An integrated approach explaining the detection of distributed denial of service attacks

In recent years, several machine learning and deep learning models have been designed to detect various DDoS attacks, but the presence of irrelevant features, lack of transparency and class imbalance make these models less efficient. In this paper, we developed a novel efficient model to address these issues in detecting DDOS attacks. To begin with, data preprocessing is performed to improve the quality of the training data. The minority class samples are then generated using the Adaptive Synthetic oversampling technique to overcome the class imbalance. Following that, feature selection is performed by embedding SHAP feature importance within recursive feature elimination with five base classifiers. In addition, the hyperparameter of these classifiers is tuned to determine the most contributed features. Furthermore, global and local explanations for extracted features are provided to ensure transparency. Finally, these features are fed to the dynamic ensemble selection techniques such as KNORA-E and KNORA-U for classification by varying k values. These evaluations are analyzed using the CICDDoS2019 dataset. The evaluations are carried out in balanced and imbalanced data scenarios. The results indicate that the balanced data scenario outperformed the imbalanced data scenario as well as existing approaches. An accuracy of 99.9878% using KNORA-E and 99.9886% using KNORA-U is obtained utilizing the five most contributed features.