Feature selection for DDoS detection using classification machine learning techniques

Andi Maslan, Kamaruddin Malik Bin Mohamad, Feresa Binti Mohd Foozy


Computer system security is a factor that needs to be considered in the era of industrial revolution 4.0, namely by preventing various threats to the system, as well as being able to detect and repair any damage that occurs to the computer system. DDoS attacks are a threat to the company at this time because this attack is carried out by making very large requests for a site or website server so that the system becomes stuck and cannot function at all. DDoS attacks in Indonesia and developed countries always increase every year to 6% from only 3%. To minimize the attack, we conducted a study using Machine Learning techniques. The dataset is obtained from the results of DDoS attacks that have been collected by the researchers. From the datasets there is a training and testing of data using five techniques classification: Neural Network, Naïve Bayes and Random Forest, KNN, and Support Vector Machine (SVM), datasets processed have different percentages, with the aim of facilitating in classifying. From this study it can be concluded that from the five classification techniques used, the Forest random classification technique achieved the highest level of accuracy (98.70%) with a Weighted Avg 98.4%. This means that the technique can detect DDoS attacks accurately on the application that will be developed.


Feature Selection; Machine Learning; DDoS; Network Security

Full Text:



Abdul Kadir, Introduction to Information Systems Revised Edition. 2014.

T. Mahjabin, Y. Xiao, G. Sun, and W. Jiang, “A survey of distributed denial-of-service attack , prevention , and mitigation techniques,” vol. 13, no. 139, 2017.

M. M. Irsyad, “Analysis System Anomaly Traffic Detection with Comparing The Diffrences of Triangle-Area-Map Features for Anomaly Type Identification Mujp,” Telkom Univ., vol. 2, no. 1, pp. 254–263, 2015.

K. Kato and V. Klyuev, “An Intelligent DDoS Attack Detection System Using Packet Analysis and Support Vector Machine,” Int. J. Intell. Comput. Res., vol. 5, no. 3, pp. 464–471, 2014.

K. Ramadhani, M. Yusuf, and H. E. Wahanani, “Custom-Based Traffic Change Anomaly,” 2014.

A. W. Muhammad and I. Riadi, “Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window,” vol. 1, no. 3, pp. 115–122, 2017.

Z. Chiba, N. Abghour, K. Moussaid, A. El, and M. Rida, “Intelligent and Improved Self-Adaptive Anomaly based Intrusion Detection System for Networks,” vol. 11, no. 2, pp. 312–330, 2019.

A. Oza, “HTTP Attack Detection using N-gram Analysis,” 2013.

T. P. Thwe Thwe Oo, “A statistical approach to classify and identify DDoS attacks using UCLA dataset,” Int. J. Adv. Res. Comput. Eng. Technol., vol. 2, no. 5, p. 1766, 2013.

J. David and C. Thomas, “DDoS Attack Detection using Fast Entropy Approach on Flow- Based Network Traffic,” Procedia - Procedia Comput. Sci., vol. 50, pp. 30–36, 2015.

M. Alkasassbeh, A. B. A. Hassanat, and G. Al-naymat, “Detecting Distributed Denial of Service Attacks Using Data Mining Techniques,” vol. 7, no. 1, pp. 436–445, 2016.

B. A. Pratomo and R. M. Ijtihadie, “Sistem Deteksi Intrusi Menggunakan N-Gram Dan Cosine Similarity,” JUTI J. Ilm. Teknol. Inf., vol. 14, no. 1, p. 108, 2016.

S. Sridharan, “Defeating n-gram Scores for HTTP Attack Detection,” 2016.

A. Oza, K. Ross, R. M. Low, and M. Stamp, “HTTP Attack Detection using N-gram Analysis.pdf,” Comput. {&} Secur., vol. 45, pp. 242–254, 2014.

I. Riadi, A. W. Muhammad, and Sunardi, “Neural network-based ddos detection regarding hidden layer variation,” J. Theor. Appl. Inf. Technol., vol. 95, no. 15, pp. 3684–3691, 2017.

B. A. Tama and K. H. Rhee, “Data mining techniques in DoS / DDoS attack detection : A literature review Data Mining Techniques in DoS / DDoS Attack Detection : A Literature Review,” no. August 2015, 2017.

U. S. Utara, U. S. Utara, and U. S. Utara, “Botnet Detection Using the K-Nearest Neighbor Algorithm,” 2018.

M. Alkasassbeh, G. Al-Naymat, A. B.A, and M. Almseidin, “Detecting Distributed Denial of Service Attacks Using Data Mining Techniques,” Int. J. Adv. Comput. Sci. Appl., vol. 7, no. 1, 2016.

E. Manalu, F. A. Sianturi, and M. R. Manalu, “ Papplication of naive bayes algorithm to predict the production amount based on inventory data and the number of ordering on cv. Papadan mama pastries,” vol. 1, no. 2, 2017.

M. 2006. D. M. C. and T. N. Y. M. K. P. Han, J., & Kamber, Data mining Concept and Techniques. New York. 2006.

Siringoringo, “Comparative Analysis of Cluster Process Using K-Means Clustering and K-Nearest Neighbor in Diabetes Mellitus,” 2016.

K. Kepemilikan and K. Bemotor, “Application of k-nearest neighbor algorithm for determining credit risk of motorized vehicle ownership,” vol. 1, no. 1, pp. 65–76, 2013.

U. S. Utara, “Universitas Sumatera Utara,” 2015.

DOI: http://doi.org/10.11591/ijai.v9.i1.pp137-145
Total views : 76 times


  • There are currently no refbacks.

View IJAI Stats

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.