Mutual Information-Driven Feature Selection for Efficient DDoS Detection Using Modern Boosting Ensembles

Muhammad Febrian Fansuri; Kusrini Kusrini

doi:10.29408/edumatic.v10i1.34012

Authors

Muhammad Febrian Fansuri Universitas Amikom Yogyakarta https://orcid.org/0009-0001-2765-1562
Kusrini Kusrini Universitas Amikom Yogyakarta https://orcid.org/0000-0001-9573-3909

DOI:

https://doi.org/10.29408/edumatic.v10i1.34012

Keywords:

ddos detection, ensemble boosting, feature selection, machine learning, mutual information

Abstract

Distributed Denial of Service (DDoS) attacks generate high-dimensional network traffic that poses significant challenges for machine learning-based detection systems in terms of predictive accuracy and computational efficiency. This study presents a systematic evaluation of Mutual Information (MI) based feature selection applied to three modern boosting algorithms, namely XGBoost, LightGBM, and CatBoost, using the CIC-DDoS2019 dataset. A controlled experimental design was employed, where data partitioning was performed prior to resampling, and SMOTE was applied exclusively to the training set to prevent data leakage. Feature selection was conducted by identifying the top 25 features based on MI score saturation analysis. The results demonstrate that MI-based feature selection consistently improves classification performance while substantially reducing training time across all models. Among the evaluated methods, LightGBM achieves the best trade-off between accuracy and computational efficiency, reaching an accuracy of 99.88% with significantly reduced training cost. These findings indicate that feature quality plays a critical role in shaping the learning behaviour of boosting algorithms and that MI-based feature selection functions as a structural mechanism for enhancing model stability and scalability in high-dimensional DDoS detection scenarios.

References

Adedeji, K. B., Abu-Mahfouz, A. M., & Kurien, A. M. (2023). DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and Challenges. Journal of Sensor and Actuator Networks, 12(4), 51. https://doi.org/10.3390/jsan12040051

Alduailij, M., Khan, Q. W., Tahir, M., Sardaraz, M., Alduailij, M., & Malik, F. (2022). Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method. Symmetry, 14(6), 1095. https://doi.org/10.3390/sym14061095

Ali, T. E., Chong, Y.-W., & Manickam, S. (2023). Comparison of ML/DL Approaches for Detecting DDoS Attacks in SDN. Applied Sciences, 13(5), 3033. https://doi.org/10.3390/app13053033

Alsaffar, A. M., Nouri-Baygi, M., & Zolbanin, H. M. (2024). Shielding networks: Enhancing intrusion detection with hybrid feature selection and stack ensemble learning. Journal of Big Data, 11(1), 133. https://doi.org/10.1186/s40537-024-00994-7

Al-Shareeda, M. A., Manickam, S., & Saare, M. A. (2023). DDoS attacks detection using machine learning and deep learning techniques: analysis and comparison. Bulletin of Electrical Engineering and Informatics, 12(2), 930-939. https://doi.org/10.11591/eei.v12i2.4466

Falowo, O. I., Ozer, M., Li, C., & Abdo, J. B. (2024). Evolving malware and DDoS attacks: Decadal longitudinal study. IEEE Access, 12, 39221-39237. https://doi.org/10.1109/ACCESS.2024.3376682

Guido, R., Ferrisi, S., Lofaro, D., & Conforti, D. (2024). An overview on the advancements of support vector machine models in healthcare applications: a review. Information, 15(4), 235. https://doi.org/10.3390/info15040235

Han, D., Li, H., Fu, X., & Zhou, S. (2024). Traffic Feature Selection and Distributed Denial of Service Attack Detection in Software-Defined Networks Based on Machine Learning. Sensors, 24(13), 4344. https://doi.org/10.3390/s24134344

Hasan, M. K., Habib, A. A., Islam, S., Safie, N., Abdullah, S. N. H. S., & Pandey, B. (2023). DDoS: Distributed denial of service attack in communication standard vulnerabilities in smart grid applications and cyber security with recent developments. Energy Reports, 9, 1318-1326. https://doi.org/10.1016/j.egyr.2023.05.184

Hayat, R. F., Aurangzeb, S., Aleem, M., Srivastava, G., & Lin, J. C. W. (2022). ML-DDoS: A blockchain-based multilevel DDoS mitigation mechanism for IoT environments. IEEE Transactions on Engineering Management, 71, 12605-12618. https://doi.org/10.1109/TEM.2022.3170519

Hirsi, A., Alhartomi, M. A., Audah, L., Salh, A., Sahar, N. M., Ahmed, S., ... & Farah, A. (2025). Comprehensive analysis of ddos anomaly detection in software-defined networks. IEEE Access, 13, 23013-23071. https://doi.org/10.1109/ACCESS.2025.3535943

Hossain, M. A., & Islam, M. S. (2024). Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: A promising solution for robust cybersecurity. Measurement: Sensors, 32, 101037. https://doi.org/10.1016/j.measen.2024.101037

Issa, A. A., & Albayrak, Z. (2023). DDoS attack intrusion detection system based on hybridization of CNN and LSTM. Acta Polytechnica Hungarica, 20(2), 105-123. https://doi.org/10.12700/APH.20.2.2023.2.6

Jaafar, A. G., Suhaimi, N. H. S., Ghali, A. A., Mansor, H., Samy, G. N., Kama, N., & Hassan, N. H. (2025). A Review of Detection Challenge for Signature and Anomaly-Based Detection in Detecting HTTP DDoS Attacks. Open International Journal of Informatics, 13(2), 1-18. https://doi.org/10.11113/oiji2025.13n2.345

Li, C., Liu, J., Lu, B., & Luo, Y. (2021). Cost-aware automatic scaling and workload-aware replica management for edge-cloud environment. Journal of Network and Computer Applications, 180, 103017. https://doi.org/10.1016/j.jnca.2021.103017

Ma, R., Chen, X., & Zhai, R. (2023). A DDoS Attack Detection Method Based on Natural Selection of Features and Models. Electronics, 12(4), 1059. https://doi.org/10.3390/electronics12041059

Ma, R., Wang, Q., Bu, X., & Chen, X. (2023). Real-Time Detection of DDoS Attacks Based on Random Forest in SDN. Applied Sciences, 13(13), 7872. https://doi.org/10.3390/app13137872

Mallidi, S. K. R., & Ramisetty, R. R. (2025). Embedded-filter ACO using clustering based mutual information for feature selection. Journal of Combinatorial Optimization, 49(2), 27. https://doi.org/10.1007/s10878-025-01259-6

Martinović, M., Dokic, K., & Pudić, D. (2025). Comparative analysis of machine learning models for predicting innovation outcomes: an applied AI approach. Applied Sciences, 15(7), 3636. https://doi.org/10.3390/app15073636

Poonia, L., & Tinker, S. (2025). A comprehensive analysis of the types, impacts, prevention, and mitigation of ddos attacks. Recent Patents on Engineering, 19(9), E18722121322166. https://doi.org/10.2174/0118722121322166240828112546

Shah, S. N. A., Issar, K., & Parveen, R. (2026). A hybrid feature extraction framework combining PCA and mutual information for gene expression based lung cancer classification. PloS one, 21(2), e0342160. https://doi.org/10.1371/journal.pone.0342160

Talukder, M. A., & Uddin, M. A. (2023). Cic-ddos2019 dataset. Mendeley Data, 1. Mendeley. https://doi.org/10.17632/SSNC74XM6R.1

Tymoshchuk, D., Yasniy, O., Mytnyk, M., Zagorodna, N., & Tymoshchuk, V. (2024). Detection and classification of DDoS flooding attacks by machine learning method. arXiv preprint arXiv:2412.18990. https://doi.org/10.48550/ARXIV.2412.18990

Yuan, M., & Yang, K. (2025). Deep Learning Network Intrusion Detection Based on MI-XGBoost Feature Selection. Journal of Cyber Security, 7(1), 197–219. https://doi.org/10.32604/jcs.2025.066089

Zhang, R., Li, Z., & Gao, F. (2025). Modeling and diagnosis of industrial system using hybrid deep residual shrinkage network and XGBoost. Process Safety and Environmental Protection, 200, 107438. https://doi.org/10.1016/j.psep.2025.107438