关键词: 类不平衡, 特征冗余, 混合特征选择, 低延时, 分布式拒绝服务攻击检测, 简单循环单元

Abstract: Many Distributed Denial of Service (DDoS) attack detection methods focus on improving model performance, but ignore the impact of traffic sample distribution and feature dimensions on detection performance, resulting in the model learning redundant information. To address the problems of network traffic class imbalance and feature redundancy, a Hybrid Feature Selection method based on Multiple Evaluation Criteria (HFS-MEC) was proposed. Firstly, the Pearson Correlation Coefficient (PCC) and Mutual Information (MI) were considered comprehensively to select the correlation features; then, the Sequential Backward Selection (SBS) algorithm based on Variance Inflation Factor (VIF) was designed to reduce the feature redundancy and further reduce the feature dimension. At the same time, to balance the detection performance and computation time, a Low-latency DDoS Attack Detection based on Simple Recurrent Unit (L-DDoS-SRU) model was designed. The experimental results show that HFS-MEC reduces the feature dimensions from 78 and 88 dimensions to 31 and 41 dimensions on the CIC-IDS2017 and CIC-DDoS2019 datasets, respectively. The L-DDoS-SRU detection time is only 40.34 seconds with a recall of 99.38%, which is a 8.47% improvement compared to Long Short-Term Memory (LSTM), and an increase compared to Gated Recurrent Unit (GRU) of 9.76%. The proposed method effectively improves the detection performance and reduces the detection time.

Key words: class imbalance, feature redundancy, hybrid feature selection, low-latency, Distributed Denial of Service (DDoS) attack detection, Simple Recurrent Unit (SRU)