Optimizing Neural Network Architecture for Detecting DDOS Attacks using ANN and XGBoost in Imbalanced Networks
Received: 11 December 2024 | Revised: 12 January 2025, 4 February 2025, and 15 February 2025 | Accepted: 21 February 2025
Corresponding author: Rissal Efendi
Abstract
The advancement of Internet technology and digital transformation is always followed by increased security concerns in computer networks. Attacks can disrupt services connected to LANs and the Internet, particularly those targeting web-based applications. The most common threat in HTTP is Distributed Denial of Service (DDoS) attacks. Network security is critical to preserve the integrity and availability of services, and it is a critical necessity to have effective methods for detecting and mitigating such attacks to address these risks. Machine learning techniques, particularly ANN and XGBoost, play a key role in enhancing the ability to identify unusual patterns. Despite that, challenges remain in fine-tuning these models for accurate and efficient detection, especially when working with imbalanced data. This study proposes an integrated model that combines ANN with XGBoost to improve detection performance. In the first phase, the ANN architecture is customized to distinguish normal traffic from attacks, while in the second phase, XGBoost is used to refine predictions and improve accuracy. The evaluation results show that the DBSCAN-SMOTE-ANN-XGBoost-PSO model outperforms others, with high accuracy (96.83%), sensitivity (93.23%), and precision (96.13%), demonstrating its effectiveness in detecting DDOS attacks while reducing both false positives and negatives. This integrated approach offers an optimal solution to improve network security and address evolving DDOS attack patterns.
Keywords:
DDOS, ANN, XGBoost, anomaly detection, imbalaced networksDownloads
References
M. B. Muzammil, M. Bilal, S. Ajmal, S. C. Shongwe, and Y. Y. Ghadi, "Unveiling Vulnerabilities of Web Attacks Considering Man in the Middle Attack and Session Hijacking," IEEE Access, vol. 12, pp. 6365–6375, 2024.
R. R. Brooks, L. Yu, I. Ozcelik, J. Oakley, and N. Tusing, "Distributed Denial of Service (DDoS): A History," IEEE Annals of the History of Computing, vol. 44, no. 2, pp. 44–54, Apr. 2022.
S. Kumar, M. Dwivedi, M. Kumar, and S. S. Gill, "A comprehensive review of vulnerabilities and AI-enabled defense against DDoS attacks for securing cloud services," Computer Science Review, vol. 53, Aug. 2024, Art. no. 100661.
I. Tasevski and K. Jakimoski, "Overview of SQL Injection Defense Mechanisms," in 2020 28th Telecommunications Forum (TELFOR), Belgrade, Serbia, Nov. 2020, pp. 1–4.
M. Alghawazi, D. Alghazzawi, and S. Alarifi, "Detection of SQL Injection Attack Using Machine Learning Techniques: A Systematic Literature Review," Journal of Cybersecurity and Privacy, vol. 2, no. 4, pp. 764–777, Sep. 2022.
G. E. Rodríguez, J. G. Torres, P. Flores, and D. E. Benavides, "Cross-site scripting (XSS) attacks and mitigation: A survey," Computer Networks, vol. 166, Jan. 2020, Art. no. 106960.
G. Rodríguez-Galán and J. Torres, "Personal data filtering: a systematic literature review comparing the effectiveness of XSS attacks in web applications vs cookie stealing," Annals of Telecommunications, vol. 79, no. 11–12, pp. 763–802, Dec. 2024.
A. Fadlil, I. Riadi, and M. A. Mu’min, "Mitigation from SQL Injection Attacks on Web Server using Open Web Application Security Project Framework," International Journal of Engineering, vol. 37, no. 4, pp. 635–645, 2024.
R. K. Dwivedi, R. Kumar, and R. Buyya, "Gaussian Distribution-Based Machine Learning Scheme for Anomaly Detection in Healthcare Sensor Cloud:," International Journal of Cloud Applications and Computing, vol. 11, no. 1, pp. 52–72, Jan. 2021.
P. Gulihar and B. B. Gupta, "Anomaly based Mitigation of Volumetric DDoS Attack Using Client Puzzle as Proof-of-Work," in 2018 3rd IEEE International Conference on Recent Trends in Electronics, Information & Communication Technology (RTEICT), Bangalore, India, May 2018, pp. 2475–2479.
K. Ren, S. Yuan, C. Zhang, Y. Shi, and Z. Huang, "CANET: A hierarchical CNN-Attention model for Network Intrusion Detection," Computer Communications, vol. 205, pp. 170–181, May 2023.
L. Zhang, K. Liu, X. Xie, W. Bai, B. Wu, and P. Dong, "A data-driven network intrusion detection system using feature selection and deep learning," Journal of Information Security and Applications, vol. 78, Nov. 2023, Art. no. 103606.
H. Lin, Q. Xue, J. Feng, and D. Bai, "Internet of things intrusion detection model and algorithm based on cloud computing and multi-feature extraction extreme learning machine," Digital Communications and Networks, vol. 9, no. 1, pp. 111–124, Feb. 2023.
M. Jain, G. Kaur, and V. Saxena, "A K-Means clustering and SVM based hybrid concept drift detection technique for network anomaly detection," Expert Systems with Applications, vol. 193, May 2022, Art. no. 116510.
C. Ieracitano, A. Adeel, F. C. Morabito, and A. Hussain, "A novel statistical analysis and autoencoder driven intelligent intrusion detection approach," Neurocomputing, vol. 387, pp. 51–62, Apr. 2020.
J. Chen, X. Qi, L. Chen, F. Chen, and G. Cheng, "Quantum-inspired ant lion optimized hybrid k-means for cluster analysis and intrusion detection," Knowledge-Based Systems, vol. 203, Sep. 2020, Art. no. 106167.
A. Sanmorino, L. Marnisah, and H. D. Kesuma, "Detection of DDoS Attacks using Fine-Tuned Multi-Layer Perceptron Models," Engineering, Technology & Applied Science Research, vol. 14, no. 5, pp. 16444–16449, Oct. 2024.
D. Wu, Y. Deng, and M. Li, "FL-MGVN: Federated learning for anomaly detection using mixed gaussian variational self-encoding network," Information Processing & Management, vol. 59, no. 2, Mar. 2022, Art. no. 102839.
M. Kurni, M. S. Md, B. B. Yannam, and A. S. T, "MRPO-Deep maxout: Manta ray political optimization based Deep maxout network for big data intrusion detection using spark architecture," Advances in Engineering Software, vol. 174, Dec. 2022, Art. no. 103324.
P. B. Udas, Md. E. Karim, and K. S. Roy, "SPIDER: A shallow PCA based network intrusion detection system with enhanced recurrent neural networks," Journal of King Saud University - Computer and Information Sciences, vol. 34, no. 10, pp. 10246–10272, Nov. 2022.
M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proença, "Adversarial Deep Learning approach detection and defense against DDoS attacks in SDN environments," Future Generation Computer Systems, vol. 125, pp. 156–167, Dec. 2021.
D. Alghazzawi, O. Bamasag, H. Ullah, and M. Z. Asghar, "Efficient Detection of DDoS Attacks Using a Hybrid Deep Learning Model with Improved Feature Selection," Applied Sciences, vol. 11, no. 24, Dec. 2021, Art. no. 11634.
S. Nandi, S. Phadikar, and K. Majumder, "Detection of DDoS Attack and Classification Using a Hybrid Approach," in 2020 Third ISEA Conference on Security and Privacy (ISEA-ISAP), Guwahati, India, Feb. 2020, pp. 41–47.
X. H. Nguyen and K. H. Le, "Robust detection of unknown DoS/DDoS attacks in IoT networks using a hybrid learning model," Internet of Things, vol. 23, Oct. 2023, Art. no. 100851.
S. Haider et al., "A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks," IEEE Access, vol. 8, pp. 53972–53983, 2020.
M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proenca, "Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment," IEEE Access, vol. 8, pp. 83765–83781, 2020.
Z. S. Dhahir, "A Hybrid Approach for Efficient DDoS Detection in Network Traffic Using CBLOF-Based Feature Engineering and XGBoost," Journal of Future Artificial Intelligence and Technologies, vol. 1, no. 2, pp. 174–190, Sep. 2024.
R. Efendi, T. Wahyono, and I. R. Widiasari, "DBSCAN SMOTE LSTM: Effective Strategies for Distributed Denial of Service Detection in Imbalanced Network Environments," Big Data and Cognitive Computing, vol. 8, no. 9, Sep. 2024, Art. no. 118.
S. Muruganandam, R. Joshi, P. Suresh, N. Balakrishna, K. H. Kishore, and S. V. Manikanthan, "A deep learning based feed forward artificial neural network to predict the K-barriers for intrusion detection using a wireless sensor network," Measurement: Sensors, vol. 25, Feb. 2023, Art. no. 100613.
J. Al Amien, H. Ab Ghani, N. I. Md Saleh, E. Ismanto, and R. Gunawan, "Intrusion detection system for imbalance ratio class using weighted XGBoost classifier," TELKOMNIKA (Telecommunication Computing Electronics and Control), vol. 21, no. 5, Oct. 2023, Art. no. 1102.
G. Mohiuddin et al., "Intrusion Detection using hybridized Meta-heuristic techniques with Weighted XGBoost Classifier," Expert Systems with Applications, vol. 232, Dec. 2023, Art. no. 120596
S. S. Dhaliwal, A. A. Nahid, and R. Abbas, "Effective Intrusion Detection System Using XGBoost," Information, vol. 9, no. 7, Jun. 2018, Art. no. 149.
M. Hajihosseinlou, A. Maghsoudi, and R. Ghezelbash, "Intelligent mapping of geochemical anomalies: Adaptation of DBSCAN and mean-shift clustering approaches," Journal of Geochemical Exploration, vol. 258, Mar. 2024, Art. no. 107393.
S. Mayabadi and H. Saadatfar, "Two density-based sampling approaches for imbalanced and overlapping data," Knowledge-Based Systems, vol. 241, Apr. 2022, Art. no. 108217.
G. N. Tikhe and P. S. Patheja, "A Wrapper Feature Selection Based Hybrid Deep Learning Model for DDoS Detection in a Network with NFV Behaviors," Wireless Personal Communications, vol. 133, no. 1, pp. 481–506, Nov. 2023.
M. Aljebreen, H. A. Mengash, M. A. Arasi, S. S. Aljameel, A. S. Salama, and M. A. Hamza, "Enhancing DDoS Attack Detection Using Snake Optimizer With Ensemble Learning on Internet of Things Environment," IEEE Access, vol. 11, pp. 104745–104753, 2023.
D. Alghazzawi, O. Bamasag, H. Ullah, and M. Z. Asghar, "Efficient Detection of DDoS Attacks Using a Hybrid Deep Learning Model with Improved Feature Selection," Applied Sciences, vol. 11, no. 24, Dec. 2021, Art. no. 11634.
Y. Wei, J. Jang-Jaccard, F. Sabrina, A. Singh, W. Xu, and S. Camtepe, "AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification," IEEE Access, vol. 9, pp. 146810–146821, 2021.
M. Zeeshan et al., "Protocol-Based Deep Intrusion Detection for DoS and DDoS Attacks Using UNSW-NB15 and Bot-IoT Data-Sets," IEEE Access, vol. 10, pp. 2269–2283, 2022.
Downloads
How to Cite
License
Copyright (c) 2025 Rissal Efendi
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
