DDoS detection by using information Gain-Naïve Bayes

Satria Mandala; Alvien Ihsan Ramadhan; Maya  Rosalinda; Wael M S Yafooz; Rashid Hafeez Khokhar

doi:10.1109/ICICyTA57421.2022.10038054

DDoS detection by using information Gain-Naïve Bayes

Satria Mandala, Alvien Ihsan Ramadhan, Maya Rosalinda, Wael M S Yafooz, Rashid Hafeez Khokhar

Research output: Book chapter/Published conference paper › Conference paper › peer-review

8 Citations (Scopus)

Abstract

Advances in technology and the rapid development of the internet have led to more information and data that needs to be protected because there are many ways that hackers can do to get information or data. The vulnerability of a network is also caused by the more open knowledge about hacking. Distributed Denial of Service (DDoS) is an attack in which more than one attacker floods with packets to the server, so the server is busy serving many packet requests and makes server performance decrease. Many studies have been done to detect DDoS attacks. However, the study conducted still uses old datasets that have not followed the development of DDoS attack trends. This study classifies the CICIDS2018 DDoS attack dataset with feature selection using information gain to look for features that have a big influence on determining whether a packet sent is a DDoS attack or not. The Naïve Bayes method is used to build a prediction model. The use of information gain to perform feature selection on the CICIDS2018 dataset resulted in nine optimal features, including src_ip, dst_ip, flow_duration, flow_iat_max, fwd_iat_max, and bwd_iat_tot. The results show the accuracy of DDoS attack detection for the Naïve Bayes method without feature selection is 65% and 69.6% with feature selection.

Original language	English
Title of host publication	2022 2nd International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)
Publisher	IEEE
Pages	283-288
Number of pages	6
ISBN (Electronic)	9798350399134
ISBN (Print)	9798350399141 (Print on demand)
DOIs	https://doi.org/10.1109/ICICyTA57421.2022.10038054
Publication status	Published - 2022
Event	2nd International Conference on Intelligent Cybernetics Technology and Applications 2022: ICICyTA 2022 - Telkom University, Bandung, Indonesia Duration: 15 Dec 2022 → 16 Dec 2022 https://icicyta.telkomuniversity.ac.id/2022/# https://ieeexplore.ieee.org/xpl/conhome/10037752/proceeding (Proceedings)

Conference

Conference	2nd International Conference on Intelligent Cybernetics Technology and Applications 2022
Abbreviated title	Cybernetic technology for better future of human life
Country/Territory	Indonesia
City	Bandung
Period	15/12/22 → 16/12/22
Other	2nd International Conference on Intelligent Cybernetics Technology & Applications 2022 (ICICyTA 2022) will be held on December 15-16, 2022 at Telkom University, Bandung Indonesia. This is a virtual (online) conference which is organized by Human Centric Engineering, Telkom University (Tel-U), Indonesia; IJN-UTM Cardiovascular Engineering Centre, Universiti Teknologi Malaysia (UTM), Malaysia; and PPTIK, Institut Teknologi Bandung (ITB), Indonesia.
Internet address	https://icicyta.telkomuniversity.ac.id/2022/# https://ieeexplore.ieee.org/xpl/conhome/10037752/proceeding (Proceedings)

UN SDGs

This output contributes to the following UN Sustainable Development Goals (SDGs)

Access to Document

10.1109/ICICyTA57421.2022.10038054

Cite this

@inproceedings{c7f9e279f74c40c6a9b036b73debab14,

title = "DDoS detection by using information Gain-Na{\"i}ve Bayes",

abstract = "Advances in technology and the rapid development of the internet have led to more information and data that needs to be protected because there are many ways that hackers can do to get information or data. The vulnerability of a network is also caused by the more open knowledge about hacking. Distributed Denial of Service (DDoS) is an attack in which more than one attacker floods with packets to the server, so the server is busy serving many packet requests and makes server performance decrease. Many studies have been done to detect DDoS attacks. However, the study conducted still uses old datasets that have not followed the development of DDoS attack trends. This study classifies the CICIDS2018 DDoS attack dataset with feature selection using information gain to look for features that have a big influence on determining whether a packet sent is a DDoS attack or not. The Na{\"i}ve Bayes method is used to build a prediction model. The use of information gain to perform feature selection on the CICIDS2018 dataset resulted in nine optimal features, including src_ip, dst_ip, flow_duration, flow_iat_max, fwd_iat_max, and bwd_iat_tot. The results show the accuracy of DDoS attack detection for the Na{\"i}ve Bayes method without feature selection is 65% and 69.6% with feature selection.",

author = "Satria Mandala and Ramadhan, {Alvien Ihsan} and Maya Rosalinda and Yafooz, {Wael M S} and Khokhar, {Rashid Hafeez}",

year = "2022",

doi = "10.1109/ICICyTA57421.2022.10038054",

language = "English",

isbn = "9798350399141 (Print on demand)",

pages = "283--288",

booktitle = "2022 2nd International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)",

publisher = "IEEE",

note = "2nd International Conference on Intelligent Cybernetics Technology and Applications 2022 : ICICyTA 2022, Cybernetic technology for better future of human life ; Conference date: 15-12-2022 Through 16-12-2022",

url = "https://icicyta.telkomuniversity.ac.id/2022/#, https://ieeexplore.ieee.org/xpl/conhome/10037752/proceeding",

}

Mandala, S, Ramadhan, AI, Rosalinda, M, Yafooz, WMS & Khokhar, RH 2022, DDoS detection by using information Gain-Naïve Bayes. in 2022 2nd International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)., 10038054, IEEE, pp. 283-288, 2nd International Conference on Intelligent Cybernetics Technology and Applications 2022, Bandung, Indonesia, 15/12/22. https://doi.org/10.1109/ICICyTA57421.2022.10038054

TY - GEN

T1 - DDoS detection by using information Gain-Naïve Bayes

AU - Mandala, Satria

AU - Ramadhan, Alvien Ihsan

AU - Rosalinda, Maya

AU - Yafooz, Wael M S

AU - Khokhar, Rashid Hafeez

PY - 2022

Y1 - 2022

N2 - Advances in technology and the rapid development of the internet have led to more information and data that needs to be protected because there are many ways that hackers can do to get information or data. The vulnerability of a network is also caused by the more open knowledge about hacking. Distributed Denial of Service (DDoS) is an attack in which more than one attacker floods with packets to the server, so the server is busy serving many packet requests and makes server performance decrease. Many studies have been done to detect DDoS attacks. However, the study conducted still uses old datasets that have not followed the development of DDoS attack trends. This study classifies the CICIDS2018 DDoS attack dataset with feature selection using information gain to look for features that have a big influence on determining whether a packet sent is a DDoS attack or not. The Naïve Bayes method is used to build a prediction model. The use of information gain to perform feature selection on the CICIDS2018 dataset resulted in nine optimal features, including src_ip, dst_ip, flow_duration, flow_iat_max, fwd_iat_max, and bwd_iat_tot. The results show the accuracy of DDoS attack detection for the Naïve Bayes method without feature selection is 65% and 69.6% with feature selection.

AB - Advances in technology and the rapid development of the internet have led to more information and data that needs to be protected because there are many ways that hackers can do to get information or data. The vulnerability of a network is also caused by the more open knowledge about hacking. Distributed Denial of Service (DDoS) is an attack in which more than one attacker floods with packets to the server, so the server is busy serving many packet requests and makes server performance decrease. Many studies have been done to detect DDoS attacks. However, the study conducted still uses old datasets that have not followed the development of DDoS attack trends. This study classifies the CICIDS2018 DDoS attack dataset with feature selection using information gain to look for features that have a big influence on determining whether a packet sent is a DDoS attack or not. The Naïve Bayes method is used to build a prediction model. The use of information gain to perform feature selection on the CICIDS2018 dataset resulted in nine optimal features, including src_ip, dst_ip, flow_duration, flow_iat_max, fwd_iat_max, and bwd_iat_tot. The results show the accuracy of DDoS attack detection for the Naïve Bayes method without feature selection is 65% and 69.6% with feature selection.

U2 - 10.1109/ICICyTA57421.2022.10038054

DO - 10.1109/ICICyTA57421.2022.10038054

M3 - Conference paper

SN - 9798350399141 (Print on demand)

SP - 283

EP - 288

BT - 2022 2nd International Conference on Intelligent Cybernetics Technology & Applications (ICICyTA)

PB - IEEE

T2 - 2nd International Conference on Intelligent Cybernetics Technology and Applications 2022

Y2 - 15 December 2022 through 16 December 2022

ER -

DDoS detection by using information Gain-Naïve Bayes

Abstract

Conference

UN SDGs

Access to Document

Fingerprint

Cite this