Adaptive DDoS attack detection via packet payload feature selection

Abstract Distributed Denial of Service attacks (DDoS) are a common and influential network malicious behavior. The timely and accurate detection of Distributed Denial-of-Service (DDoS) attacks constitutes a critically significant research imperative in cyber security. Most current research focuses on classification based on statistical characteristics of network traffic, but less considers the significance of packet payload feature for DDoS attack identification. This paper proposes an adaptive DDoS detection framework integrating machine learning with payload feature engineering. The methodology comprises three phases: 1) constructing a heterogeneous task classification system based on packet metadata analysis, 2) establishing a hierarchical keyword lexicon through payload decomposition and feature pattern mining, followed by feature vector transformation via numerical encoding, and 3) implementing supervised learning algorithms for discriminative model training and feature validity verification. This multilevel feature engineering approach demonstrates enhanced adaptability in DDoS attack pattern recognition compared to conventional detection paradigms. Test results on the public datasets CIC-DDoS-2019, ISCX-SlowDoS-2016 and DoS/DDoS-MQTT-IoT show that the average detection rate of the method in this paper reaches 98.9% for attack behaviors, and the false alarm rate is only 0.1%.