Low rate multi-vector ddos attack detection using information gain based feature selection

Abstract

The number of connected devices is exponentially growing in the world today and they need to work without having any interruption. This scenario is very challenging to cybersecurity and needs proper attention of network administrators, service providers, and users. Implementing security frameworks in this scenario is very difficult because attackers are using very sophisticated easy to operate weapons to launch huge attacks such as Distributed Denial of Service. Intelligently detecting and mitigating the attacks in the network requires the use of machine learning algorithms. This work proposes a strategic way involving feature selection based machine learning for the detection of stealthy attacks. The detection system works by performing ınformation gain-based feature selection as a preprocessing step. This ensures case-based preprocessing of each attack vector present in the traffic and is proved to be effective empirically. The proposed method has been tested using two supervised machine learning classification algorithms, namely Random forest and J48. The evaluation results show that the Random forest algorithm gives a satisfactory True Positive rate of 99.6% in detecting stealthy layer 7 attacks. The overall accu-racy obtained is 99.81%. This approach causes the algorithms to exhibit improved performance while doing classification.