A generalized machine learning-based model for the detection of DDoS attacks

As time is progressing, the number and the complexity of methods adopted for launching distributed denial of service (DDoS) attacks are changing. Therefore, we propose a methodology for the development of a generalized machine learning (ML)-based model for the detection of DDoS attacks. After exploring various attributes of the dataset chosen for this study, we propose an integrated feature selection (IFS) method which consists of three stages and integration of two different methods, that is, filter and embedded methods to select features which highly contribute to the detection of various types of DDoS attacks. We use light gradient boosting machine (LGBM) algorithm for training of the model for classification of benign and malicious flows. For ensuring satisfactory performance and generalized behavior of the developed model, we test it by passing records of unseen DDoS attack types. Several performance metrics are employed for the evaluation of the model. By comparing the performance of developed model against state-of-the-art models, we state an improvement of around 20% for almost all the reported metrics. We also show that the performance of the model improves if feature space is reduced by 77%. Furthermore, the generalized behavior of the developed model is justified by demonstrating a trade-off between high variance and high bias ML models.