Multi-class DRDoS Attack Detection Method Based on Feature Selection

Distributed denial of service (DDoS) attack is one of the most serious threats to the Internet The emergence
of distributed reflection denial of service (DRDoS) attacks has increased the harm of DDoS
attacks. Aiming at the common DRDoS attacks such as Memcached, TFTP, NTP, SSDP, SNMP
and Chargen in the network, a multi-class DRDoS attack detection method based on feature selection
is proposed. Through the analysis of the behavior and characteristics of attack, combined with
probability distribution of features and feature importance to obtain a feature subset of 24 features.
When constructing XGBoost model, the input features are the feature subset obtained by the above
feature selection, and the model outputs multi classification results. The selected features can better
reflect the characteristics of DRDoS attack and improve the detection performance of the model. Experimental
results show that the feature subset obtained by this method has high precision in multi
classification against DRDoS attacks, and is better than the traditional methods such as support vector
machine and multi-layer perceptron. Feature selection not only reduces the processing time, but
also reduces the malicious traffic by 99.93%.