A Machine Learning and Heuristic Hybrid Approach for Detecting LDoS
Attacks Using Hyperparameter Optimization
Abstract
In today’s digitized world, people rely heavily on
numerous smart machines to perform everyday tasks. The number of smart
devices has surged recently, leading to an increase in security
vulnerabilities. Among these, the “Low-rate denial of service (LDoS)”
attack stands out as particularly dangerous due to its stealthy and
varied nature, posing significant challenges for current intrusion
detection systems. This research introduces a hybrid approach to
investigate LDoS attack features, combining hyperparameter optimization
(HPO) with principal component analysis (PCA). To address dataset
imbalance, the SMOTE technique is applied. PCA is used for
dimensionality reduction, with the key hyperparameter ’n_components’
optimized through HPO. The study utilizes the ‘CICIDS2017’ and
‘CSECISDOS2018’ datasets, highlighting the importance of dimension
reduction for improved performance. The hybrid method, termed HPO-S-PCA,
is employed to analyze LDoS traffic features and extract relevant
features. The research observed a trade-off between True Positive Rate
(TPR) and accuracy in existing studies and focused on enhancing both
performance metrics through the novel hybrid approach. Machine learning
classifiers such as ‘Logistic Regression (LR)’, ‘Support Vector Machine
(SVM)’, ‘Decision Tree (DT)’, ‘Random Forest (RF)’, ‘K-Nearest Neighbors
(KNN)’, ‘Kernel SVM’, and ‘Naive Bayes (NB)’ were trained to detect LDoS
attacks using the extracted features. Among these, RF and KNN
classifiers achieved 99.9% detection rate for positive anomalies. PCA
with best n_components perform well and provide expected results for
MRE and EVR. K-Nearest Neighbors outperforms all based on accuracy, TPR,
MRE and EVR.
, 
