Hybrid Approach for Detection and Mitigation of DDoS Attacks Using Multi-feature Selection, Unsupervised Learning, and Game Theory, Journal of Telecommunications and Information Technology, 2025

Kachavimath, Amit; D.G., Narayan

- ris
- BibTeX

Hybrid Approach for Detection and Mitigation of DDoS Attacks Using Multi-feature Selection, Unsupervised Learning, and Game Theory, Journal of Telecommunications and Information Technology, 2025 Kachavimath, Amit; D.G., Narayan

Object structure

Hybrid Approach for Detection and Mitigation of DDoS Attacks Using Multi-feature Selection, Unsupervised Learning, and Game Theory, Journal of Telecommunications and Information Technology, 2025

2025, nr 4, JTIT-artykuły

Kachavimath, Amit ; D.G., Narayan

agglomerative clustering ; DDoS attacks ; game theory ; SDN ; unsupervised learning

kwartalnik

Software-defined networking (SDN) is now widely used in modern network infrastructures, but its centralized control design makes it vulnerable to distributed denial of service (DDoS) attacks targeting the SDN controller. These attacks are capable of disrupting the operation of the network and reducing its availability for genuine users. Existing detection and mitigation methods often suffer from numerous drawbacks, such as high computational costs and frequent false alarms, especially with standard machine learning or basic unsupervised approaches. To address these issues, a new framework is proposed that relies on multistep feature selection methods, including SelectKBest, ANOVA-F, and random forest to select the most important network features, to detect anomalies in an unsupervised manner using agglomerative clustering in order identify suspicious hosts, and to mitigate adverse impacts by relying on posterior probability and game theory. An evaluation conducted using benchmark datasets and validated through Mininet emulation demonstrates that the approach achieves better performance with silhouette scores of 0.86 for InSDN and 0.95 for Mininet. The framework efficiently computes reputation scores to distinguish malicious hosts, thus enabling to rely on adaptive defense against evolving attack patterns while maintaining minimal computational overhead.

National Institute of Telecommunications

artykuł

10.26636/jtit.2025.4.2261

on-line: ISSN 1899-8852

Journal of Telecommunications and Information Technology

ang

Biblioteka Naukowa Instytutu Łączności

CC BY 4.0

Citation