Classification of DDoS Attacks based on Network Traffic Patterns Using the k-Nearest Neighbor (k-NN) Algorithm
Main Article Content
Abstract
Many server attacks disrupt industrial or business operations. Attacks that flood bandwidth with simultaneous requests can overwhelm a system, leading to significant downtime and financial losses. Additionally, breaches that compromise sensitive data can damage a company's reputation and erode customer trust. DDoS attacks, or Distributed Denial of Service attacks, are among the most common types of server attacks. DDoS has been proven to cause server downtime, and one effective way to mitigate this attack is to detect and classify it using a machine learning approach. The K-Nearest Neighbor (KNN) algorithm, a simple yet effective classification method based on similarity measures, is known for its high accuracy. The current research builds upon two stages: the feature extraction stage and the classification stage, with the ultimate goal of improving the accuracy of DDoS identification using the CICDDoS2019 dataset. Based on this premise, the detection accuracy can be improved by enhancing these two stages. At a value of k equal to 3, this study produces an accuracy of 99.73%.
Article Details
How to Cite
Faiz, M., Maharrani, R. H., Sari, L., Muhammad, A. W., & Supriyono, A. R. (2025). Classification of DDoS Attacks based on Network Traffic Patterns Using the k-Nearest Neighbor (k-NN) Algorithm. Journal of Informatics Information System Software Engineering and Applications (INISTA), 7(2), 173-182. https://doi.org/10.20895/inista.v7i2.1834
Section
Articles
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License (CC BY-SA 4.0) that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
References
[1] S. S. Ahmed, “A Study of Machine Learning Algorithms for DDoS Detection,” Int. J. Res. Appl. Sci. Eng. Technol., vol. 9, no. VI, pp. 174–178, 2021, doi: 10.22214/ijraset.2021.34922.
[2] A. W. Muhammad, I. Riadi, and S. Sunardi, “Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window,” JISKA (Jurnal Inform. Sunan Kalijaga), vol. 1, no. 3, p. 115, 2017, doi: 10.14421/jiska.2017.13-03.
[3] M. Imthiyas, S. Wani, R. Abdulkhaleq, A. Abdulghafor, A. A. Ibrahim, and A. Hafeez, “DDoS Mitigation : A review of Content Delivery Network and its DDoS Defense techniques,” Int. J. Perceptive Cogn. Comput., vol. 6, no. 2, pp. 67–76, 2020.
[4] C. Kamtoso, A. Noertjahyana, and R. Intan, “Kombinasi Metode Partial Rank Correlation dan Flow Correlation Coefficient untuk Membedakan DDoS dengan Flash Crowds,” J. Infra, vol. 9, no. 1, pp. 116–121, 2019.
[5] Cisco, “Cisco Annual Internet Report (2018–2023),” Cisco Annual Internet Report, 2020. https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html (accessed Jan. 20, 2023).
[6] Muhammad Nur Faiz, Oman Somantri, and Arif Wirawan Muhammad, “Machine Learning-Based Feature Engineering to Detect DDoS Attacks,” J. Nas. Tek. Elektro dan Teknol. Inf., vol. 11, no. 3, pp. 176–182, Aug. 2022, doi: 10.22146/jnteti.v11i3.3423.
[7] M. Aziz, R. Umar, and F. Ridho, “Implemetasi Jaringan Saraf Tiruan untuk Mendeteksi Serangan DDoS pada Forensik Jaringan,” QUERY J. Sist. Inf., vol. 03, no. 1, pp. 3–9, 2019, doi: 10.58836/query.v3i1.4423.
[8] D. Kumar, R. K. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, “DDoS Detection using Deep Learning,” Procedia Comput. Sci., vol. 218, pp. 2420–2429, 2023, doi: 10.1016/j.procs.2023.01.217.
[9] T. Aytaç, M. A. Aydın, and A. H. Zaim, “Detection DDoS Attacks using Machine Learning Methods,” Electrica, vol. 20, no. 2, pp. 159–167, 2020, doi: 10.5152/electrica.2020.20049.
[10] A. W. Muhammad, M. N. Faiz, and U. Athiyah, “Pengembangan Perangkat Lunak Untuk Deteksi DDoS Berbasis Neural Network,” Infotekmesin, vol. 13, no. 02, pp. 301–307, 2022, doi: 10.35970/infotekmesin.v13i2.1396.
[11] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2019-Octob, no. December, 2019, doi: 10.1109/CCST.2019.8888419.
[12] E. M. Bårli, A. Yazidi, E. H. Viedma, and H. Haugerud, “DoS and DDoS mitigation using Variational Autoencoders,” Comput. Networks, vol. 199, no. June, p. 108399, 2021, doi: 10.1016/j.comnet.2021.108399.
[13] M. N. Faiz, O. Somantri, A. R. Supriyono, and A. W. Muhammad, “Impact of Feature Selection Methods on Machine Learning-based for Detecting DDoS Attacks : Literature Review,” J. Informatics Telecommun. Eng., vol. 5, no. 2, pp. 305–314, 2022, doi: 10.31289/jite.v5i2.6112.
[14] N. Bindra and M. Sood, “Evaluating the impact of feature selection methods on the performance of the machine learning models in detecting DDoS attacks,” Rom. J. Inf. Sci. Technol., vol. 23, no. 3, pp. 250–261, 2020.
[15] W. A. Prabowo, K. Fauziah, A. S. Nahrowi, M. N. Faiz, and A. W. Muhammad, “Strengthening Network Security: Evaluation of Intrusion Detection and Prevention Systems Tools in Networking Systems,” Int. J. Adv. Comput. Sci. Appl., vol. 14, no. 9, pp. 1–10, 2023, doi: 10.14569/IJACSA.2023.0140934.
[16] A. Erfan, “DDoS Attack Detection Scheme using Hybrid Ensemble Learning And GA Algorithm for Internet of Things,” J. Archaeol. Egypt/Egyptology, vol. 18, no. 18, pp. 521–546, 2021.
[17] F. Acito, “k Nearest Neighbors,” in Predictive Analytics with KNIME, Cham: Springer Nature Switzerland, 2023, pp. 209–227. doi: 10.1007/978-3-031-45630-5_10.
[18] V. B and R. Gangula, “Exploring the Power and Practical Applications of K-Nearest Neighbours (KNN) in Machine Learning,” J. Comput. Allied Intell., vol. 2, no. 1, pp. 8–15, Feb. 2024, doi: 10.69996/jcai.2024002.
[19] G. Kaur, P. Gupta, and Y. Kumar, “Detection Mechanism Using Transductive Learning and Support Vectors for Software-Defined Networks,” Int. J. Inf. Retr. Res., vol. 12, no. 3, pp. 1–22, 2022, doi: 10.4018/ijirr.300293.
[20] S. S. Priya, M. Sivaram, D. Yuvaraj, and A. Jayanthiladevi, “Machine Learning based DDOS Detection,” in 2020 International Conference on Emerging Smart Computing and Informatics (ESCI), Mar. 2020, pp. 234–237. doi: 10.1109/ESCI48226.2020.9167642.
[21] Mustakim; and G. Oktaviani, “Algoritma K-Nearest Neighbor Classification Sebagai Sistem Prediksi Predikat Prestasi Mahasiswa,” J. Sains, Teknol. dan Ind., vol. 13, no. 2, pp. 195–202, 2016.
[22] S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J. Big Data, vol. 7, no. 1, pp. 1–20, 2020, doi: 10.1186/s40537-020-00379-6.
[23] A. R. Chrismanto, Y. Lukito, and A. Susilo, “Implementasi Distance Weighted K-Nearest Neighbor Untuk Klasifikasi Spam & Non-Spam Pada Komentar Instagram,” J. Edukasi dan Penelit. Inform., vol. 6, no. 2, p. 236, 2020, doi: 10.26418/jp.v6i2.39996.
[24] Y. Liao and V. R. Vemuri, “Use of K-Nearest Neighbor classifier for intrusion detection,” Comput. Secur., vol. 21, no. 5, pp. 439–448, Oct. 2002, doi: 10.1016/S0167-4048(02)00514-X.
[25] R. M. A. Mohammad, M. K. Alsmadi, I. Almarashdeh, and M. Alzaqebah, “An improved rule induction based denial of service attacks classification model,” Comput. Secur., vol. 99, 2020, doi: 10.1016/j.cose.2020.102008.
[26] M. Aamir and S. M. A. Zaidi, “DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation,” Int. J. Inf. Secur., vol. 18, no. 6, pp. 761–785, 2019, doi: 10.1007/s10207-019-00434-1.
[27] M. N. and J. B., “A deep learning based HTTP slow DoS classification approach using flow data,” ICT Express, vol. 7, no. 2, pp. 210–214, Jun. 2021, doi: 10.1016/j.icte.2020.08.005.
[28] Y. Feng and J. Li, Toward Explainable and Adaptable Detection and Classification of Distributed Denial-of-Service Attacks, vol. 1271 CCIS, no. March. Springer International Publishing, 2020. doi: 10.1007/978-3-030-59621-7_6.
[29] A. Hakeem and A. Attiah, “Machine Learning-Based Approach for Detecting DDoS Attacks in Software Defined Networks,” Int. J. Comput. Appl., vol. 186, no. 43, pp. 1–9, Sep. 2024, doi: 10.5120/ijca2024924031.
[30] M. Tahir, A. Abdullah, N. I. Udzir, and K. A. Kasmiran, “A novel approach for handling missing data to enhance network intrusion detection system,” Cyber Secur. Appl., vol. 3, no. March 2024, 2025, doi: 10.1016/j.csa.2024.100063.
[31] A. G. Ayad, N. A. Sakr, and N. A. Hikal, “A hybrid approach for efficient feature selection in anomaly intrusion detection for IoT networks,” J. Supercomput., vol. 80, no. 19, pp. 26942–26984, Dec. 2024, doi: 10.1007/s11227-024-06409-x.
[32] Y. Zhou, H. Xia, D. Yu, J. Cheng, and J. Li, “Outlier detection method based on high-density iteration,” Inf. Sci. (Ny)., vol. 662, p. 120286, Mar. 2024, doi: 10.1016/j.ins.2024.120286.
[33] K. Bouzoubaa, Y. Taher, and B. Nsiri, “Predicting DOS-DDOS Attacks: Review and Evaluation Study of Feature Selection Methods based on Wrapper Process,” Int. J. Adv. Comput. Sci. Appl., vol. 12, no. 5, pp. 132–145, 2021, doi: 10.14569/IJACSA.2021.0120517.
[2] A. W. Muhammad, I. Riadi, and S. Sunardi, “Deteksi Serangan DDoS Menggunakan Neural Network dengan Fungsi Fixed Moving Average Window,” JISKA (Jurnal Inform. Sunan Kalijaga), vol. 1, no. 3, p. 115, 2017, doi: 10.14421/jiska.2017.13-03.
[3] M. Imthiyas, S. Wani, R. Abdulkhaleq, A. Abdulghafor, A. A. Ibrahim, and A. Hafeez, “DDoS Mitigation : A review of Content Delivery Network and its DDoS Defense techniques,” Int. J. Perceptive Cogn. Comput., vol. 6, no. 2, pp. 67–76, 2020.
[4] C. Kamtoso, A. Noertjahyana, and R. Intan, “Kombinasi Metode Partial Rank Correlation dan Flow Correlation Coefficient untuk Membedakan DDoS dengan Flash Crowds,” J. Infra, vol. 9, no. 1, pp. 116–121, 2019.
[5] Cisco, “Cisco Annual Internet Report (2018–2023),” Cisco Annual Internet Report, 2020. https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html (accessed Jan. 20, 2023).
[6] Muhammad Nur Faiz, Oman Somantri, and Arif Wirawan Muhammad, “Machine Learning-Based Feature Engineering to Detect DDoS Attacks,” J. Nas. Tek. Elektro dan Teknol. Inf., vol. 11, no. 3, pp. 176–182, Aug. 2022, doi: 10.22146/jnteti.v11i3.3423.
[7] M. Aziz, R. Umar, and F. Ridho, “Implemetasi Jaringan Saraf Tiruan untuk Mendeteksi Serangan DDoS pada Forensik Jaringan,” QUERY J. Sist. Inf., vol. 03, no. 1, pp. 3–9, 2019, doi: 10.58836/query.v3i1.4423.
[8] D. Kumar, R. K. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, “DDoS Detection using Deep Learning,” Procedia Comput. Sci., vol. 218, pp. 2420–2429, 2023, doi: 10.1016/j.procs.2023.01.217.
[9] T. Aytaç, M. A. Aydın, and A. H. Zaim, “Detection DDoS Attacks using Machine Learning Methods,” Electrica, vol. 20, no. 2, pp. 159–167, 2020, doi: 10.5152/electrica.2020.20049.
[10] A. W. Muhammad, M. N. Faiz, and U. Athiyah, “Pengembangan Perangkat Lunak Untuk Deteksi DDoS Berbasis Neural Network,” Infotekmesin, vol. 13, no. 02, pp. 301–307, 2022, doi: 10.35970/infotekmesin.v13i2.1396.
[11] I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy,” Proc. - Int. Carnahan Conf. Secur. Technol., vol. 2019-Octob, no. December, 2019, doi: 10.1109/CCST.2019.8888419.
[12] E. M. Bårli, A. Yazidi, E. H. Viedma, and H. Haugerud, “DoS and DDoS mitigation using Variational Autoencoders,” Comput. Networks, vol. 199, no. June, p. 108399, 2021, doi: 10.1016/j.comnet.2021.108399.
[13] M. N. Faiz, O. Somantri, A. R. Supriyono, and A. W. Muhammad, “Impact of Feature Selection Methods on Machine Learning-based for Detecting DDoS Attacks : Literature Review,” J. Informatics Telecommun. Eng., vol. 5, no. 2, pp. 305–314, 2022, doi: 10.31289/jite.v5i2.6112.
[14] N. Bindra and M. Sood, “Evaluating the impact of feature selection methods on the performance of the machine learning models in detecting DDoS attacks,” Rom. J. Inf. Sci. Technol., vol. 23, no. 3, pp. 250–261, 2020.
[15] W. A. Prabowo, K. Fauziah, A. S. Nahrowi, M. N. Faiz, and A. W. Muhammad, “Strengthening Network Security: Evaluation of Intrusion Detection and Prevention Systems Tools in Networking Systems,” Int. J. Adv. Comput. Sci. Appl., vol. 14, no. 9, pp. 1–10, 2023, doi: 10.14569/IJACSA.2023.0140934.
[16] A. Erfan, “DDoS Attack Detection Scheme using Hybrid Ensemble Learning And GA Algorithm for Internet of Things,” J. Archaeol. Egypt/Egyptology, vol. 18, no. 18, pp. 521–546, 2021.
[17] F. Acito, “k Nearest Neighbors,” in Predictive Analytics with KNIME, Cham: Springer Nature Switzerland, 2023, pp. 209–227. doi: 10.1007/978-3-031-45630-5_10.
[18] V. B and R. Gangula, “Exploring the Power and Practical Applications of K-Nearest Neighbours (KNN) in Machine Learning,” J. Comput. Allied Intell., vol. 2, no. 1, pp. 8–15, Feb. 2024, doi: 10.69996/jcai.2024002.
[19] G. Kaur, P. Gupta, and Y. Kumar, “Detection Mechanism Using Transductive Learning and Support Vectors for Software-Defined Networks,” Int. J. Inf. Retr. Res., vol. 12, no. 3, pp. 1–22, 2022, doi: 10.4018/ijirr.300293.
[20] S. S. Priya, M. Sivaram, D. Yuvaraj, and A. Jayanthiladevi, “Machine Learning based DDOS Detection,” in 2020 International Conference on Emerging Smart Computing and Informatics (ESCI), Mar. 2020, pp. 234–237. doi: 10.1109/ESCI48226.2020.9167642.
[21] Mustakim; and G. Oktaviani, “Algoritma K-Nearest Neighbor Classification Sebagai Sistem Prediksi Predikat Prestasi Mahasiswa,” J. Sains, Teknol. dan Ind., vol. 13, no. 2, pp. 195–202, 2016.
[22] S. M. Kasongo and Y. Sun, “Performance Analysis of Intrusion Detection Systems Using a Feature Selection Method on the UNSW-NB15 Dataset,” J. Big Data, vol. 7, no. 1, pp. 1–20, 2020, doi: 10.1186/s40537-020-00379-6.
[23] A. R. Chrismanto, Y. Lukito, and A. Susilo, “Implementasi Distance Weighted K-Nearest Neighbor Untuk Klasifikasi Spam & Non-Spam Pada Komentar Instagram,” J. Edukasi dan Penelit. Inform., vol. 6, no. 2, p. 236, 2020, doi: 10.26418/jp.v6i2.39996.
[24] Y. Liao and V. R. Vemuri, “Use of K-Nearest Neighbor classifier for intrusion detection,” Comput. Secur., vol. 21, no. 5, pp. 439–448, Oct. 2002, doi: 10.1016/S0167-4048(02)00514-X.
[25] R. M. A. Mohammad, M. K. Alsmadi, I. Almarashdeh, and M. Alzaqebah, “An improved rule induction based denial of service attacks classification model,” Comput. Secur., vol. 99, 2020, doi: 10.1016/j.cose.2020.102008.
[26] M. Aamir and S. M. A. Zaidi, “DDoS attack detection with feature engineering and machine learning: the framework and performance evaluation,” Int. J. Inf. Secur., vol. 18, no. 6, pp. 761–785, 2019, doi: 10.1007/s10207-019-00434-1.
[27] M. N. and J. B., “A deep learning based HTTP slow DoS classification approach using flow data,” ICT Express, vol. 7, no. 2, pp. 210–214, Jun. 2021, doi: 10.1016/j.icte.2020.08.005.
[28] Y. Feng and J. Li, Toward Explainable and Adaptable Detection and Classification of Distributed Denial-of-Service Attacks, vol. 1271 CCIS, no. March. Springer International Publishing, 2020. doi: 10.1007/978-3-030-59621-7_6.
[29] A. Hakeem and A. Attiah, “Machine Learning-Based Approach for Detecting DDoS Attacks in Software Defined Networks,” Int. J. Comput. Appl., vol. 186, no. 43, pp. 1–9, Sep. 2024, doi: 10.5120/ijca2024924031.
[30] M. Tahir, A. Abdullah, N. I. Udzir, and K. A. Kasmiran, “A novel approach for handling missing data to enhance network intrusion detection system,” Cyber Secur. Appl., vol. 3, no. March 2024, 2025, doi: 10.1016/j.csa.2024.100063.
[31] A. G. Ayad, N. A. Sakr, and N. A. Hikal, “A hybrid approach for efficient feature selection in anomaly intrusion detection for IoT networks,” J. Supercomput., vol. 80, no. 19, pp. 26942–26984, Dec. 2024, doi: 10.1007/s11227-024-06409-x.
[32] Y. Zhou, H. Xia, D. Yu, J. Cheng, and J. Li, “Outlier detection method based on high-density iteration,” Inf. Sci. (Ny)., vol. 662, p. 120286, Mar. 2024, doi: 10.1016/j.ins.2024.120286.
[33] K. Bouzoubaa, Y. Taher, and B. Nsiri, “Predicting DOS-DDOS Attacks: Review and Evaluation Study of Feature Selection Methods based on Wrapper Process,” Int. J. Adv. Comput. Sci. Appl., vol. 12, no. 5, pp. 132–145, 2021, doi: 10.14569/IJACSA.2021.0120517.