An intelligent DDoS attack detection tree-based model using Gini index feature selection method

Cyber security has recently garnered enormous attention due to the popularity of the Internet of Things (IoT), intelligent devices rapid growth, and a vast number of real-life applications. As a result, detecting threats and constructing an efficient Intrusion detection system (IDS) have become cruc...

Full description

Saved in:
Bibliographic Details
Main Authors: Bouke, Mohamed Aly, Abdullah, Azizol, ALshatebi, Sameer Hamoud, Abdullah, Mohd Taufik, Atigh, Hayate El
Format: Article
Published: Elsevier B.V. 2023
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Cyber security has recently garnered enormous attention due to the popularity of the Internet of Things (IoT), intelligent devices rapid growth, and a vast number of real-life applications. As a result, detecting threats and constructing an efficient Intrusion detection system (IDS) have become crucial in todays security requirements. Withal, the large amount of high dimensional data might influence detection effectiveness and raise the computation requirements. Artificial Intelligence (AI) has recently attracted much attention and is widely used to build intelligent IDSs to preserve data confidentiality, integrity, and availability. Distributed denial of service (DDoS) is a denial of service (DoS) variant mainly targeting asset availability. Preventing DoS at the network or infrastructure level typically depends on implementing an IDS. This paper proposes a novel intelligent DDoS attack detection model based on a Decision Tee (DT) algorithm and an enhanced Gini index feature selection method. Our approach is evaluated on the UNSW-NB15 dataset, which contains 1,140,045 samples and is more recent and comprehensive than those used in previous works. Our system achieved an overall accuracy of 98, outperforming baseline models that used more advanced algorithms such as Random Forest and XGBoost. Our enhanced Gini index feature selection method allowed us to select only 13 out of 45 security features, significantly reducing the data dimensionality and avoiding overfitting issues. Our model also has a lower false alarm rate, misclassifying only 2 of the testing instances. Our approach is, therefore, highly effective and efficient, with the potential to be used in real-world network security applications.