Empirical Evaluation of the Ensemble Framework for Feature Selection in DDoS Attack

Over the past two decades, Distributed Denial of Service (DDoS) attacks have been responsible for most of the catastrophic failures in the Internet causing a huge amount of disruption of services across all sectors of the economy. Almost every year this attack scores top among all other attacks in terms of the cost to the overall global economy. Machine Learning (ML)-based Intrusion Detection Systems (IDSs) heal the global economy with the goal of reducing the prevalence of cyber incidents, such as DDoS. In an ML classification problem, the feature selection process, aka feature engineering, is treated as a mandatory pre-processing phase that potentially reduces the computational complexity by identifying important or relevant features from the original dataset and results in the overall improvement of classification accuracy. In this paper, we propose an ensemble framework for feature selection methods (EnFS) that combines the outputs of seven well-known feature selection methods using the majority voting (MV) technique and produces an optimal set of features. In the evaluation of the proposed framework, an extensive experiment was performed using the intrusion detection benchmark dataset NSL-KDD [1]. Furthermore, using the optimal feature set, we have experimented with ensemble supervised ML framework [2] for the same dataset that demonstrated the efficacy of our approach by producing greater accuracy and negligible false alarms compared to existing approaches.