DDoS Detection Using Information Gain Feature Selection and Random Forest Classifier

Mandala, Satria; Ramadhan, Alvien Ihsan; Rosalinda, Maya; Zaki, Salim M.; Weippl, Edgar

doi:10.1109/icicyta57421.2022.10038126

Cited by 9 publications

(3 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In this section, we compare the results of our proposed method with other centralized methods, including NB [12], Supporting Vector Machine (SVM) [11], [77], RF [11], [13], [77], MLP [37], CNN [20], [21], [24] and transformer [33], [34] as shown in model. From these quantitative results, we can find that the traditional federated learning can obtain a model with average malicious traffic detection performance on different edge servers, but lose the personalized characteristics of the IoT devices traffic data on each edge server.…”

Section: Quantitative Resultsmentioning

confidence: 99%

“…Shafiq et al [11] proposed a TOPSIS and Shannon entropy based feature selection algorithm named CorrAUC and employed four ML methods to detect malicious BoT-IoT traffic. Mandala et al [12], [13] used information gain to select features that have a large influence on determining whether a traffic flow is malicious or not and then employed Naïve Bayes (NB) and Random Forest (RF) to detect DDoS attacks respectively. Kamaldeep et al [19] proposed a novel IoT cross-layer intrusion detection dataset, IoT-CIDDS, and conducted a detailed and comprehensive analysis of the dataset using feature engineering and five machine learning algorithms.…”

Section: A Malicious Traffic Detectionmentioning

confidence: 99%

“…The state-of-the-art attack attack traffic detection techniques can be broadly classified into two main categories: 1) centralized detection methods that rely on machine learning (ML), particularly deep learning (DL) techniques, and 2) distributed detection methods that hinge on federated learning [9]. Centralized ML or DL-based detection methods primarily focus on identifying irregular traffic from devices present in the training dataset at a single detection point [10]- [13]. However, when applying these centralized methodologies to distributed detection scenarios, two significant challenges arise due to the diverse traffic distributions at each detection point.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Securing 5G/6G IoT Using Transformer and Personalized Federated Learning: An Access-Side Distributed Malicious Traffic Detection Framework

Luo,

Chen,

Sun

et al. 2024

IEEE Open J. Commun. Soc.

View full text Add to dashboard Cite

Malicious traffic has posed a significant threat to current 5G networks. In the upcoming 6G era, with the rapid development of the Internet of Things (IoT), defending against malicious traffic has become even more challenging due to the diverse nature and widespread distribution of IoT devices. This paper presents a new distributed framework for detecting malicious traffic on the access side of the IoT. This framework shifts the line of defense forward, and could alleviate the resource-bottleneck problem of traditional detectors that are usually deployed at the victim side. In particular, we devise a transformer-based neural network, which is tailored for distributed malicious traffic detection at multiple detection points. Additionally, we develop a personalized federated learning-based collaborative algorithm to enable horizontal collaboration among multiple detection points by sharing neural network parameters. Different from the traditional federated learning framework which trains a high-precision global model, our proposed framework fully considers the differences in the distribution of IoT traffic at the entrance, and uses local traffic data to train personalized models with better local detection performance on the basis of the global model. The experimental results demonstrate that our approach achieves an average detection accuracy of 99.2% and an F1-score of 99.2% for all detection points using the N-BaIoT dataset. In comparison to methods lacking collaboration, our approach exhibits significant improvements in terms of accuracy, precision, recall, and F1-score. Moreover, our detection performance is comparable to that of centralized learning frameworks, despite sharing only the model parameters.INDEX TERMS 5G/6G Internet of Things (IoT), malicious traffic detection, Transformer, personalized federated learning, multi-point collaboration.

show abstract