DOI : https://doi.org/10.18517/ijaseit.12.2.10668

Feature Selection using Information Gain Method for Building Classification Model DDoS Attack at Application Layer

Muhammad Afrizal Amrustian (1), Heru Sukoco (2), Shelvie Nidya Neyman (3)
(1) Department of Informatics, Institut Teknologi Telkom Purwokerto, Banyumas, Central Java, 53147, Indonesia
(2) Department of Computer Science, IPB University, Dramaga, Bogor, 16680, Indonesia
(3) Department of Computer Science, IPB University, Dramaga, Bogor, 16680, Indonesia
Fulltext View | Download
How to cite (IJASEIT) :
Amrustian, Muhammad Afrizal, et al. “Feature Selection Using Information Gain Method for Building Classification Model DDoS Attack at Application Layer”. International Journal on Advanced Science, Engineering and Information Technology, vol. 12, no. 2, Apr. 2022, pp. 607-13, doi:10.18517/ijaseit.12.2.10668.
Citation Format :
Distributed Denial of Services (DDoS) is one of the digital attacks that often occurred, the record for DDoS attacks in the second quartal of 2018 reaches 5.7Gbps. The application layer becomes one of the targets for this attack type; this type of DDoS attack always mimicks the user's request, making it harder to detect than DDoS attack at the network and transport layer. The classification has been offered as one method to overcome this problem. Before classification, the selection feature becomes important due to some features that lead to error classification and make the process classification longer. This research uses information gain as a selection feature method and using CICIDS 2017 as the dataset. The CICIDS2017 has 692.704 records consist of 78 features and five classes. The result of feature selection using the information gain method reduces the numbers of features from 78 to 5. To prove that these five features can classify DDoS attacks correctly, we use a randomForest method as a classification method. The randomForest was used to classify the data into five classes: normal, DDoS Goldeneye, DDoS Hulk, DDoS Slowhttptest, and DDoS Slowloris. The result of performance for accuracy is 99.43%, for recall of each class are 99.48%, 99.81%, 99.41%, 96.01%, 99.97% respectively. Besides the result of performance for precision each class are 99.65%, 96.04%, 99.90%, 98.63%, 71.37%, respectively. The results of performance for classification time using five features are decreasing execution time 3.1 seconds.

C. Douligeris and D. N. Serpanos, Network security Current Status and Future Direcetions. 2007.

J. Bradshaw, “HSBC online banking crashes after cyber attack,” The Telegraph web, 2016. [Online]. Available: https://www.telegraph.co.uk/finance/newsbysector/banksandfinance/12129411/HSBC-online-banking-service-crashes-again.html.

A. Kharpal, “Hack attack leaves 1,400 airline passengers grounded,” CNBC Web, 2015. [Online]. Available: https://www.cnbc.com/2015/06/22/hack-attack-leaves-1400-passengers-of-polish-airline-lot-grounded.html.

O. Kupreev, E. Badovskaya, and A. Gutnikov, “DDoS attacks in Q3 2018,” Securelist, 2018. [Online]. Available: https://securelist.com/ddos-report-in-q3-2018/88617/.

B. Nagpal, P. Sharma, N. Chauhan, and A. Panesar, “DDoS tools: Classification, analysis and comparison,” 2015 Int. Conf. Comput. Sustain. Glob. Dev. INDIACom 2015, pp. 342-346, 2015.

Verisign, “Verisign Distributed Denial of Service Report,” 2018.

S. Ranjan, R. Swaminathan, M. Uysal, A. Nucci, and E. Knightly, “DDoS-shield: DDoS-resilient scheduling to counter application layer attacks,” IEEE/ACM Trans. Netw., vol. 17, no. 1, pp. 26-39, 2009.

K. J. Singh and T. De, “MLP-GA based algorithm to detect application layer DDoS attack,” J. Inf. Secur. Appl., vol. 36, pp. 145-153, 2017.

I. Ko, D. Chambers, and E. Barrett, “Self-supervised network traffic management for DDoS mitigation within the ISP domain,” Futur. Gener. Comput. Syst., vol. 112, pp. 524-533, 2020.

V. Bolón-Canedo, N. Sí¡nchez-Maroño, and A. Alonso-Betanzos, “Feature selection and classification in multiple class datasets: An application to KDD Cup 99 dataset,” Expert Syst. Appl., vol. 38, no. 5, pp. 5947-5957, 2011.

O. Osanaiye, H. Cai, K. K. R. Choo, A. Dehghantanha, Z. Xu, and M. Dlodlo, “Ensemble-based multi-filter feature selection method for DDoS detection in cloud computing,” Eurasip J. Wirel. Commun. Netw., vol. 2016, no. 1, 2016.

K. Kumar, G. Kumar, and Y. Kumar”, “Feature Selection Approach for Intrusion Detection System”,” Int. J. Adv. Trends Comput. Sci. Eng., vol. 2, no. 5, pp. 47-53, 2013.

M. Wang, Y. Lu, and J. Qin, “A dynamic MLP-based DDoS attack detection method using feature selection and feedback,” Comput. Secur., vol. 88, 2020.

S. Agrawal and R. Singh Rajput, “Denial of Services Attack Detection using Random Forest Classifier with Information Gain,” Int. J. Eng. Dev. Res., vol. 5, no. 3, pp. 929-938, 2017.

N. Farnaaz and M. A. Jabbar, “Random Forest Modeling for Network Intrusion Detection System,” Procedia Comput. Sci., vol. 89, pp. 213-217, 2016.

A. K. Hakim, M. Abdurohman, and F. A. Yulianto, “Improving DDoS detection accuracy using Six-Sigma in SDN environment,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 8, no. 2, pp. 365-370, 2018.

A. S. Ahmed, R. Hassan, and N. E. Othman, “Denial of service attack over secure neighbor discovery (SeND),” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 8, no. 5, pp. 1897-1904, 2018.

X. K. Li, W. Chen, Q. Zhang, and L. Wu, “Building Auto-Encoder Intrusion Detection System based on random forest feature selection,” Comput. Secur., vol. 95, p. 101851, 2020.

J. Fox and A. Leanage, “R and the Journal of Statistical Software,” J. Stat. Softw., vol. 73, no. 2, 2016.

W. Wang and S. Gombault, “Efficient detection of DDoS attacks with important attributes,” Proc. 2008 3rd Int. Conf. Risks Secur. Internet Syst. Cris. 2008, pp. 61-67, 2008.

T. Shorey, D. Subbaiah, A. Goyal, A. Sakxena, and A. K. Mishra, “Performance Comparison and Analysis of Slowloris, GoldenEye and Xerxes DDoS Attack Tools,” 2018 Int. Conf. Adv. Comput. Commun. Informatics, ICACCI 2018, pp. 318-322, 2018.

I. Park and S. Lee, “Spatial prediction of landslide susceptibility using a decision tree approach: a case study of the Pyeongchang area, Korea,” Int. J. Remote Sens., vol. 35, no. 16, pp. 6089-6112, 2014.

L. Breiman, “Random forests,” Mach. Learn., vol. 45, pp. 5-32, 2001.

A. Verikas, A. Gelzinis, and M. Bacauskiene, “Mining data with random forests: A survey and results of new tests,” Pattern Recognit., vol. 44, no. 2, pp. 330-349, 2011.

C. Zhang and Y. Ma, Ensemble machine learning: Methods and applications. 2012.

N. P. Lestari, “Uji Recall and Precision Sistem Temu Kembali,” Libr. Net, vol. 5, no. 3, pp. 45-46, 2016.

Authors who publish with this journal agree to the following terms:

    1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
    2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
    3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).