International Journal of Data and Network Science (Jan 2024)

Detecting DDoS attacks using machine learning algorithms and feature selection methods

  • Mohammed Amin Almaiah,
  • Rana Alrawashdeh,
  • Tayseer Alkhdour,
  • Romel Al-Ali,
  • Gaith Rjoub ,
  • Theyazan Aldahyani

DOI
https://doi.org/10.5267/j.ijdns.2024.6.001
Journal volume & issue
Vol. 8, no. 4
pp. 2307 – 2318

Abstract

Read online

A Distributed Denial of Service (DDoS) attack occurs when an attacker tries to disrupt a network, service or website by flooding huge numbers of packets on the internet traffic. Detecting DDoS attacks serves the goal of spotting and addressing them promptly to reduce their effects on the network, system or service being targeted. Detecting Distributed Denial of Service (DDoS) attacks is crucial, for people, companies and network managers. The detection of DDoS attacks has ranging uses in industries such as network security safeguarding websites, managing cloud services ensuring the security of online systems and services. Detecting DDoS attacks is essential for safeguarding infrastructure upholding service availability and guaranteeing the security of online systems and services. To achieve this objective, we proposed a framework to detect DDoS attacks including six steps. In step one, we start by gathering information, which includes network activity and system records, for operations as well as instances of DDoS attacks. Step two, we identify characteristics of the data collected such as patterns in network traffic, packet details, IP addresses, types of protocols used and more. Step three, we utilize algorithms for feature selection such as Salp Swarm Algorithm (SSA), Gray Wolf Algorithm (GWA), Particle Swarm Algorithm (PSO) to pinpoint the features that can distinguish between normal activities and DDoS attack patterns. After that in step four, we divide the processed dataset into sections for training and testing purposes to develop and assess the machine learning models such as SVM (support vector machine), and KNN (K-nearest neighbor). Step five we develop a classification model using machine learning techniques like decision trees, forests, support vector machines (SVM) logistic regression models or neural networks. Finally, we assess the effectiveness of models through metrics such as accuracy rates, precision levels, recall rates, and F1 scores. The results show that the proposed models achieve high results (99.9%). In summary detecting DDoS attacks is crucial for protecting networks, systems and online services against disruptions.