Impact of SMOTE for Imbalance Class in DDoS Attack Detection Using Deep Learning MLP

Zidni Ilma; Wildanil Ghozi; Fauzi Adi Rafrastara

doi:10.47065/bits.v6i4.6727

Zidni Ilma Universitas Dian Nuswantoro, Semarang, Indonesia
Wildanil Ghozi * Universitas Dian Nuswantoro, Semarang, Indonesia
Fauzi Adi Rafrastara Universitas Dian Nuswantoro, Semarang, Indonesia

(*) Corresponding Author

DOI: https://doi.org/10.47065/bits.v6i4.6727

Keywords: DDoS; Anomaly Detection; SMOTE; Multi-Layer Perceptron; CIC-DDoS2019

Abstract

DDoS attacks, which are becoming increasingly complex and frequent, pose significant challenges to network security, particularly with the rise of cyber exploitation of infrastructure. A major issue in detecting these attacks is the imbalance between normal traffic and attack data, which causes machine learning models to be biased toward the majority class. To address this, this study proposes the use of the Synthetic Minority Over-sampling Technique (SMOTE) to balance the CIC-DDoS2019 dataset, successfully enhancing the performance of a Multi-Layer Perceptron (MLP) in detecting various types of attacks. Analysis results indicate that, on the original dataset without SMOTE, the model achieved high accuracy but low F1-Score for minority classes, highlighting difficulties in recognizing underrepresented attack patterns. After applying SMOTE, the F1-Score significantly improved for minority classes, demonstrating the model's enhanced ability to identify attack patterns. All dataset subsets showed improved performance across key evaluation metrics, indicating that SMOTE effectively expanded the model's decision boundary for minority classes, enabling MLP to detect DDoS attacks more accurately in previously challenging data patterns. This approach illustrates increased model sensitivity to minority feature distributions without significantly compromising performance on majority classes.

Downloads

Download data is not yet available.

Author Biographies

Zidni Ilma, Universitas Dian Nuswantoro, Semarang

Faculty of Computer Science, Informatics Engineering, Universitas Dian Nuswantoro

Fauzi Adi Rafrastara, Universitas Dian Nuswantoro, Semarang

Faculty of Computer Science, Informatics Engineering, Universitas Dian Nuswantoro

References

A. Maslan, K. M. Bin Mohamad, and F. Binti Mohd Foozy, “Feature selection for DDoS detection using classification machine learning techniques,” IAES Int. J. Artif. Intell. IJ-AI, vol. 9, no. 1, p. 137, Mar. 2020, doi: 10.11591/ijai.v9.i1.pp137-145.

M. Shurman, R. Khrais, and A. Yateem, “DoS and DDoS Attack Detection Using Deep Learning and IDS,” Int. Arab J. Inf. Technol., vol. 17, no. 4A, pp. 655–661, Jul. 2020, doi: 10.34028/iajit/17/4A/10.

A. Bonguet and M. Bellaiche, “A Survey of Denial-of-Service and Distributed Denial of Service Attacks and Defenses in Cloud Computing,” Future Internet, vol. 9, no. 3, p. 43, Aug. 2017, doi: 10.3390/fi9030043.

M. N. Faiz, O. Somantri, A. R. Supriyono, and A. W. Muhammad, “Impact of Feature Selection Methods on Machine Learning-based for Detecting DDoS Attacks : Literature Review,” J. Inform. Telecommun. Eng., vol. 5, no. 2, pp. 305–314, Jan. 2022, doi: 10.31289/jite.v5i2.6112.

M. A. Sotelo Monge, J. Maestre Vidal, and G. Martínez Pérez, “Detection of economic denial of sustainability (EDoS) threats in self-organizing networks,” Comput. Commun., vol. 145, pp. 284–308, Sep. 2019, doi: 10.1016/j.comcom.2019.07.002.

X. Z. Khooi, L. Csikor, D. M. Divakaran, and M. S. Kang, “DIDA: Distributed In-Network Defense Architecture Against Amplified Reflection DDoS Attacks,” in 2020 6th IEEE Conference on Network Softwarization (NetSoft), Ghent, Belgium: IEEE, Jun. 2020, pp. 277–281. doi: 10.1109/NetSoft48620.2020.9165488.

H. Polat, O. Polat, and A. Cetin, “Detecting DDoS Attacks in Software-Defined Networks Through Feature Selection Methods and Machine Learning Models,” Sustainability, vol. 12, no. 3, p. 1035, Feb. 2020, doi: 10.3390/su12031035.

M. Šimon and L. Huraj, “A Study of DDoS Reflection Attack on Internet of Things in IPv4/IPv6 Networks,” in Software Engineering Methods in Intelligent Algorithms, vol. 984, R. Silhavy, Ed., in Advances in Intelligent Systems and Computing, vol. 984. , Cham: Springer International Publishing, 2019, pp. 109–118. doi: 10.1007/978-3-030-19807-7_12.

R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, A. Al-Nemrat, and S. Venkatraman, “Deep Learning Approach for Intelligent Intrusion Detection System,” IEEE Access, vol. 7, pp. 41525–41550, 2019, doi: 10.1109/ACCESS.2019.2895334.

M. P. Novaes, L. F. Carvalho, J. Lloret, and M. L. Proenca, “Long Short-Term Memory and Fuzzy Logic for Anomaly Detection and Mitigation in Software-Defined Network Environment,” IEEE Access, vol. 8, pp. 83765–83781, 2020, doi: 10.1109/ACCESS.2020.2992044.

P. Devan and N. Khare, “An efficient XGBoost–DNN-based classification model for network intrusion detection system,” Neural Comput. Appl., vol. 32, no. 16, pp. 12499–12514, Aug. 2020, doi: 10.1007/s00521-020-04708-x.

D. Alghazzawi, O. Bamasag, H. Ullah, and M. Z. Asghar, “Efficient Detection of DDoS Attacks Using a Hybrid Deep Learning Model with Improved Feature Selection,” Appl. Sci., vol. 11, no. 24, p. 11634, Dec. 2021, doi: 10.3390/app112411634.

S. Aktar and A. Yasin Nur, “Towards DDoS attack detection using deep learning approach,” Comput. Secur., vol. 129, p. 103251, Jun. 2023, doi: 10.1016/j.cose.2023.103251.

R. Efendi, T. Wahyono, and I. R. Widiasari, “LSTM SMOTE: An Effective Strategies for DDoS Detection in Imbalanced Network Environments,” Jul. 24, 2024, Computer Science and Mathematics. doi: 10.20944/preprints202407.1825.v1.

“University of New Brunswick. DDoS Evaluation Dataset (CIC-DDoS2019). 2019.” Access Date Dec 2024, [Online]. Available: https://www.unb.ca/cic/

“CIC Flow Meter. 2020." Canadian Institute for Cybersecurity, Access Date Dec 2024, [Online]. Available: https://github.com/CanadianInstituteForCybersecurity/ CICFlowMeter.”

N. M. Yungaicela-Naula, C. Vargas-Rosales, and J. A. Perez-Diaz, “SDN-Based Architecture for Transport and Application Layer DDoS Attack Detection by Using Machine and Deep Learning,” IEEE Access, vol. 9, pp. 108495–108512, 2021, doi: 10.1109/ACCESS.2021.3101650.

H. Zhang, L. Huang, C. Q. Wu, and Z. Li, “An effective convolutional neural network based on SMOTE and Gaussian mixture model for intrusion detection in imbalanced dataset,” Comput. Netw., vol. 177, p. 107315, Aug. 2020, doi: 10.1016/j.comnet.2020.107315.

T. Wu, H. Fan, H. Zhu, C. You, H. Zhou, and X. Huang, “Intrusion detection system combined enhanced random forest with SMOTE algorithm,” EURASIP J. Adv. Signal Process., vol. 2022, no. 1, p. 39, Dec. 2022, doi: 10.1186/s13634-022-00871-6.

D. Kumar, R. K. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, “DDoS Detection using Deep Learning,” Procedia Comput. Sci., vol. 218, pp. 2420–2429, 2023, doi: 10.1016/j.procs.2023.01.217.

J. A. Perez-Diaz, I. A. Valdovinos, K.-K. R. Choo, and D. Zhu, “A Flexible SDN-Based Architecture for Identifying and Mitigating Low-Rate DDoS Attacks Using Machine Learning,” IEEE Access, vol. 8, pp. 155859–155872, 2020, doi: 10.1109/ACCESS.2020.3019330.

M. S. E. Sayed, N.-A. Le-Khac, M. A. Azer, and A. D. Jurcut, “A Flow-Based Anomaly Detection Approach With Feature Selection Method Against DDoS Attacks in SDNs,” IEEE Trans. Cogn. Commun. Netw., vol. 8, no. 4, pp. 1862–1880, Dec. 2022, doi: 10.1109/TCCN.2022.3186331.

Bila bermanfaat silahkan share artikel ini

Berikan Komentar Anda terhadap artikel Impact of SMOTE for Imbalance Class in DDoS Attack Detection Using Deep Learning MLP