Entropy-Based Feature Selection for DDoS Detection: Enhancing Importance with Mutual Information Scores in SDN

DDoS attacks severely threaten computer networks by flooding systems with traffic from various sources, necessitating advanced real-time detection methods in cybersecurity. Current detection techniques, however, suffer from high false positive rates and struggle to identify complex attack patterns. There's an urgent need for improved detection systems that can accurately detect and mitigate these threats, requiring a deep understanding of network behavior, continuous traffic monitoring, and the use of sophisticated analytical tools to interpret the nuances of DDoS attack patterns effectively in Software Defined Network (SDN). This research introduces a novel Distributed Denial of Service (DDoS) detection strategy utilizing a multilayer feature selection technique, where features are initially selected based on their mutual information score. Subsequently, these features undergo further classification via a joint entropy-based method, pinpointing those crucial for identifying diverse DDoS attack types. This innovative approach is rigorously compared with established probability-based methods, including the Shannon, Ranyi, Tsallis, Bhattacharya, Bhatia Wolf, and Ubriaco coefficients, to assess its efficacy. Extensive incorporation of the CICDDoS 2019 dataset provides an in-depth analysis; the experimental results also demonstrate the superior importance score of top k features as compared to contemporary techniques. Impressively, the newly proposed technique has exceptional capability, acquiring an importance score of 0.99 (on the scale of 0 to 1) in the extraction of mutually correlated features, offering a high chance to improve the detection of DDoS attacks remarkably.