A Dynamic MLP-Based DDoS Attack Detection Method Using Feature Selection and Feedback

Abstract Distributed Denial of Service (DDoS) attack is a stubborn network security problem. Various machine learning-based methods have been proposed to detect such attacks. According to our survey, the features used to characterize the attack are usually selected manually according to some personal understanding, and the detection model is expected to perform good generalization performance in practical detection all the time. Therefore, how to select the optimal features that perform the best performance is a critical problem for constructing an effective detector. Meanwhile, as network traffic gets increasingly complex and changeable, some original features may become incapable of characterizing current traffic, and detector failure could occur when traffic changes. In this paper, we chose the multilayer perceptrons (MLP) to demonstrate and solve the proposed problem. In our solution, we combined sequential feature selection with MLP to select the optimal features during the training phase and designed a feedback mechanism to reconstruct the detector when perceiving considerable detection errors dynamically. Finally, we validated the effectiveness of our method and compared it with some related works. The results showed that our method could yield comparable detection performance and correct the detector when it performed poorly.