Information-Theoretic Ensemble Learning for DDoS Detection with Adaptive Boosting

DDoS (Distributed Denial of Service) attacks pose a serious threat to the Internet as they use large numbers of zombie hosts to forward massive numbers of packets to the target host. Here, we present an adaptive boosting-based ensemble learning model for detecting low-and high-rate DDoS attacks by combining information divergence measures. Our model is trained against a baseline model that does not use labeled traffic data and draws on multiple baseline models developed in parallel to improve its accuracy. Incoming traffic is sampled time-periodically to characterize the normal behavior of input traffic. The model's performance is evaluated using the UmU testbed, MIT legitimate, and CAIDA DDoS datasets. We demonstrate that our model offers superior accuracy to established alternatives, reducing the incidence of false alarms and achieving an F1-score that is around 3% better than those of current state-of-the-art DDoS detection models.