Distributed Denial of Service Detection: Enhancing Machine Learning Models for Multiclass Classification

IF 1.4 Q3 COMPUTER SCIENCE, INFORMATION SYSTEMS

IET Networks Pub Date : 2025-08-09 DOI:10.1049/ntw2.70014

Paulo Victor, Iris Viana dos Santos Santana, Álvaro Sobrinho, Lenardo Chaves e Silva, Leandro Dias da Silva, Danilo F. S. Santos, Angelo Perkusich

{"title":"Distributed Denial of Service Detection: Enhancing Machine Learning Models for Multiclass Classification","authors":"Paulo Victor, Iris Viana dos Santos Santana, Álvaro Sobrinho, Lenardo Chaves e Silva, Leandro Dias da Silva, Danilo F. S. Santos, Angelo Perkusich","doi":"10.1049/ntw2.70014","DOIUrl":null,"url":null,"abstract":"<p>This study experiments with machine learning algorithms for detecting distributed denial of service attacks as a multiclass classification problem. The algorithms included the K-nearest neighbours, decision trees, support vector machines, random forests, extreme gradient boosting, gradient boosting machines and multilayer perceptron. We validated the models using the hold-out and cross-validation methods, performed class and model ablation analysis to evaluate performance impacts and applied feature selection techniques, feature importance and statistical tests. For instance, using 10-fold cross-validation with 79 features, 11 attack types and regular network traffic, the tree-based models achieved accuracies ranging from 75.69% to 76.24%. When using 15 features, seven attacks and regular network traffic, model accuracy improved significantly, ranging from 97.77% to 98.08%. Furthermore, in specific application scenarios, some models achieved near-perfect classification performance. Decision tree achieved the highest accuracy score for the local network communication scenario, reaching 99.86%, followed by software distribution or updates at 99.70%, web platforms and online applications at 98.25%, video streaming or online gaming at 97.06%, infrastructure monitoring and management at 95.00% and directory services and corporate authentication at 87.15%. Depending on the application scenario, our results indicate that specialised models can support classification tasks targeting specific system components with high performance.</p>","PeriodicalId":46240,"journal":{"name":"IET Networks","volume":"14 1","pages":""},"PeriodicalIF":1.4000,"publicationDate":"2025-08-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"https://ietresearch.onlinelibrary.wiley.com/doi/epdf/10.1049/ntw2.70014","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IET Networks","FirstCategoryId":"1085","ListUrlMain":"https://ietresearch.onlinelibrary.wiley.com/doi/10.1049/ntw2.70014","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q3","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

This study experiments with machine learning algorithms for detecting distributed denial of service attacks as a multiclass classification problem. The algorithms included the K-nearest neighbours, decision trees, support vector machines, random forests, extreme gradient boosting, gradient boosting machines and multilayer perceptron. We validated the models using the hold-out and cross-validation methods, performed class and model ablation analysis to evaluate performance impacts and applied feature selection techniques, feature importance and statistical tests. For instance, using 10-fold cross-validation with 79 features, 11 attack types and regular network traffic, the tree-based models achieved accuracies ranging from 75.69% to 76.24%. When using 15 features, seven attacks and regular network traffic, model accuracy improved significantly, ranging from 97.77% to 98.08%. Furthermore, in specific application scenarios, some models achieved near-perfect classification performance. Decision tree achieved the highest accuracy score for the local network communication scenario, reaching 99.86%, followed by software distribution or updates at 99.70%, web platforms and online applications at 98.25%, video streaming or online gaming at 97.06%, infrastructure monitoring and management at 95.00% and directory services and corporate authentication at 87.15%. Depending on the application scenario, our results indicate that specialised models can support classification tasks targeting specific system components with high performance.

Abstract Image

查看原文本刊更多论文

分布式拒绝服务检测：增强多类分类的机器学习模型

本研究将机器学习算法作为多类分类问题来检测分布式拒绝服务攻击。算法包括k近邻、决策树、支持向量机、随机森林、极端梯度增强、梯度增强机和多层感知机。我们使用保留和交叉验证方法验证了模型，进行了类别和模型消融分析来评估性能影响，并应用了特征选择技术、特征重要性和统计测试。例如，对79个特征、11种攻击类型和常规网络流量进行10倍交叉验证，基于树的模型的准确率在75.69%到76.24%之间。当使用15个特征、7种攻击和正常的网络流量时，模型的准确率显著提高，范围在97.77% ~ 98.08%之间。此外，在特定的应用场景中，一些模型达到了近乎完美的分类性能。决策树在本地网络通信场景的准确率得分最高，达到99.86%，其次是软件分发或更新99.70%，web平台和在线应用98.25%，视频流或在线游戏97.06%，基础设施监控和管理95.00%，目录服务和企业认证87.15%。根据应用场景，我们的结果表明，专门的模型可以支持针对特定系统组件的分类任务，并具有高性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IET Networks COMPUTER SCIENCE, INFORMATION SYSTEMS-

CiteScore

5.00

自引率

0.00%

发文量

审稿时长

33 weeks

期刊介绍： IET Networks covers the fundamental developments and advancing methodologies to achieve higher performance, optimized and dependable future networks. IET Networks is particularly interested in new ideas and superior solutions to the known and arising technological development bottlenecks at all levels of networking such as topologies, protocols, routing, relaying and resource-allocation for more efficient and more reliable provision of network services. Topics include, but are not limited to: Network Architecture, Design and Planning, Network Protocol, Software, Analysis, Simulation and Experiment, Network Technologies, Applications and Services, Network Security, Operation and Management.