A Stacking Ensemble Model with Enhanced Feature Selection for Distributed Denial-of-Service Detection in Software-Defined Networks
Received: 11 September 2024 | Revised: 9 October 2024 | Accepted: 23 November 2024 | Online: 2 February 2025
Corresponding author: Tariq Emad Ali
Abstract
The proliferation of Distributed Denial of Service (DDoS) attacks poses a significant threat to network accessibility and performance. Traditional feature selection methods struggle with the complexity of network traffic data, leading to poor detection performance. To address this issue, a Genetic Algorithm Wrapper Feature Selection (GAWFS) is proposed, integrating Chi-squared and Genetic Algorithm (GA) approaches with a correlation method to select the most correlated features. GAWFS effectively reduces feature dimensions, eliminates redundancy, and identifies crucial and correlated features for classification. Detection accuracy is further improved by employing a stacking ensemble model, combining Multi-Layer Perceptron (MLP) and Support Vector Machine (SVM) as base models, with Random Forest (RF) as the metamodel. The proposed classifier achieves impressive accuracies of 99.86% for training data and 98.89% for test data, representing improvements of approximately 5% and 40%, respectively, over previous studies. The training time was also reduced to 2,593 s, a substantial improvement of approximately 29.92%. Validation on various benchmark datasets confirmed the efficacy of the proposed approach, underscoring the importance of the enhanced feature selection method and the stacking ensemble model against DDoS attacks.
Keywords:
distributed denial-of-service, software-defined networking, genetic algorithms, stacking ensemblesDownloads
References
T. Emad Ali, F. Imad Ali, A. Hussein Morad, and M. A Abdala, "Diabetic Patient Real-Time Monitoring System Using Machine Learning," International Journal of Computing and Digital Systems, vol. 16, no. 1, pp. 189–199, 2024.
S. V. Ramani and R. H. Jhaveri, "SDN Framework for Mitigating Time-Based Delay Attack," Journal of Circuits, Systems and Computers, vol. 31, no. 15, Oct. 2022, Art. no. 2250264.
C. Verma, Z. Illés, and D. Kumar, "TCLPI: Machine Learning-Driven Framework for Hybrid Learning Mode Identification," IEEE Access, vol. 12, pp. 98029–98045, 2024.
T. E. Ali, Y. W. Chong, and S. Manickam, "Machine Learning Techniques to Detect a DDoS Attack in SDN: A Systematic Review," Applied Sciences, vol. 13, no. 5, Jan. 2023, Art. no. 3183.
T. E. Ali, Y. W. Chong, and S. Manickam, "Comparison of ML/DL Approaches for Detecting DDoS Attacks in SDN," Applied Sciences, vol. 13, no. 5, Jan. 2023, Art. no. 3033.
C. Verma, "NextGen Learning: Hybrid Mode Prediction with Machine Learning," in 2024 11th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions) (ICRITO), Noida, India, Mar. 2024, pp. 1–8.
F. I. Ali, T. E. Ali, and Z. T. Al_dahan, "Private Backend Server Software-Based Telehealthcare Tracking and Monitoring System," International Journal of Online and Biomedical Engineering (iJOE), vol. 19, no. 1, pp. 119–134, Jan. 2023.
T. Emad Ali, A. Hussein Morad, and M. A. Abdala, "Load Balance in Data Center SDN Networks," International Journal of Electrical and Computer Engineering (IJECE), vol. 8, no. 5, Oct. 2018, Art. no. 3084.
F. I. Ali, T. E. Ali, and A. H. Hamad, "Telemedicine Framework in COVID-19 Pandemic," in 2022 International Conference on Engineering and Emerging Technologies (ICEET), Kuala Lumpur, Malaysia, Oct. 2022, pp. 1–8.
C. Verma, "Machine Learning Model for Applicability of Hybrid Learning in Practical Laboratory," Procedia Computer Science, vol. 235, pp. 1600–1607, Jan. 2024.
S. Das, D. Venugopal, S. Shiva, and F. T. Sheldon, "Empirical Evaluation of the Ensemble Framework for Feature Selection in DDoS Attack," in 2020 7th IEEE International Conference on Cyber Security and Cloud Computing (CSCloud)/2020 6th IEEE International Conference on Edge Computing and Scalable Cloud (EdgeCom), New York, NY, USA, Aug. 2020, pp. 56–61.
B. A. Alabsi, M. Anbar, and S. D. A. Rihan, "CNN-CNN: Dual Convolutional Neural Network Approach for Feature Selection and Attack Detection on Internet of Things Networks," Sensors, vol. 23, no. 14, Jan. 2023, Art. no. 6507.
A. Mansoor, M. Anbar, A. A. Bahashwan, B. A. Alabsi, and S. D. A. Rihan, "Deep Learning-Based Approach for Detecting DDoS Attack on Software-Defined Networking Controller," Systems, vol. 11, no. 6, Jun. 2023, Art. no. 296.
O. E. Elejla, M. Anbar, S. Hamouda, S. Faisal, A. A. Bahashwan, and I. H. Hasbullah, "Deep-Learning-Based Approach to Detect ICMPv6 Flooding DDoS Attacks on IPv6 Networks," Applied Sciences, vol. 12, no. 12, Jan. 2022, Art. no. 6150.
P. Wu, H. Guo, and N. Moustafa, "Pelican: A Deep Residual Network for Network Intrusion Detection," in 2020 50th Annual IEEE/IFIP International Conference on Dependable Systems and Networks Workshops (DSN-W), Valencia, Spain, Jun. 2020, pp. 55–62.
D. Javeed, T. Gao, M. T. Khan, and I. Ahmad, "A Hybrid Deep Learning-Driven SDN Enabled Mechanism for Secure Communication in Internet of Things (IoT)," Sensors, vol. 21, no. 14, Jan. 2021, Art. no. 4884.
H. C. Altunay and Z. Albayrak, "A hybrid CNN+LSTM-based intrusion detection system for industrial IoT networks," Engineering Science and Technology, an International Journal, vol. 38, Feb. 2023, Art. no. 101322.
M. S. Akhtar and T. Feng, "Detection of Malware by Deep Learning as CNN-LSTM Machine Learning Techniques in Real Time," Symmetry, vol. 14, no. 11, Nov. 2022, Art. no. 2308.
X. Gao, C. Shan, C. Hu, Z. Niu, and Z. Liu, "An Adaptive Ensemble Machine Learning Model for Intrusion Detection," IEEE Access, vol. 7, pp. 82512–82521, 2019.
P. K. Mondal, L. P. Aguirre Sanchez, E. Benedetto, Y. Shen, and M. Guo, "A dynamic network traffic classifier using supervised ML for a Docker-based SDN network," Connection Science, vol. 33, no. 3, pp. 693–718, Jul. 2021.
S. Haider et al., "A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks," IEEE Access, vol. 8, pp. 53972–53983, 2020.
N. Ahuja, "DDOS attack SDN Dataset." Mendeley, Sep. 27, 2020.
J. Liu, Y. Zhang, and Q. Zhao, "Video stabilization algorithm based on Pearson correlation coefficient," in 2019 International Conference on Advanced Mechatronic Systems (ICAMechS), Kusatsu, Shiga, Japan, Aug. 2019, pp. 289–293.
R. Rahimi et al., "A high-performance OpenFlow software switch," in 2016 IEEE 17th International Conference on High Performance Switching and Routing (HPSR), Yokohama, Japan, Jun. 2016, pp. 93–99.
A. Dhulfiqar, N. Pataki, and M. Tejfel, "Chatbot-Based Querying of IoT Devices in EdgeX," in SQAMIA 2023: Workshop on Software Quality Analysis, Monitoring, Improvement, and Applications, Bratislava, Slovakia, Sep. 2023, vol. 1613.
M. H. H. Khairi, S. H. S. Ariffin, N. M. A. Latiff, A. S. Abdullah, and M. K. Hassan, "A Review of Anomaly Detection Techniques and Distributed Denial of Service (DDoS) on Software Defined Network (SDN)," Engineering, Technology & Applied Science Research, vol. 8, no. 2, pp. 2724–2730, Apr. 2018.
A. Dhulfiqar, M. A. Abdala, N. Pataki, and M. Tejfel, "Deploying a web service application on the EdgeX open edge server: An evaluation of its viability for IoT services," Procedia Computer Science, vol. 235, pp. 852–862, Jan. 2024.
N. F. Rozam and M. Riasetiawan, "XGBoost Classifier for DDOS Attack Detection in Software Defined Network Using sFlow Protocol.," International Journal on Advanced Science, Engineering & Information Technology, vol. 13, no. 2, 2023.
Y. Alotaibi and M. Ilyas, "Ensemble-Learning Framework for Intrusion Detection to Enhance Internet of Things’ Devices Security," Sensors, vol. 23, no. 12, Jan. 2023, Art. no. 5568.
M. Saharkhizan, A. Azmoodeh, A. Dehghantanha, K.-K. R. Choo, and R. M. Parizi, "An Ensemble of Deep Recurrent Neural Networks for Detecting IoT Cyber Attacks Using Network Traffic," IEEE Internet of Things Journal, vol. 7, no. 9, pp. 8852–8859, Sep. 2020.
Downloads
How to Cite
License
Copyright (c) 2024 Tariq Emad Ali, Yung-Wey Chong, Kok-Lim Alvin Yau, Selvakumar Manickam, Mohd Najwadi Yusoff, Alwahab Dhulfiqar Zoltan
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
