A Study on Semi-Supervised Detection of DDoS Attacks under Class Imbalance

TL;DR

This paper evaluates 13 semi-supervised learning algorithms for detecting DDoS attacks in imbalanced and partially labeled datasets, aiming to enhance intrusion detection systems' robustness.

Contribution

It provides a comprehensive assessment of SSL techniques' effectiveness and limitations in real-world DDoS detection scenarios with class imbalance.

Findings

SSL algorithms vary in effectiveness under extreme conditions

Some algorithms outperform others in imbalanced data settings

Insights for designing robust IDSs against class imbalance

Abstract

One of the most difficult challenges in cybersecurity is eliminating Distributed Denial of Service (DDoS) attacks. Automating this task using artificial intelligence is a complex process due to the inherent class imbalance and lack of sufficient labeled samples of real-world datasets. This research investigates the use of Semi-Supervised Learning (SSL) techniques to improve DDoS attack detection when data is imbalanced and partially labeled. In this process, 13 state-of-the-art SSL algorithms are evaluated for detecting DDoS attacks in several scenarios. We evaluate their practical efficacy and shortcomings, including the extent to which they work in extreme environments. The results will offer insight into designing intelligent Intrusion Detection Systems (IDSs) that are robust against class imbalance and handle partially labeled data.