Feature Selection for Robust Detection of Distributed Denial-of-Service Attacks Using Genetic Algorithms
Gavrilis Dimitris1, Tsoulos Ioannis2, and Dermatas Evangelos1
In recent years there has been a sudden increase of DDoS attacks in computers provid-ing Internet services [1,2,8,10,13]. Especially, after the year 2000 the DDoS attacks cost of losses come up to even billions of US dollars. Major commercial web sites have been disabled for several hours due to such attacks. A DDoS attack uses network flooding, but is harder to defend against because the attack is launched from hundreds or even thousands of hosts simultaneously. Rather than appearing as an excess of traf-fic coming from a single host, a DDoS attack appears instead as a normal traffic com-ing from a large number of hosts. This makes it harder to be identified and controlled
Feature Selection for Robust Detection of Distributed Denial-of-Service Attacks 277
mated from non-encrypted data such as a network packet header. Moreover, in the direction of detecting the most efficient features, a genetic solution to the features selection problem is implemented.
The complete set of 44 statistical features estimated in each timeframe consists of statistical probabilities or distinct values normalized by the total number of frame packets transferred in the timeframe: