Ensemble-based Multi-Filter Feature Selection Method for DDoS Detection in Cloud Computing (1807.10443v1)

Abstract: Increasing interest in the adoption of cloud computing has exposed it to cyber-attacks. One of such is distributed denial of service (DDoS) attack that targets cloud bandwidth, services and resources to make it unavailable to both the cloud providers and users. Due to the magnitude of traffic that needs to be processed, data mining and machine learning classification algorithms have been proposed to classify normal packets from an anomaly. Feature selection has also been identified as a pre-processing phase in cloud DDoS attack defence that can potentially increase classification accuracy and reduce computational complexity by identifying important features from the original dataset, during supervised learning. In this work, we propose an ensemble-based multi-filter feature selection method that combines the output of four filter methods to achieve an optimum selection. An extensive experimental evaluation of our proposed method was performed using intrusion detection benchmark dataset, NSL-KDD and decision tree classifier. The result obtained shows that our proposed method effectively reduced the number of features from 41 to 13 and has a high detection rate and classification accuracy when compared to other classification techniques.

• The paper proposes an Ensemble-based Multi-Filter Feature Selection (EMFFS) method combining Information Gain, Gain Ratio, Chi-Squared, and ReliefF to improve DDoS detection in cloud computing.
• Evaluated on the NSL-KDD dataset with a J48 classifier, EMFFS achieved 99.67% accuracy and significantly reduced model building time to 0.78 seconds using only 13 features.
• This method offers a promising approach for creating lightweight and efficient cloud-based intrusion detection systems capable of high accuracy and low false alarm rates.

Ensemble-based Multi-Filter Feature Selection Method for DDoS Detection in Cloud Computing

The paper "Ensemble-based Multi-Filter Feature Selection Method for DDoS Detection in Cloud Computing" addresses the critical issue of feature selection for enhancing classification accuracy and efficiency in cloud-based DDoS attack detection systems. DDoS attacks continue to be a significant threat, exploiting the scalability and openness of cloud services. The challenge of processing massive amounts of network traffic data necessitates advanced methods to identify attacks effectively while maintaining computational efficiency.

Key Contributions

The authors propose an ensemble-based multi-filter feature selection (EMFFS) method, which integrates the outputs of four different filter methods: Information Gain (IG), Gain Ratio, Chi-Squared, and ReliefF. This ensemble approach aims to harness the advantages of each individual method to improve the feature selection process. By doing so, the method reduces the complexity of the intrusion detection system's data processing and enhances classification accuracy.

Methodological Overview

1. Filter Methods Utilized:
   • Information Gain (IG): Measures the reduction in entropy or uncertainty associated with each feature.
   • Gain Ratio: Attempts to overcome IG's bias towards features with many distinct values by normalizing IG with the feature's intrinsic information.
   • Chi-Squared: Evaluates the independence of each feature with respect to the target class.
   • ReliefF: Rates features based on their ability to differentiate between similar data points of different classes, valuable for handling noisy, multiclass problems.
2. EMFFS Implementation:
   • Each filter method ranks features independently.
   • A one-third split from the ranked features of each filter method creates subsets.
   • A simple voting mechanism selects features that appear in at least three of the four methods, resulting in a final set of 13 features.

Experimental Results

The evaluation utilized the NSL-KDD benchmark dataset, which addresses known flaws in the KDDCUP'99 dataset. The efficiency of the EMFFS method was analyzed using a J48 decision tree classifier in Weka, a data mining software.

• Classification Accuracy: The EMFFS method with 13 features achieved a classification accuracy of 99.67%, slightly surpassing the individual filter methods and the full feature set.
• Detection Rate and False Alarm Rate: The proposed method showed a detection rate of 99.76% and a false alarm rate of 0.42%, indicating efficient and reliable detection capabilities.
• Computational Efficiency: Notably, the time to build the model using the ensemble-selected features was substantially reduced to 0.78 seconds, demonstrating enhanced efficiency over processing the full feature set.

Implications and Future Work

The findings have significant implications for designing cloud-based DDoS detection systems. By effectively reducing the feature space while maintaining high accuracy, the EMFFS method offers a promising approach for developing lightweight and responsive intrusion detection systems. The reduction in processing time also contributes to the practical applicability of this method in real-time environments.

Future work suggested by the authors includes extending the evaluation to other classification algorithms and datasets. Exploring the scalability of the EMFFS method in larger, real-world cloud environments would also be a valuable direction for research.

Conclusion

In conclusion, the ensemble-based multi-filter feature selection method provides a robust framework for improving feature selection processes in cloud computing DDoS detection. By leveraging the strengths of multiple filter methods and optimizing feature subset selection, the proposed approach achieves superior classification performance and efficiency. This work represents a thoughtful advancement in the continual challenge of securing cloud-based systems against DDoS attacks.