DDoS Detection by Using Information Gain-Naïve Bayes

Rashid Khokhar, Satria Mandala

Research output: Book chapter/Published conference paperConference paperpeer-review


Advances in technology and the rapid development of the internet have led to more information and data that needs to be protected because there are many ways that hackers can do to get information or data. The vulnerability of a network is also caused by the more open knowledge about hacking. Distributed Denial of Service (DDoS) is an attack in which more than one attacker floods with packets to the server, so the server is busy serving many packet requests and makes server performance decrease. Many studies have been done to detect DDoS attacks. However, the study conducted still uses old datasets that have not followed the development of DDoS attack trends. This study classifies the CICIDS2018 DDoS attack dataset with feature selection using information gain to look for features that have a big influence on determining whether a packet sent is a DDoS attack or not. The Naïve Bayes method is used to build a prediction model. The use of information gain to perform feature selection on the CICIDS2018 dataset resulted in nine optimal features, including src_ip, dst_ip, flow_duration, flow_iat_max, fwd_iat_max, and bwd_iat_tot. The results show the accuracy of DDoS attack detection for the Naïve Bayes method without feature selection is 65% and 69.6% with feature selection.
Original languageEnglish
Title of host publication2nd International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)
Publication statusPublished - 08 Mar 2023


Dive into the research topics of 'DDoS Detection by Using Information Gain-Naïve Bayes'. Together they form a unique fingerprint.

Cite this