A multi-filter feature selection in detecting distributed denial-of-service attack
Distributed Denial of Services (DDoS) has become the most intrusive security threat on the Internet. Flash crowd attack is the most challenging problem among the attacks which targeting the web server during the Flash Events (FEs). It mimics the behaviour of legitimate users and sends high rate mali...
Saved in:
| Main Authors: | , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English English |
| Published: |
2019
|
| Subjects: | |
| Online Access: | https://eprints.ums.edu.my/id/eprint/31039/1/A%20multi-filter%20feature%20selection%20in%20detecting%20distributed%20denial-of-service%20attack.pdf https://eprints.ums.edu.my/id/eprint/31039/2/A%20multi-filter%20feature%20selection%20in%20detecting%20distributed%20denial-of-service%20attack_ABSTRACT.pdf https://eprints.ums.edu.my/id/eprint/31039/ https://dl.acm.org/doi/pdf/10.1145/3369555.3369572 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.ums.eprints.31039 |
|---|---|
| record_format |
eprints |
| spelling |
my.ums.eprints.310392021-11-16T07:42:04Z https://eprints.ums.edu.my/id/eprint/31039/ A multi-filter feature selection in detecting distributed denial-of-service attack Yon, Yi Jun Leau, Yu-Beng Suraya Alias Park, Yong Jin QA76.75-76.765 Computer software Distributed Denial of Services (DDoS) has become the most intrusive security threat on the Internet. Flash crowd attack is the most challenging problem among the attacks which targeting the web server during the Flash Events (FEs). It mimics the behaviour of legitimate users and sends high rate malicious traffics toward the server and block the normal users from using the desired services. Thus, making it hard to detect and successfully bypasses the detection mechanism. The key semantic difference between FEs and DDoS is that the former represents legitimate access of the website while the latter does not. However, this does not help in discriminating them automatically. The behavioural differences between the two have to be developed after understanding their individual properties. In this research, a Multi-Filter Feature Selection (M2FS) method is proposed by combining the 3 filter methods which are Information Gain (IG), Gain Ratio (GR) and Relief. It consists of 3-stage procedures: feature ranking, feature selection and classification. Subsequently, an experimental evaluation of the proposed Multi-Filter Feature Selection (M2FS) method is performed by using the benchmark dataset, NSL-KDD and employed the J48 classification algorithm. The performance of the proposed M2FS method is evaluated by multi-criteria that take into account which are classification accuracy, True Positive Rate (TPR), False Positive Rate (FPR) and time to build the model. Meanwhile, the performance of effectiveness of the proposed M2FS method is then compared with the existing feature selection methods and also the proposed M2FS with PCA. In addition, the proposed M2FS method is developed through WEKA API with Java Programming language using the IDE of Eclipse Java. The findings show that the proposed M2FS method is effectively reduced the 41 features to 14 features and produced a high accuracy, high TPR, low FPR and shorter time build when compared to other existing feature selection methods. 2019 Conference or Workshop Item PeerReviewed text en https://eprints.ums.edu.my/id/eprint/31039/1/A%20multi-filter%20feature%20selection%20in%20detecting%20distributed%20denial-of-service%20attack.pdf text en https://eprints.ums.edu.my/id/eprint/31039/2/A%20multi-filter%20feature%20selection%20in%20detecting%20distributed%20denial-of-service%20attack_ABSTRACT.pdf Yon, Yi Jun and Leau, Yu-Beng and Suraya Alias and Park, Yong Jin (2019) A multi-filter feature selection in detecting distributed denial-of-service attack. In: ICTCE 2019: 2019 The 3rd International Conference on Telecommunications and Communication Engineering, 9 - 12 November 2019, Tokyo, Japan. https://dl.acm.org/doi/pdf/10.1145/3369555.3369572 |
| institution |
Universiti Malaysia Sabah |
| building |
UMS Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaysia Sabah |
| content_source |
UMS Institutional Repository |
| url_provider |
http://eprints.ums.edu.my/ |
| language |
English English |
| topic |
QA76.75-76.765 Computer software |
| spellingShingle |
QA76.75-76.765 Computer software Yon, Yi Jun Leau, Yu-Beng Suraya Alias Park, Yong Jin A multi-filter feature selection in detecting distributed denial-of-service attack |
| description |
Distributed Denial of Services (DDoS) has become the most intrusive security threat on the Internet. Flash crowd attack is the most challenging problem among the attacks which targeting the web server during the Flash Events (FEs). It mimics the behaviour of legitimate users and sends high rate malicious traffics toward the server and block the normal users from using the desired services. Thus, making it hard to detect and successfully bypasses the detection mechanism. The key semantic difference between FEs and DDoS is that the former represents legitimate access of the website while the latter does not. However, this does not help in discriminating them automatically. The behavioural differences between the two have to be developed after understanding their individual properties. In this research, a Multi-Filter Feature Selection (M2FS) method is proposed by combining the 3 filter methods which are Information Gain (IG), Gain Ratio (GR) and Relief. It consists of 3-stage procedures: feature ranking, feature selection and classification. Subsequently, an experimental evaluation of the proposed Multi-Filter Feature Selection (M2FS) method is performed by using the benchmark dataset, NSL-KDD and employed the J48 classification algorithm. The performance of the proposed M2FS method is evaluated by multi-criteria that take into account which are classification accuracy, True Positive Rate (TPR), False Positive Rate (FPR) and time to build the model. Meanwhile, the performance of effectiveness of the proposed M2FS method is then compared with the existing feature selection methods and also the proposed M2FS with PCA. In addition, the proposed M2FS method is developed through WEKA API with Java Programming language using the IDE of Eclipse Java. The findings show that the proposed M2FS method is effectively reduced the 41 features to 14 features and produced a high accuracy, high TPR, low FPR and shorter time build when compared to other existing feature selection methods. |
| format |
Conference or Workshop Item |
| author |
Yon, Yi Jun Leau, Yu-Beng Suraya Alias Park, Yong Jin |
| author_facet |
Yon, Yi Jun Leau, Yu-Beng Suraya Alias Park, Yong Jin |
| author_sort |
Yon, Yi Jun |
| title |
A multi-filter feature selection in detecting distributed denial-of-service attack |
| title_short |
A multi-filter feature selection in detecting distributed denial-of-service attack |
| title_full |
A multi-filter feature selection in detecting distributed denial-of-service attack |
| title_fullStr |
A multi-filter feature selection in detecting distributed denial-of-service attack |
| title_full_unstemmed |
A multi-filter feature selection in detecting distributed denial-of-service attack |
| title_sort |
multi-filter feature selection in detecting distributed denial-of-service attack |
| publishDate |
2019 |
| url |
https://eprints.ums.edu.my/id/eprint/31039/1/A%20multi-filter%20feature%20selection%20in%20detecting%20distributed%20denial-of-service%20attack.pdf https://eprints.ums.edu.my/id/eprint/31039/2/A%20multi-filter%20feature%20selection%20in%20detecting%20distributed%20denial-of-service%20attack_ABSTRACT.pdf https://eprints.ums.edu.my/id/eprint/31039/ https://dl.acm.org/doi/pdf/10.1145/3369555.3369572 |
| _version_ |
1760230841699532800 |
| score |
13.154949 |