Hybrid Feature Selection and Deep Neural Architectures for Real-Time Distributed Denial of Service Detection in Cybersecurity Systems

Abstract

In today's digital age, timely and accurate detection is essential to maintain online service availability. Timely detection of network attacks is more crucial in network security. Adding effective feature selection minimizes computational requirements on security systems and increases accuracy, leading to more efficient mitigation. Hypothesis-driven feature selection and dense neural architecture address the dimensionality problem while preserving DDoS attack detection efficiency. The proposed method selects the significant features from the high-dimensional network traffic by integrating Z-tests and chi-square tests and detects the DDoS attacks using the DENSE Multi-Layer neural network (DNN) model. This work was evaluated on the benchmark publicly available datasets NSL-KDD, BoT_IoT, CICIDS2017, CICIDS2018, and CICDDoS2019, while it reduced an 80.13±2.38% feature space. The highlight of this work is predicting the network traffic in less than a second. The model performed well in generalizing, with detection rates of 99.42% (CICDDoS2017), 100% (CICIDS2019), and 99.69% (CICDDoS2019). However, the model performed moderately well on NSL-KDD (75.51%) and BOT-IoT (89.86%), showing that deep learning models can be influenced by the variety of datasets and how the features are organized. The proposed model outperforms the state-of-the-art comparison with existing works in terms of detection rate.

Keywords

Low-rate and High-rate DDoS Detection, Intrusion Detection System , Z-test, Chi-Square, DENSE MLP, CICDDOS2019 Dataset

References

1. H. Chuang and L. Ye, "Applying transfer learning approaches for intrusion detection in software-defined networking", Sustainability, vol. 15, no. 12, pp. 9395, Jun. 2023.
2. L. Chen, Z. Wang, R. Huo and T. Huang, "An adversarial DBN-LSTM method for detecting and defending against DDoS attacks in SDN environments", Algorithms, vol. 16, no. 4, pp. 197, Apr. 2023.
3. M. Rashid, J. Kamuruzzaman, T. Iman, S. Wibow, and S. Gordan, “A tree-based stacking ensemble technique with feature selection for network intrusion detection”, International Journal of Speech Technology, vol 52, no. 9, pp. 9768-9781, 2022.
4. M. Bakro, R. Rakesh, M. Hussain, Z. Ashraf, A. Ali, S. Yaqoob, M. Ahmed,N.Parveen,” Building a Cloud-IDS by Hybrid Bio-Inspired Feature Selection Algorithms Along With Random Forest Model”, IEEE Access, vol 12, pp.8846-8874, 2024.
5. A. Binbusayyis and T. Vayapuri, “Unsupervised deep learning approach for network intrusion detection combining convolutional autoencoder and One-class SVM”, International Journal of Speech Technology, Volume 51, No. 10, pp. 7094-7108, 2021.
6. P. Kannari, N. Shariff, and R. Biradar, ‘‘Network intrusion detection using sparse autoencoder with swish-PReLU activation model,’’ J. Ambient Intell. Humanized Comput., Vol. 1, pp. 1-13, Mar. 2021, doi: 10.1007/s12652- 021-03077-0.
7. H. Emiro, H. Eduardo, A. Ortiz, J. Ortega, and A. Martínez-Álvarez, “Feature selection by multi-objective optimisation: Application to network anomaly detection by hierarchical self-organising maps”, Knowledge-Based Systems, vol 71, pp. 322-338 2014, https://doi.org/10.1016/j.knosys.2014.08.013.
8. Z. Ahmad, S. Khan, W. Shiang, J. Abdullah, and F. Ahmad, “Network intrusion detection system: A systematic study of machine learning and deep learning approaches”, Transactions on Emerging Telecommunications Technology, vol 32, no. 1 pp. e4150, 2021, https://doi.org/10.1002/ett.4150.
9. Ch. Khammassi and S. Krichen, “A NSGA2-LR wrapper approach for feature selection in network intrusion detection”, Computer Networks, vol. 172, pp. 107183, 2020, https://doi.org/10.1016/j.comnet.2020.107183.
10. Siddiqi, M. Ahmed, and W. Pak., "Optimizing Filter-Based Feature Selection Method Flow for Intrusion Detection System", Electronics, vol. 9, no. 12: pp. 2114, 2020, https://doi.org/10.3390/electronics9122114.
11. Ahsan, Mostofa, G. Rahul, Md. Minhaz, and E. Kendall., "Enhancing Machine Learning Prediction in Cybersecurity Using Dynamic Feature Selector", Journal of Cybersecurity and Privacy, vol 1, no. 1, pp. 199-218, 2021, https://doi.org/10.3390/jcp1010011.
12. Z. Halim, M. Nadeem, M. Waqas, M. Sulaiman, G. Abbas, M. Hussain, I. Ahmad, and M. Hanif, An effective genetic algorithm-based feature selection method for intrusion detection systems, Computers & Security, vol. 110, pp. 102448, 2021, https://doi.org/10.1016/j.cose.2021.102448.
13. Y. Zhang, Sh. Cheng, Sh.Yuhui, D. Gong, and X. Zhao, “Cost-sensitive feature selection using two-archive multi-objective artificial bee colony algorithm”, Expert Systems with Applications, vol. 137, pp. 46-58, 2019, https://doi.org/10.1016/j.eswa.2019.06.044.
14. Alabdulwahab, Saleh, and BongKyo Moon. "Feature Selection Methods Simultaneously Improve the Detection Accuracy and Model Building Time of Machine Learning Classifiers", Symmetry, vol. 12, no. 9: pp. 1424, 2020, https://doi.org/10.3390/sym12091424.
15. Akhiat, Y., Touchanti, K., Zinedine, A. et al. IDS-EFS: Ensemble feature selection-based method for intrusion detection system. Multimed Tools Applications, Volume 83, 2024, pp. 12917–12937, https://doi.org/10.1007/s11042-023-15977-8.
16. I. Thaseen and C. Aswani Kumar, "Intrusion detection model using fusion of chi-square feature selection and multi class SVM", Journal of King Saudi University, Comput. Inf. Sci., vol. 29, no. 4, pp. 462-472, Oct. 2017.
17. S. Dwivedi, M. Vardhan, and S. Tripathi, ‘‘Building an efficient intrusion detection system using grasshopper optimization algorithm for anomaly detection,’’ Cluster Comput., vol. 24, no. 3, pp. 1881–1900, Sep. 2021, doi: 10.1007/s10586-020-03229-5.
18. R. Kanna and P. Santhi, ‘‘Hybrid intrusion detection using MapReduce based black widow optimized convolutional long short-term memory neural networks,’’ Expert Syst. Appl., vol. 194, pp. 116545, May 2022, doi: 10.1016/j.eswa.2022.116545.
19. V. Dora and V. Lakshmi, ‘‘Optimal feature selection with CNNfeature learning for DDoS attack detection using meta-heuristic-based LSTM,’’ Int. J. Intell. Robot. Appl., vol. 6, no. 2, pp. 323–349, Jun. 2022, doi: 10.1007/s41315-022-00224-4.
20. Y. Wei, J. Jang-Jaccard, F. Sabrina, A. Singh, W. Xu, and S. Camtepe, ‘‘AE-MLP: A hybrid deep learning approach for DDoS detection and classification,’’ IEEE Access, vol. 9, pp. 146810–146821, 2021, doi: 10.1109/ACCESS.2021.3123791.
21. P. R. Kanna and P. Santhi, ‘‘Unified deep learning approach for efficient intrusion detection system using integrated spatial–temporal features,’’ Knowledge. Based Systems., vol. 226, no. 107132, Aug. 2021, doi: 10.1016/j.knosys.2021.107132.
22. I. Sharafaldin, A. H. Lashkari, S. Hakak and A. A. Ghorbani, "Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy," In Proc: International Carnahan Conference on Security Technology (ICCST), Chennai, India, 2019, pp. 1-8, doi: 10.1109/CCST.2019.8888419.
23. Pontes, C. F. T., de Souza, M. M. C., Gondim, J. J. C., Bishop, M., and MA. Marotta, “ A New Method for Flow-Based Network Intrusion Detection Using the Inverse Potts Model”, IEEE Transactions on Network and Service Management, vol. 18, no. 2, pp.1125–1136, 2021, doi:10.1109/tnsm.2021.3075503.
24. S. Rajagopal, P. Kundapur, and K. Hareesha, “Towards effective network intrusion detection: from concept to creation on Azure cloud”. IEEE Access, vol. 9, pp.19723-19742.
25. J. Halladay, D. Cullen, N. Briner, J. Warren, K. Fye, and R. Basnet, “Detection and Characterization of DDoS Attacks Using Time-Based Features”, IEEE Access, vol. 10, pp. 49794-49807, 2022, doi: 10.1109/ACCESS.2022.3173319.
26. B.K. Raju, and H. Seetha, “An integrated approach explaining the detection of distributed denial of service attacks”, Computer Networks, vol. 216, pp. 109269, 2022, https://doi.org/10.1016/j.comnet.2022.109269.
27. A. Aswani, and E. Suresh, “A lightweight multi-vector DDoS detection framework for IoT-enabled mobile health informatics systems using deep learning”, Information Sciences, vol 662, pp. 120209, 2024, https://doi.org/10.1016/j.ins.2024.120209.
28. Raza, M. Saibtain, M. Nowsin, I. Hwang, and MS. Rahman, "Feature-Selection-Based DDoS Attack Detection Using AI Algorithms", Telecom vol. 5, no. 2, pp. 333-346. 2024, https://doi.org/10.3390/telecom5020017.
29. Thi-Thu-Huong Le, S. Heo, J. Cho, H. Kim, “DDoSBERT: Fine-tuning variant text classification bidirectional encoder representations from transformers for DDoS detection”, Computer Networks, vol. 262, pp. 111150, 2025, https://doi.org/10.1016/j.comnet.2025.111150.
30. S. Mahdavifar and A. A. Ghorbani, "CapsRule: Explainable Deep Learning for Classifying Network Attacks," in IEEE Transactions on Neural Networks and Learning Systems, vol. 35, no. 9, pp. 12434-12448, Sept. 2024, doi: 10.1109/TNNLS.2023.3262981.
31. A. Devrim, S. Hizal, and U. Cavusoglu, “A new DDoS attacks intrusion detection model based on deep learning for cybersecurity”, Computers and Security, vol. 118, pp.102748, 2022, https://doi.org/10.1016/j.cose.2022.102748.
32. A. A. Najar, and S. M. Naik, “A Robust DDoS Intrusion Detection System Using Convolutional Neural Network”, Computers and Electrical Engineering, vol. 117, no. 109277, pp. 1-19, 2024, https://doi.org/10.1016/j.compeleceng.2024.109277.
33. M. Raghupathi and V. Radhakrishna, “Integrating Machine Learning and T-tests to Optimize Distributed Denial of Service Attacks Detection”, International Journal of Intelligent and Engineering Systems, vol.17, no. 6, pp.1023-1043, 2024, https://doi.org/10.22266/ijies2024.1231.76.
34. H. Zouhri, A. Idri, and Ratnani, “A. Evaluating the impact of filter-based feature selection in intrusion detection systems”. International. Journal of. Information Security, vol 23, pp. 759–785, 2024. https://doi.org/10.1007/s10207-023-00767-y.
35. Y. Ho and S. Wookey, “The real-world-weight cross-entropy loss function: modeling the costs of mislabeling,” IEEE Access, vol. 8, pp. 4806–4813, 2020.
36. M. Tavallaee, E. Bagheri, W. Lu and A. A. Ghorbani, "A detailed analysis of the KDD CUP 99 data set", In Proc. IEEE Symp. Comput. Intell. Secur. Defense Appl., pp. 53-58, Jul. 2009.
37. I. Sharafaldin, AH. Lashkari, and AA. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization”. In Proc: International Conference on Information Systems Security and Privacy ISSN 2184-4356, pages 108-116. 2018, DOI: 10.5220/0006639801080116.
38. A. Gharib, I. Sharafaldin, A. H. Lashkari and A. A. Ghorbani, "An Evaluation Framework for Intrusion Detection Dataset," In Proc: International Conference on Information Science and Security (ICISS), Pattaya, Thailand, pp. 1-6,2016, doi: 10.1109/ICISSEC.2016.7885840.
39. Koroniotis, Nickolaos, N. Moustafa, E. Sitnikova, and B. Turnbull. "Towards the development of realistic botnet dataset in the internet of things for network forensic analytics: Bot-iot dataset.", Future Generation Computer Systems, vol. 100, pp. 779-796. 2019.
40. AH. Lashkari, G. Draper-Gil, MS. Mamun and AA. Ghorbani, "Characterization of Tor Traffic Using Time Based Features", In Proc: International Conference on Information System Security and Privacy, SCITEPRESS, Porto, Portugal, 2017.
41. Gerard Drapper Gil, Arash Habibi Lashkari, Mohammad Mamun, Ali A. Ghorbani, Characterization of Encrypted and VPN Traffic Using Time-Related Features", in Proceedings of the 2nd International Conference on Information Systems Security and Privacy (ICISSP 2016),Italy, pp.407-414, 2016.
42. Himanshu and . H. . Singh Arri, “A Proposed Method for Real-Time Automatic Cloud Storage and Analysis of Detected Suspicious Activities to Ensure Data Integrity and Security”, JASTT, vol. 6, no. 2, pp. 262–276, Sep. 2025.
43. A. Dave, “Intelligent Resource Management and Secure Live Migration in Cloud Environments: A Unified Approach using Particle Swarm Optimization, Machine Learning, and Blockchain on XenServer”, JASTT, vol. 6, no. 2, pp. 393–407, Nov. 2025