Abstract

Distributed denial-of-service (DDoS) attacks pose a significant threat to computer networks and systems by disrupting services through the saturation of targeted systems with traffic from multiple sources. Real-time detection of these attacks has become a critical cybersecurity task. However, current DDoS attack detection methods suffer from high false positive rates and limited ability to capture the complex patterns of attack traffic. This research proposes an enhanced approach for detecting DDoS attacks using a hybrid feature selection technique in combination with an ensemble-based classifiers. The ensemble-based approach aggregates many decision trees to increase classification accuracy and reduce overfitting and model robustness. The feature selection technique uses correlation analysis, mutual information, and principal component analysis to identify the most useful characteristics for attack detection. The ensemble-based Random Forest classifier from the various ensemble-based approaches with the specified relevant features produces the best detection rates. Many datasets related to identifying DDoS attacks are used to evaluate the proposed model, and experimental findings demonstrate that it surpasses existing techniques in terms of accuracy, recall, precision, f1-score, and false positive rate, with other evaluation metrics. The proposed approach achieves almost 100 % accuracy, 100 % true positive rate, and 0 % error rate making it a promising solution for DDoS attack detection.

Introduction

A distributed denial of service (DDoS) attack uses a large number of compromised devices, sometimes those that are part of a botnet, to overload a targeted system or network with traffic and render it inaccessible to authorized users [1,2]. The goal of a DDoS attack is to disrupt the normal functioning of the target system or network, denying access to its intended users [3,4]. In this DDoS attack, the attacking devices may be compromised computers, routers, or IoT devices that have been infected with malware or taken over by an attacker. These devices are then directed to send a large volume of traffic to the target system or network, making it unable to respond to legitimate requests. DDoS assaults can originate from any location in the world, and since they are widespread, it may be difficult to effectively prevent or stop them. They are frequently employed by hackers or other criminals to demand money or to obstruct the work of a company, government, or organization. DDoS attacks can cause significant harm, including financial losses, reputational harm, and even legal consequences [5,6].

DDoS attacks raise significant ethical and legal concerns due to their potential to harm sensitive data and jeopardize user information. These attacks are on the rise in terms of both frequency and sophistication, which makes their identification and mitigation increasingly challenging [7]. Attackers employ a variety of techniques and technologies, and the impact of DDoS attacks extends beyond the targeted organization. For instance, an attack on a critical infrastructure provider can have a far-reaching impact, affecting other organizations, governments, and individuals. Consequently, addressing the DDoS attack problem is not only essential for individual enterprises but also for the broader community and society at large. Thus, there is a pressing need to develop effective methods and tools to detect and minimize DDoS attacks [8,9]. As DDoS attacks continue to grow in complexity, they pose challenges for mitigation. Countermeasures are difficult to implement because these attacks can target multiple network levels and originate from diverse sources [10]. Moreover, distinguishing genuine traffic from attack traffic remains a challenge. To effectively reduce the impact of DDoS attacks, innovative and collaborative approaches are required to address these evolving challenges [11,12].

Conclusion and future direction

The advanced approach presented for DDoS attack detection, employing a hybrid feature selection method and an ensemble-based Random Forest machine learning classifier, has showcased exceptional performance compared to existing techniques. The fusion of various feature selection methods and ensemble-based classifiers has yielded remarkable results, with near-perfect accuracy and outstanding performance across a range of evaluation metrics, making it a highly promising solution for real-world DDoS attack detection. The model’s consistent excellence in handling diverse DDoS datasets, including Botnet DDoS, APA-DDoS, DDoS-SDN, and others, underscores its versatility and effectiveness. As DDoS attacks continue to evolve in complexity and frequency, the demand for innovative and efficient approaches to identify and mitigate these threats has become imperative. The proposed model represents a significant leap in this domain and holds the potential to deliver substantial benefits to cybersecurity practitioners and organizations. Its applicability in real-time scenarios and its capability to effectively mitigate DDoS attack impacts ensure the uninterrupted availability and functionality of vital systems and services.

The methodologies and principles outlined in this research can be extended to identify and mitigate other network threats beyond DDoS attacks. Investigating its applicability to various cybersecurity challenges is a promising direction. Developing a comprehensive framework that not only detects attacks but also initiates adaptive responses and countermeasures in real-time can enhance network security. This proactive approach will be pivotal in addressing evolving cyber threats.