Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack

Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack

Abstract The solution for cybersecurity faces significant challenges due to the growing complexity of denial of service (DoS) attacks, especially Low-rate Distributed Denial of Service (LDDoS) attacks. Low-rate DDoS refers to the small number of requests to overcome the sudden spikes that disrupt th...

Full description

Saved in:
Bibliographic Details
Main Authors: Naeem Ali Al-Shukaili, Miss Laiha M. Kiah, Ismail Ahmedy
Format: Article
Language:English
Published: Springer 2025-07-01
Series:Discover Internet of Things
Subjects:
DOS
SMOTE
LDDoS
Sequential API
Online Access:https://doi.org/10.1007/s43926-025-00182-w
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Abstract The solution for cybersecurity faces significant challenges due to the growing complexity of denial of service (DoS) attacks, especially Low-rate Distributed Denial of Service (LDDoS) attacks. Low-rate DDoS refers to the small number of requests to overcome the sudden spikes that disrupt the server.This work aims to improve the detection of two common LDDoS attack types, slowloris and slowhttptest simulated attacks, by optimizing feature selection and utilizing deep learning techniques. Slowloris is a DoS attack program to overwhelm the attackers by creating several HTTPS connections between server and attackers. Slowhttptest is an application tool that simulates the data at the application layer and prolongs the HTTPS connection with different mechanisms. The misbalancing class features were handled by SMOTE, and k-best features were selected to train the network via recursive elimination of imbalanced features. Feature encoding to train the model with k-best feature is done by label encoder. Further, this study compares two alternative feature selection strategies filter-based and wrapper-based—to see which works best for detecting these sneaky but persistent dangers. The anticipated detection model executes perfectly with a modest hardware setup, which makes it appropriate for the Internet of Things (IoT) and edge device deployment. In addition, the model was verified on the publicly cic-ids2017 dataset. The results confirm that the wrapper-based method performs better than the filter-based method consistently, mainly when fifty features are used. It achieves a superior accuracy of 99.77%, precision of 95.27%, recall of 95.63%, f1-score of 95.45%, and area under curve (AUC) of 97.76%.
ISSN:2730-7239

Similar Items