed network traffic,” no. November, 2017.

K. K. Vasan and B. Surendiran, “Feature subset selection for intrusion detection using various rank-based algorithms,” Int. J. Comput. Appl. Technol., vol. 55, no. 4, p. 298, 2017, doi: 10.1504/ijcat.2017.086017.

S. Khan, A. Gani, A. W. A. Wahab, and P. K. Singh, “Feature Selection of Denial-of-Service Attacks Using Entropy and Granular Computing,” Arab. J. Sci. Eng., vol. 43, no. 2, pp. 499–508, 2018, doi: 10.1007/s13369-017-2634-8.

M. Anthony et al., Neural Network Learning: Theoretical Foundations. Edinburgh, Scotland: Cambridge University Press, 2009.

I. Riadi, A. Wirawan, and S. -, “Network Packet Classification using Neural Network based on Training Function and Hidden Layer Neuron Number Variation,” Int. J. Adv. Comput. Sci. Appl., vol. 8, no. 6, pp. 248–252, 2017, doi: 10.14569/ijacsa.2017.080631.

I. Riadi, A. W. Muhammad, and Sunardi, “Neural network-based ddos detection regarding hidden layer variation,” J. Theor. Appl. Inf. Technol., vol. 95, no. 15, pp. 3684–3691, 2017.



International Journal Of Artificial Intelligence Research

Organized by: Departemen Teknik Informatika STMIK Dharma Wacana
Published by: STMIK Dharma Wacana
Jl. Kenanga No.03 Mulyojati 16C Metro Barat Kota Metro Lampung
phone. +62725-7850671
Fax. +62725-7850671
Email: | | 

View IJAIR Statcounter

Creative Commons License
IJAIR is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.