Sensors (Oct 2020)

Error-Robust Distributed Denial of Service Attack Detection Based on an Average Common Feature Extraction Technique

  • João Paulo Abreu Maranhão,
  • João Paulo Carvalho Lustosa da Costa,
  • Edison Pignaton de Freitas,
  • Elnaz Javidi,
  • Rafael Timóteo de Sousa Júnior

DOI
https://doi.org/10.3390/s20205845
Journal volume & issue
Vol. 20, no. 20
p. 5845

Abstract

Read online

In recent years, advanced threats against Cyber–Physical Systems (CPSs), such as Distributed Denial of Service (DDoS) attacks, are increasing. Furthermore, traditional machine learning-based intrusion detection systems (IDSs) often fail to efficiently detect such attacks when corrupted datasets are used for IDS training. To face these challenges, this paper proposes a novel error-robust multidimensional technique for DDoS attack detection. By applying the well-known Higher Order Singular Value Decomposition (HOSVD), initially, the average value of the common features among instances is filtered out from the dataset. Next, the filtered data are forwarded to machine learning classification algorithms in which traffic information is classified as a legitimate or a DDoS attack. In terms of results, the proposed scheme outperforms traditional low-rank approximation techniques, presenting an accuracy of 98.94%, detection rate of 97.70% and false alarm rate of 4.35% for a dataset corruption level of 30% with a random forest algorithm applied for classification. In addition, for error-free conditions, it is found that the proposed approach outperforms other related works, showing accuracy, detection rate and false alarm rate of 99.87%, 99.86% and 0.16%, respectively, for the gradient boosting classifier.

Keywords