Multi-class DRDoS Attack Detection Method Based on Feature Selection

Authors : Tianqi Yang; Weilin Wang; Ying Liu; Huachun Zhou


Abstract

Distributed denial of service (DDoS) attack is one of the most serious threats to the Internet The emergence of distributed reflection denial of service (DRDoS) attacks has increased the harm of DDoS attacks. Aiming at the common DRDoS attacks such as Memcached, TFTP, NTP, SSDP, SNMP and Chargen in the network, a multi-class DRDoS attack detection method based on feature selection is proposed. Through the analysis of the behavior and characteristics of attack, combined with probability distribution of features and feature importance to obtain a feature subset of 24 features. When constructing XGBoost model, the input features are the feature subset obtained by the above feature selection, and the model outputs multi classification results. The selected features can better reflect the characteristics of DRDoS attack and improve the detection performance of the model. Experimental results show that the feature subset obtained by this method has high precision in multi classification against DRDoS attacks, and is better than the traditional methods such as support vector machine and multi-layer perceptron. Feature selection not only reduces the processing time, but also reduces the malicious traffic by 99.93%.

Keywords : Multi-class DRDoS Attack Detection Method Based on Feature Selection

 

Research Briefs on Information & Communication Technology Evolution (ReBICTE)
Vol. 7, No. 15, pp. 1-15, November 15, 2021 [pdf]

DOI: 10.22667/ReBiCTE.2021.11.15.015