Using a Combination of Effective Feature Selection Methods and an Entropy-based Approach to Identify DDoS Anomalies
Keywords:
DDoS Attack, Entropy, Feature Selection, SPRTAbstract
Distributed Denial of Service (DDoS) attacks are among the most dangerous types of attacks. These kinds
of attacks bring targeted servers down and make their services unavailable to legal users. The first
objective of this study is to identify infected Ethernet and detect various kinds of up-to-date DDoS attacks
using a dynamic threshold by implementing multiple features of entropy and the Sequential Probabilities
Ratio Test approach (E-SPRT). The second is to select relevant features to improve the performance of
detection by implementing a new combination of machine learning techniques, which are ANOVA, Extra
Trees Classifier, Random Forest, and Correlation Matrix with Pearson Correlation approaches. Canadian
Institute for Cybersecurity (CIC-DDoS2019) databases were utilised to evaluate the implementation.
ESPRT using a feature selection approach with five features achieved an accuracy of over 97% with an
average False Positive Rate (FPR) close to 0 in identifying most different kinds of DDoS attacks.
References
[1] B. H. Ali, ― tudy the Effectiveness of equential Probability atio est in detection DDo
ttacks against DN, ‖ Al-Iraqia
Journal for Scientific Engineering Research, vol. 0, no. 0, pp. 35–41, 2022, doi: https://doi.org/10.33193/IJSER.0.00.2021.21.
[2] H. M. Belachew, M. Y. Beyene, A. B. Desta, B. T. Alemu, S. S. Musa and A. J. Muhammed, "Design a Robust DDoS Attack
Detection and Mitigation Scheme in SDN-Edge-IoT by Leveraging Machine Learning," in IEEE Access, vol. 13, pp. 10194
10214, 2025, doi: 10.1109/ACCESS.2025.3526692.
[3] B.H. Ali, N. B. Sulaiman, S. A. R. Al-Haddad, . B. tan, and . L. Mohd Hassan, ―DDo Detection sing ctive and Idle
Features of Revised CICFlowMeter and Statistical
pproaches,‖ IEEE conference, Zakho, Iraq, 2022, doi:
https://doi.org/10.1109/ICOASE56293.2022.10075591.
[4] B. H. Ali, N. B. Sulaiman, S. A. R. Al-Haddad, . B. tan, . L. Mohd Hassan, and M. K. lghrairi, ―Identification of distributed
denial of services anomalies by using combination of entropy and sequential probabilities ratio test methods,‖ Sensors, vol. 21,
no. 19, 2021, doi: https://doi.org/10.3390/s21196453.
[5] B. H. Ali, N. B. Sulaiman, S. A. R. Al-Haddad, . B. tan, and . L. Mohd Hassan, ―Detection of different Types of Distributed
Denial of ervice ttacks using Multiple Features of Entropy and equential Probabilities atio est,‖ Journal of Engineering
Science and Technology, vol. 18, no. 2, pp. 844 – 861, 2023.
[6] H. Ding, P. M. Feng, W. Chen, and H. Lin, ―Identification of Bacteriophage irion Proteins by the NO
Feature election
and nalysis,‖ Mol Biosyst, vol. 10, no. 8, pp. 2229–2235, 2014, doi: 10.1039/C4MB00316K.
[7] N. Ghalia, M. Nassereddine, and O. Al-Khatib, "Ensemble Learning for Network Intrusion Detection Based on Correlation and
Embedded Feature Selection Techniques" Computers, vol.14, no. 3, 2025, doi: https://doi.org/10.3390/computers14030082.
[8] P. Geurts, D. Ernst, and L. Wehenkel, ―Extremely andomised rees,‖ Mach Learn, vol. 63, no. 1, pp. 3–42, Apr. 2006, doi:
10.1007/S10994-006-6226-1/METRICS.
[9]
.
Jany habu et al., ― esearch on Intrusion Detection Method Based on Pearson Correlation Coefficient Feature election
lgorithm,‖ in Journal of Physics: Conference Series, Volume. 1757, International Conference on Computer Big Data and
Artificial Intelligence (ICCBDAI), Changsha, China: IOP Publishing, pp. 1–10, Jan. 2021, doi: 10.1088/1742
6596/1757/1/012054.
[10] M. Nooribakhsh and M. Mollamotalebi, ―
eview on tatistical pproaches for nomaly Detection in DDo
ttacks,‖
Information Security Journal: A Global Perspective, vol. 29, no. 3, pp. 118–133, Feb. 2020, doi:
10.1080/19393555.2020.1717019.
[11] H. Kousar, M. M. Mulla, P. hettar, and D. G. Narayan, ―DDo ttack Detection ystem using Apache Spark,” in International
Conference on Computer Communication and Informatics (ICCCI), Coimbatore, India: IEEE, Jun. 2021, doi:
10.1109/ICCCI50826.2021.9457012.
[12] S. M. Mousavi and M. St-Hilaire, ―Early Detection of DDo
ttacks against DN Controllers,‖ in 2 15 International Conference
on Computing, Networking and Communications, ICNC, Garden Grove, CA, USA: IEEE, Mar. 2015, pp. 77–81, doi:
10.1109/ICCNC.2015.7069319.
[13] N. Hoque, D. K. Bhattacharyya, and J. K. Kalita, ― Novel Measure for Low-Rate and High-Rate DDoS Attack Detection using
Multivariate Data
nalysis,‖ in 8th International Conference on Communication Systems and Networks (COMSNETS),
Bangalore, India: IEEE, Mar. 2016, doi: 10.1109/COMSNETS.2016.7439939.
[14] I. Özçelik and R. R. Brooks, ―Cusum - Entropy: n Efficient Method for DDo
ttack Detection,‖ in 4th International Istanbul
Smart Grid Congress and Fair (ICSG), Istanbul, Turkey: IEEE, Jun. 2016, doi: 10.1109/SGCF.2016.7492429.
[15] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, ―Developing ealistic Distributed Denial of ervice (DDo ) ttack
Dataset and axonomy,‖ in International Carnahan Conference on Security Technology, Chennai, India: IEEE, Oct. 2019, pp. 1
8, doi: 10.1109/CCST.2019.8888419.
[16]
. Gaur and . Kumar, ― nalysis of Machine Learning Classifiers for Early Detection of DDo
ttacks on Io Devices,‖ Arab J
Sci Eng, vol. 47, no. 2, pp. 1353–1374, Feb. 2022, doi: 10.1007/S13369-021-05947-3/METRICS.
[17] Farhan, M., Waheed ud din, H., Ullah, S. et al. Network-based intrusion detection using deep learning technique. Sci Rep 15,
25550 (2025). https://doi.org/10.1038/s41598-025-08770-0
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Basheer Husham Ali, Khaled Mansour Al-Rawe, Mohammed A. Ahmed, Ali J. Askar Al-Khafaji, Nasri Sulaiman
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Deprecated: json_decode(): Passing null to parameter #1 ($json) of type string is deprecated in /var/www/vhosts/ijser.aliraqia.edu.iq/httpdocs/plugins/generic/citations/CitationsPlugin.inc.php on line 49
