Classification of DDoS attacks using the random forest method and class weight technique on the CICDDoS2019 dataset
DOI:
https://doi.org/10.37859/coscitech.v6i3.10731
Abstract
The rapid advancement of information technology has significantly influenced various aspects of life, including an increasing reliance on network-based services. However, this dependence has also led to the emergence of more complex cybersecurity threats, one of the most prominent being Distributed Denial of Service (DDoS) attacks. These attacks can disrupt service availability by overwhelming target systems with excessive traffic. A major challenge in detecting DDoS attacks lies in the wide variety of attack patterns and the class imbalance that commonly occurs in network traffic datasets. To address these issues, a machine learning–based approach capable of handling complex attack behaviors while compensating for imbalanced data distribution is required. One potential solution is the use of the Random Forest algorithm with class-weight techniques, applied to the CICDDoS2019 dataset. The research procedure includes data collection and exploration, preprocessing steps such as handling missing and infinite values, encoding categorical attributes, and feature normalization. The dataset is then divided into training and testing subsets before being processed by the Random Forest model. Model evaluation is conducted using a confusion matrix along with accuracy, precision, recall, and F1-score metrics. Experimental results show that incorporating class weight significantly improves model performance, achieving an accuracy of 99.98%, precision of 99.98%, recall of 99.97%, and an F1-score of 99.97%. These findings demonstrate that the proposed approach is highly effective for accurately detecting and classifying DDoS attacks.
Downloads
References
Wahyuni and Pitrasacha Adytia, “Perbandingan Algoritma Machine Learning Dalam Mendeteksi Serangan DDOS,” Tematik, vol. 9, no. 2, pp. 161–166, 2022, doi: 10.38204/tematik.v9i2.1070.
Y. I. Mahendra and R. E. Putra, “Penerapan Algoritma Gradient Boosted Decision Tree ( GBDT ) untuk Klasifikasi Serangan DDoS,” JINACS (Journal Informatics Comput. Sci. ISSN, vol. 06, pp. 158–166, 2024.
J. A. Perez-diaz and J. A. Cantoral-ceballos, “Transport and Application Layer DDoS Attacks Detection to IoT,” 2022.
N. Dat-Thinh, H. Xuan-Ninh, and L. Kim-Hung, “MidSiot: A Multistage Intrusion Detection System for Internet of Things,” Wirel. Commun. Mob. Comput., vol. 2022, no. December 2017, 2022, doi: 10.1155/2022/9173291.
I. Riadi, D. Mualfah, and I. Riadi, “Network Forensics for Detecting Flooding Attack on Web Server,” Int. J. Comput. Sci. Inf. Secur., vol. 15, no. 2, pp. 326–331, 2017.
M. Muqorobin, Z. Hisyam, M. Mashuri, H. Hanafi, and Y. Setiyantara, “Implementasi Network Intrusion Detection System (NIDS) Dalam Sistem Keamanan Open Cloud Computing,” Maj. Ilm. Bahari Jogja, vol. 17, no. 2, pp. 1–9, 2019, doi: 10.33489/mibj.v17i2.205.
M. Aljanabi, M. A. Ismail, and A. H. Ali, “Intrusion detection systems, issues, challenges, and needs,” Int. J. Comput. Intell. Syst., vol. 14, no. 1, pp. 560–571, 2021, doi: 10.2991/ijcis.d.210105.001.
I. Sharafaldin, A. H. Lashkari, and S. H. and A. A. G. (isharafa;, “Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy,” ACM Int. Conf. Proceeding Ser., no. Cic, pp. 70–75, 2019, doi: 10.1145/3340997.3341005.
R. G. Gunawan, Erik Suanda Handika, and Edi Ismanto, “Pendekatan Machine Learning Dengan Menggunakan Algoritma Xgboost (Extreme Gradient Boosting) Untuk Peningkatan Kinerja Klasifikasi Serangan Syn,” J. CoSciTech (Computer Sci. Inf. Technol., vol. 3, no. 3, pp. 453–463, 2022, doi: 10.37859/coscitech.v3i3.4356.
J. Al Amien, H. A. Ghani, N. I. M. Saleh, E. Ismanto, and R. Gunawan, “Intrusion detection system for imbalance ratio class using weighted XGBoost classifier,” Telkomnika (Telecommunication Comput. Electron. Control., vol. 21, no. 5, pp. 1102–1112, 2023, doi: 10.12928/TELKOMNIKA.v21i5.24735.
M. T. Abdelaziz et al., Enhancing Network Threat Detection with Random Forest-Based NIDS and Permutation Feature Importance, vol. 33, no. 1. Springer US, 2025. doi: 10.1007/s10922-024-09874-0.
D. Mualfah, W. Fadila, and R. Firdaus, “Teknik SMOTE untuk Mengatasi Imbalance Data pada Deteksi Penyakit Stroke Menggunakan Algoritma Random Forest,” J. CoSciTech (Computer Sci. Inf. Technol., vol. 3, no. 2, pp. 107–113, 2022, doi: 10.37859/coscitech.v3i2.3912.
D. Mualfah, A. Prihatin, R. Firdaus, and Sunanto, “Analisis Sentimen Masyarakat Terhadap Kasus Pembobolan Data Nasabah Bank BSI Pada Twitter Menggunakan Metode Random Forest Dan Naïve Bayes,” J. Fasilkom, vol. 13, no. 3, pp. 614–620, 2024, doi: 10.37859/jf.v13i3.6478.
B. BAKIRARAR and S. YILMAZ IŞIKHAN, “A New Class-Weighting Formulation for the Class Imbalance Problem: A Methodological Research,” Turkiye Klin. J. Biostat., vol. 15, no. 2, pp. 79–90, 2023, doi: 10.5336/biostatic.2023-96293.
M. Andrecut, “Attack vs Benign Network Intrusion Traffic Classification,” no. 2, pp. 1–8, 2022, [Online]. Available: http://arxiv.org/abs/2205.07323
D. Scholz, S. Gallenmüller, H. Stubbe, B. Jaber, M. Rouhi, and G. Carle, “Me love (SYN-)cookies: SYN flood mitigation in programmable data planes,” arXiv, 2020.
S. Nanda, D. Mualfah, and D. A. Fitri, “Analisis Sentimen Kepuasan Pengguna Terhadap Layanan Streaming Mola Menggunakan Algoritma Random Forest,” J. Apl. Teknol. Inf. dan Manaj., vol. 3, no. 2, pp. 210–219, 2022, doi: 10.31102/jatim.v3i2.1592.
F. T. Admojo, S. Risnanto, A. W. Windiawati, M. Innuddin, and D. Mualfah, “Comparison of Naïve Bayes and Random Forest Algorithm in Webtoon Application Sentiment Analysis,” Innov. Res. Informatics, vol. 6, no. 1, pp. 23–28, 2024, doi: 10.37058/innovatics.v6i1.10636.
P. Y. Saputra, M. Z. Abdullah, and A. P. Kirana, “Improvisasi Teknik Oversampling MWMOTE Untuk Penanganan Data Tidak Seimbang,” J. Media Inform. Budidarma, vol. 5, no. 2, p. 398, 2021, doi: 10.30865/mib.v5i2.2811.
S. Soim, S. Sholihin, and C. B. Subianto, “Optimizing Performance Random Forest Algorithm Using Correlation-Based Feature Selection (CFS) Method to Improve Distributed Denial of Service (DDoS) Attack Detection Accuracy,” Indones. J. Artif. Intell. Data Min., vol. 7, no. 2, p. 220, 2024, doi: 10.24014/ijaidm.v7i2.24783.
