{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,24]],"date-time":"2026-04-24T15:13:00Z","timestamp":1777043580628,"version":"3.51.4"},"reference-count":57,"publisher":"MDPI AG","issue":"6","license":[{"start":{"date-parts":[[2022,5,27]],"date-time":"2022-05-27T00:00:00Z","timestamp":1653609600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>Cloud computing facilitates the users with on-demand services over the Internet. The services are accessible from anywhere at any time. Despite the valuable services, the paradigm is, also, prone to security issues. A Distributed Denial of Service (DDoS) attack affects the availability of cloud services and causes security threats to cloud computing. Detection of DDoS attacks is necessary for the availability of services for legitimate users. The topic has been studied by many researchers, with better accuracy for different datasets. This article presents a method for DDoS attack detection in cloud computing. The primary objective of this article is to reduce misclassification error in DDoS detection. In the proposed work, we select the most relevant features, by applying two feature selection techniques, i.e., the Mutual Information (MI) and Random Forest Feature Importance (RFFI) methods. Random Forest (RF), Gradient Boosting (GB), Weighted Voting Ensemble (WVE), K Nearest Neighbor (KNN), and Logistic Regression (LR) are applied to selected features. The experimental results show that the accuracy of RF, GB, WVE, and KNN with 19 features is 0.99. To further study these methods, misclassifications of the methods are analyzed, which lead to more accurate measurements. Extensive experiments conclude that the RF performed well in DDoS attack detection and misclassified only one attack as normal. Comparative results are presented to validate the proposed method.<\/jats:p>","DOI":"10.3390\/sym14061095","type":"journal-article","created":{"date-parts":[[2022,5,31]],"date-time":"2022-05-31T02:30:06Z","timestamp":1653964206000},"page":"1095","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":174,"title":["Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method"],"prefix":"10.3390","volume":"14","author":[{"given":"Mona","family":"Alduailij","sequence":"first","affiliation":[{"name":"Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, Riyadh 11671, Saudi Arabia"}]},{"given":"Qazi Waqas","family":"Khan","sequence":"additional","affiliation":[{"name":"Department of Computer Science, COMSATS University Islamabad, Attock Campus, Attock 43600, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7750-8959","authenticated-orcid":false,"given":"Muhammad","family":"Tahir","sequence":"additional","affiliation":[{"name":"Department of Computer Science, COMSATS University Islamabad, Attock Campus, Attock 43600, Pakistan"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7169-8683","authenticated-orcid":false,"given":"Muhammad","family":"Sardaraz","sequence":"additional","affiliation":[{"name":"Department of Computer Science, COMSATS University Islamabad, Attock Campus, Attock 43600, Pakistan"}]},{"given":"Mai","family":"Alduailij","sequence":"additional","affiliation":[{"name":"Department of Computer Sciences, College of Computer and Information Sciences, Princess Nourah Bint Abdulrahman University, Riyadh 11671, Saudi Arabia"}]},{"given":"Fazila","family":"Malik","sequence":"additional","affiliation":[{"name":"Department of Computer Science, COMSATS University Islamabad, Attock Campus, Attock 43600, Pakistan"}]}],"member":"1968","published-online":{"date-parts":[[2022,5,27]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Malik, N., Sardaraz, M., Tahir, M., Shah, B., Ali, G., and Moreira, F. (2021). Energy-efficient load balancing algorithm for workflow scheduling in cloud data centers using queuing and thresholds. Appl. Sci., 11.","DOI":"10.3390\/app11135849"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"52","DOI":"10.1109\/MCOM.2015.7081075","article-title":"Distributed denial of service attacks in software-defined networking with cloud computing","volume":"53","author":"Yan","year":"2015","journal-title":"IEEE Commun. Mag."},{"key":"ref_3","first-page":"2275","article-title":"Distributed denial of service attacks","volume":"Volume 3","author":"Lau","year":"2000","journal-title":"Proceedings of the SMC 2000 Conference Proceedings. 2000 IEEE International Conference on Systems, Man and Cybernetics.\u2019Cybernetics Evolving to Systems, Humans, Organizations, and Their Complex Interactions\u2019(Cat. No. 0)"},{"key":"ref_4","first-page":"51","article-title":"A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression","volume":"63","author":"Sambangi","year":"2020","journal-title":"Proceedings"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"505","DOI":"10.1148\/rg.2017160130","article-title":"Machine learning for medical imaging","volume":"37","author":"Erickson","year":"2017","journal-title":"Radiographics"},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Hasan, A., Moin, S., Karim, A., and Shamshirband, S. (2018). Machine learning-based sentiment analysis for twitter accounts. Math. Comput. Appl., 23.","DOI":"10.3390\/mca23010011"},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Malik, S., Tahir, M., Sardaraz, M., and Alourani, A. (2022). A Resource Utilization Prediction Model for Cloud Data Centers Using Evolutionary Algorithms and Machine Learning Techniques. Appl. Sci., 12.","DOI":"10.3390\/app12042160"},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Aljamal, I., Tekeo\u011flu, A., Bekiroglu, K., and Sengupta, S. (2019, January 29\u201331). Hybrid intrusion detection system using machine learning techniques in cloud computing environments. Proceedings of the 2019 IEEE 17th International Conference on Software Engineering Research, Management and Applications (SERA), Honolulu, HI, USA.","DOI":"10.1109\/SERA.2019.8886794"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"102260","DOI":"10.1016\/j.cose.2021.102260","article-title":"Optimized extreme learning machine for detecting DDoS attacks in cloud computing","volume":"105","author":"Kushwah","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"1","DOI":"10.1007\/s42979-021-00467-1","article-title":"Deep Neural Network (DNN) Solution for Real-time Detection of Distributed Denial of Service (DDoS) Attacks in Software Defined Networks (SDNs)","volume":"2","author":"Makuvaza","year":"2021","journal-title":"SN Comput. Sci."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"77396","DOI":"10.1109\/ACCESS.2020.2986013","article-title":"Effective attack detection in internet of medical things smart environment using a deep belief neural network","volume":"8","author":"Manimurugan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_12","unstructured":"(2021, September 30). Intrusion Detection Evaluation Dataset (CIC-IDS2017). Available online: https:\/\/www.unb.ca\/cic\/datasets\/ids-2017.html."},{"key":"ref_13","unstructured":"(2022, April 27). DDoS Evaluation Dataset (CIC-DDoS2019). Available online: https:\/\/www.unb.ca\/cic\/datasets\/ddos-2019.html."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"e4062","DOI":"10.1002\/ett.4062","article-title":"Intelligent intrusion detection system in smart grid using computational intelligence and machine learning","volume":"32","author":"Khan","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"40","DOI":"10.1109\/35.312842","article-title":"Access control: Principle and practice","volume":"32","author":"Sandhu","year":"1994","journal-title":"IEEE Commun. Mag."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"15501477211018623","DOI":"10.1177\/15501477211018623","article-title":"A low-complexity, energy-efficient data securing model for wireless sensor network based on linearly complex voice encryption mechanism of GSM technology","volume":"17","author":"Khan","year":"2021","journal-title":"Int. J. Distrib. Sens. Netw."},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"00368504211023276","DOI":"10.1177\/00368504211023276","article-title":"SCA-NGS: Secure compression algorithm for next generation sequencing data using genetic operators and block sorting","volume":"104","author":"Sardaraz","year":"2021","journal-title":"Sci. Prog."},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Zhong, Z., Xu, M., Rodriguez, M.A., Xu, C., and Buyya, R. (2021). Machine Learning-based Orchestration of Containers: A Taxonomy and Future Directions. ACM Comput. Surv. (CSUR).","DOI":"10.1145\/3510415"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"419","DOI":"10.3103\/S0146411619050043","article-title":"Detecting DDoS attacks using machine learning techniques and contemporary intrusion detection dataset","volume":"53","author":"Bindra","year":"2019","journal-title":"Autom. Control. Comput. Sci."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"371","DOI":"10.1016\/j.icte.2020.12.006","article-title":"An efficient feature reduction method for the detection of DoS attack","volume":"7","author":"Kshirsagar","year":"2021","journal-title":"ICT Express"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"2383","DOI":"10.1007\/s11227-020-03323-w","article-title":"The DDoS attacks detection through machine learning and statistical methods in SDN","volume":"77","author":"Dehkordi","year":"2021","journal-title":"J. Supercomput."},{"key":"ref_22","unstructured":"The CTU-13 Dataset (2022, April 27). A Labeled Dataset with Botnet, Normal and Background traffic. Available online: https:\/\/www.stratosphereips.org\/datasets-ctu13."},{"key":"ref_23","unstructured":"(2022, April 27). ISOT Research Lab: Botnet and Ransomware Detection Datasets. Available online: https:\/\/www.uvic.ca\/ecs\/ece\/isot\/datasets\/?utm_medium=redirect&utm_source=\/engineering\/ece\/isot\/datasets\/&utm_campaign=redirect-usage."},{"key":"ref_24","unstructured":"(2022, April 27). Canadian Institute for Cybersecurity:UNB-ISCX Datasets. Available online: https:\/\/www.unb.ca\/cic\/datasets\/botnet.html."},{"key":"ref_25","doi-asserted-by":"crossref","first-page":"283","DOI":"10.1080\/09720529.2020.1721861","article-title":"An ensemble feature reduction method for web-attack detection","volume":"23","author":"Kshirsagar","year":"2020","journal-title":"J. Discret. Math. Sci. Cryptogr."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"595","DOI":"10.1080\/09720529.2020.1729507","article-title":"Feature selection using principal component analysis and genetic algorithm","volume":"23","author":"Adhao","year":"2020","journal-title":"J. Discret. Math. Sci. Cryptogr."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"106495","DOI":"10.1109\/ACCESS.2019.2929487","article-title":"Identifying and benchmarking key features for cyber intrusion detection: An ensemble approach","volume":"7","author":"Binbusayyis","year":"2019","journal-title":"IEEE Access"},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"132911","DOI":"10.1109\/ACCESS.2020.3009843","article-title":"CICIDS-2017 dataset feature analysis with information gain for anomaly detection","volume":"8","author":"Stiawan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Ferrag, M.A., Maglaras, L., Ahmim, A., Derdour, M., and Janicke, H. (2020). Rdtids: Rules and decision tree-based intrusion detection system for internet-of-things networks. Future Internet, 12.","DOI":"10.3390\/fi12030044"},{"key":"ref_30","doi-asserted-by":"crossref","first-page":"102158","DOI":"10.1016\/j.cose.2020.102158","article-title":"An effective intrusion detection approach using SVM with na\u00efve Bayes feature embedding","volume":"103","author":"Gu","year":"2021","journal-title":"Comput. Secur."},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"103108","DOI":"10.1016\/j.jnca.2021.103108","article-title":"Automated DDOS attack detection in software defined networking","volume":"187","author":"Ahuja","year":"2021","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Tonkal, Z., Polat, H., Ba\u015faran, E., C\u00f6mert, Z., and Kocao\u011flu, R. (2021). Machine Learning Approach Equipped with Neighbourhood Component Analysis for DDoS Attack Detection in Software-Defined Networking. Electronics, 10.","DOI":"10.3390\/electronics10111227"},{"key":"ref_33","first-page":"96","article-title":"Analysis of Machine Learning Techniques for Lightweight DDoS Attack Detection on IoT Networks","volume":"Volume 353","author":"Ever","year":"2021","journal-title":"Forthcoming Networks and Sustainability in the IoT Era. FoNeS-IoT 2020. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering"},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Revathi, M., Ramalingam, V., and Amutha, B. (2021). A Machine Learning Based Detection and Mitigation of the DDOS Attack by Using SDN Controller Framework. Wirel. Pers. Commun., 1\u201325.","DOI":"10.1007\/s11277-021-09071-1"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"291","DOI":"10.1016\/j.cose.2019.06.013","article-title":"Intelligent approach to build a Deep Neural Network based IDS for cloud environment using combination of machine learning algorithms","volume":"86","author":"Chiba","year":"2019","journal-title":"Comput. Secur."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"41525","DOI":"10.1109\/ACCESS.2019.2895334","article-title":"Deep learning approach for intelligent intrusion detection system","volume":"7","author":"Vinayakumar","year":"2019","journal-title":"IEEE Access"},{"key":"ref_37","unstructured":"(2022, April 27). University of California, Department of Information and Computer Science: The UCI KDD Archive. Available online: http:\/\/kdd.ics.uci.edu\/."},{"key":"ref_38","doi-asserted-by":"crossref","first-page":"19","DOI":"10.1080\/19393555.2020.1797248","article-title":"An adaptive LeNet-5 model for anomaly detection","volume":"30","author":"Cui","year":"2021","journal-title":"Inf. Secur. J. Glob. Perspect."},{"key":"ref_39","doi-asserted-by":"crossref","first-page":"705","DOI":"10.1016\/j.neucom.2020.07.138","article-title":"Intrusion detection approach based on optimised artificial neural network","volume":"452","author":"Pawlicki","year":"2021","journal-title":"Neurocomputing"},{"key":"ref_40","doi-asserted-by":"crossref","unstructured":"Tang, T.A., McLernon, D., Mhamdi, L., Zaidi, S.A.R., and Ghogho, M. (2019). Intrusion detection in sdn-based networks: Deep recurrent neural network approach. Deep Learning Applications for Cyber Security, Springer.","DOI":"10.1007\/978-3-030-13057-2_8"},{"key":"ref_41","unstructured":"(2022, April 27). Canadian Institute for Cybersecurity: ISCX NSL-KDD Datasets. Available online: https:\/\/www.unb.ca\/cic\/datasets\/nsl.html."},{"key":"ref_42","first-page":"1","article-title":"Developing new deep-learning model to enhance network intrusion classification","volume":"13","author":"Azzaoui","year":"2021","journal-title":"Evol. Syst."},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"146810","DOI":"10.1109\/ACCESS.2021.3123791","article-title":"Ae-mlp: A hybrid deep learning approach for ddos detection and classification","volume":"9","author":"Wei","year":"2021","journal-title":"IEEE Access"},{"key":"ref_44","doi-asserted-by":"crossref","first-page":"5757164","DOI":"10.1155\/2022\/5757164","article-title":"Enhanced Security Against Volumetric DDoS Attacks Using Adversarial Machine Learning","volume":"2022","author":"Shroff","year":"2022","journal-title":"Wirel. Commun. Mob. Comput."},{"key":"ref_45","doi-asserted-by":"crossref","first-page":"3238","DOI":"10.1109\/ACCESS.2021.3139925","article-title":"Using Genetic Algorithm in Inner Product to Resist Modular Exponentiation from Higher Order DPA Attacks","volume":"10","author":"Mahanta","year":"2021","journal-title":"IEEE Access"},{"key":"ref_46","doi-asserted-by":"crossref","unstructured":"Saini, P.S., Behal, S., and Bhatia, S. (2020, January 12\u201314). Detection of DDoS attacks using machine learning algorithms. Proceedings of the 2020 7th International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India.","DOI":"10.23919\/INDIACom49435.2020.9083716"},{"key":"ref_47","doi-asserted-by":"crossref","first-page":"1803","DOI":"10.1109\/TNSM.2020.3014929","article-title":"Multi-stage optimized machine learning framework for network intrusion detection","volume":"18","author":"Injadat","year":"2020","journal-title":"IEEE Trans. Netw. Serv. Manag."},{"key":"ref_48","first-page":"1","article-title":"Feature selection: A data perspective","volume":"50","author":"Li","year":"2017","journal-title":"ACM Comput. Surv. (CSUR)"},{"key":"ref_49","doi-asserted-by":"crossref","first-page":"1226","DOI":"10.1109\/TPAMI.2005.159","article-title":"Feature selection based on mutual information criteria of max-dependency, max-relevance, and min-redundancy","volume":"27","author":"Peng","year":"2005","journal-title":"IEEE Trans. Pattern Anal. Mach. Intell."},{"key":"ref_50","first-page":"313","article-title":"Robust feature selection using ensemble feature selection techniques","volume":"5212","author":"Saeys","year":"2008","journal-title":"Machine Learning and Knowledge Discovery in Databases. ECML PKDD 2008. Lecture Notes in Computer Science"},{"key":"ref_51","doi-asserted-by":"crossref","first-page":"94","DOI":"10.1016\/j.sbspro.2012.11.097","article-title":"The application of neural network and logistics regression models on predicting customer satisfaction in a student-operated restaurant","volume":"65","author":"Larasati","year":"2012","journal-title":"Procedia-Soc. Behav. Sci."},{"key":"ref_52","doi-asserted-by":"crossref","first-page":"1883","DOI":"10.4249\/scholarpedia.1883","article-title":"K-nearest neighbor","volume":"4","author":"Peterson","year":"2009","journal-title":"Scholarpedia"},{"key":"ref_53","unstructured":"Batista, G., and Silva, D.F. (2009, January 24\u201328). How k-nearest neighbor parameters affect its performance. Proceedings of the Argentine Symposium on Artificial Intelligence (ASAI), Mar del Plata, Argentina."},{"key":"ref_54","doi-asserted-by":"crossref","first-page":"971","DOI":"10.1007\/s10994-019-05787-1","article-title":"Accelerated gradient boosting","volume":"108","author":"Biau","year":"2019","journal-title":"Mach. Learn."},{"key":"ref_55","first-page":"1","article-title":"Xgboost: Extreme gradient boosting","volume":"1","author":"Chen","year":"2015","journal-title":"R Package Version 0.4-2"},{"key":"ref_56","doi-asserted-by":"crossref","first-page":"1947","DOI":"10.1021\/ci034160g","article-title":"Random forest: A classification and regression tool for compound classification and QSAR modeling","volume":"43","author":"Svetnik","year":"2003","journal-title":"J. Chem. Inf. Comput. Sci."},{"key":"ref_57","doi-asserted-by":"crossref","first-page":"259","DOI":"10.1007\/s10115-012-0586-6","article-title":"A weighted voting framework for classifiers ensembles","volume":"38","author":"Kuncheva","year":"2014","journal-title":"Knowl. Inf. Syst."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/6\/1095\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T23:19:28Z","timestamp":1760138368000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/14\/6\/1095"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,5,27]]},"references-count":57,"journal-issue":{"issue":"6","published-online":{"date-parts":[[2022,6]]}},"alternative-id":["sym14061095"],"URL":"https:\/\/doi.org\/10.3390\/sym14061095","relation":{},"ISSN":["2073-8994"],"issn-type":[{"value":"2073-8994","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,5,27]]}}}