Integrating Machine Learning and T-tests to Optimize Distributed Denial of Service Attacks Detection

Abstract

Distributed denial of service attacks pose a significant challenge to the organizations providing IT services. The main aim of Distributed Denial of Service (DDoS) attacks is to make system services unavailable to legitimate users. An Intrusion Detection System (IDS) is an effective security mechanism that monitors network traffic and detects DDoS attack traffic. Modern attackers are continuously changing their patterns to launch sophisticated DDoS attacks. Dynamic changes in attack patterns cause IDS systems to misclassify network traffic, which has led to a degradation in IDS performance. The selection of relevant network features plays a crucial role in effectively differentiating between benign and DDoS attack traffic; thus, automatically, IDS performance will improve. In this paper, we proposed the statistical t-test to perform the feature selection method. This feature selection method based on the t-test determines a subset of features from the original set. The hypothesis is that these subset features can help machine learning classifiers effectively discriminate between benign and DDoS attack traffic. For the experimental analysis, publicly available IDS datasets CICDDoS2019 and CICIDS2017 were used. A subset of the CICDDoS2019 dataset consisting of 399998 train and 112611 test samples is utilized, and CICIDS2017 Friday log files were used. Thirteen supervised machine learning classifiers: Decision Tree (DT), Logistic Regression (LR), Naive Bayes (NB), Linear Discriminant Analysis (LDA), Quadratic Discriminant Analysis (QDA), Random Forest (RF), Extra Tree (EXT), ADB(AdaBoost), Support Vector Machines (SVM), Ridge, Multi-Layer Perceptron (MLP) K-Nearest Neighbors (KNN) and Extended Gradient Boosting (XGB) are used to evaluate the novel feature selection method. Among all these classifiers, SVM outperformed with a DDoS detection rate of 99.86% and an accuracy of 99.47%.