Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack
Abstract The solution for cybersecurity faces significant challenges due to the growing complexity of denial of service (DoS) attacks, especially Low-rate Distributed Denial of Service (LDDoS) attacks. Low-rate DDoS refers to the small number of requests to overcome the sudden spikes that disrupt th...
Saved in:
| Main Authors: | , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
Springer
2025-07-01
|
| Series: | Discover Internet of Things |
| Subjects: | |
| Online Access: | https://doi.org/10.1007/s43926-025-00182-w |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1849234602401464320 |
|---|---|
| author | Naeem Ali Al-Shukaili Miss Laiha M. Kiah Ismail Ahmedy |
| author_facet | Naeem Ali Al-Shukaili Miss Laiha M. Kiah Ismail Ahmedy |
| author_sort | Naeem Ali Al-Shukaili |
| collection | DOAJ |
| description | Abstract The solution for cybersecurity faces significant challenges due to the growing complexity of denial of service (DoS) attacks, especially Low-rate Distributed Denial of Service (LDDoS) attacks. Low-rate DDoS refers to the small number of requests to overcome the sudden spikes that disrupt the server.This work aims to improve the detection of two common LDDoS attack types, slowloris and slowhttptest simulated attacks, by optimizing feature selection and utilizing deep learning techniques. Slowloris is a DoS attack program to overwhelm the attackers by creating several HTTPS connections between server and attackers. Slowhttptest is an application tool that simulates the data at the application layer and prolongs the HTTPS connection with different mechanisms. The misbalancing class features were handled by SMOTE, and k-best features were selected to train the network via recursive elimination of imbalanced features. Feature encoding to train the model with k-best feature is done by label encoder. Further, this study compares two alternative feature selection strategies filter-based and wrapper-based—to see which works best for detecting these sneaky but persistent dangers. The anticipated detection model executes perfectly with a modest hardware setup, which makes it appropriate for the Internet of Things (IoT) and edge device deployment. In addition, the model was verified on the publicly cic-ids2017 dataset. The results confirm that the wrapper-based method performs better than the filter-based method consistently, mainly when fifty features are used. It achieves a superior accuracy of 99.77%, precision of 95.27%, recall of 95.63%, f1-score of 95.45%, and area under curve (AUC) of 97.76%. |
| format | Article |
| id | doaj-art-2cc116e45597487f98dcd9965491b228 |
| institution | Kabale University |
| issn | 2730-7239 |
| language | English |
| publishDate | 2025-07-01 |
| publisher | Springer |
| record_format | Article |
| series | Discover Internet of Things |
| spelling | doaj-art-2cc116e45597487f98dcd9965491b2282025-08-20T04:03:06ZengSpringerDiscover Internet of Things2730-72392025-07-015112810.1007/s43926-025-00182-wOptimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attackNaeem Ali Al-Shukaili0Miss Laiha M. Kiah1Ismail Ahmedy2Department of Computer Systems and Technology, Faculty of Computer Science and Information Technology, University MalayaDepartment of Computer Systems and Technology, Faculty of Computer Science and Information Technology, University MalayaDepartment of Computer Systems and Technology, Faculty of Computer Science and Information Technology, University MalayaAbstract The solution for cybersecurity faces significant challenges due to the growing complexity of denial of service (DoS) attacks, especially Low-rate Distributed Denial of Service (LDDoS) attacks. Low-rate DDoS refers to the small number of requests to overcome the sudden spikes that disrupt the server.This work aims to improve the detection of two common LDDoS attack types, slowloris and slowhttptest simulated attacks, by optimizing feature selection and utilizing deep learning techniques. Slowloris is a DoS attack program to overwhelm the attackers by creating several HTTPS connections between server and attackers. Slowhttptest is an application tool that simulates the data at the application layer and prolongs the HTTPS connection with different mechanisms. The misbalancing class features were handled by SMOTE, and k-best features were selected to train the network via recursive elimination of imbalanced features. Feature encoding to train the model with k-best feature is done by label encoder. Further, this study compares two alternative feature selection strategies filter-based and wrapper-based—to see which works best for detecting these sneaky but persistent dangers. The anticipated detection model executes perfectly with a modest hardware setup, which makes it appropriate for the Internet of Things (IoT) and edge device deployment. In addition, the model was verified on the publicly cic-ids2017 dataset. The results confirm that the wrapper-based method performs better than the filter-based method consistently, mainly when fifty features are used. It achieves a superior accuracy of 99.77%, precision of 95.27%, recall of 95.63%, f1-score of 95.45%, and area under curve (AUC) of 97.76%.https://doi.org/10.1007/s43926-025-00182-wDOSSMOTELDDoSSequential API |
| spellingShingle | Naeem Ali Al-Shukaili Miss Laiha M. Kiah Ismail Ahmedy Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack Discover Internet of Things DOS SMOTE LDDoS Sequential API |
| title | Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack |
| title_full | Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack |
| title_fullStr | Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack |
| title_full_unstemmed | Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack |
| title_short | Optimizing feature selection and deep learning techniques for precise detection of low-rate distributed denial of service (LDDoS) attack |
| title_sort | optimizing feature selection and deep learning techniques for precise detection of low rate distributed denial of service lddos attack |
| topic | DOS SMOTE LDDoS Sequential API |
| url | https://doi.org/10.1007/s43926-025-00182-w |
| work_keys_str_mv | AT naeemalialshukaili optimizingfeatureselectionanddeeplearningtechniquesforprecisedetectionoflowratedistributeddenialofservicelddosattack AT misslaihamkiah optimizingfeatureselectionanddeeplearningtechniquesforprecisedetectionoflowratedistributeddenialofservicelddosattack AT ismailahmedy optimizingfeatureselectionanddeeplearningtechniquesforprecisedetectionoflowratedistributeddenialofservicelddosattack |