International Journal of Advanced Technology and Engineering Exploration ISSN (Print): 2394-5443    ISSN (Online): 2394-7454 Volume-12 Issue-129 August-2025
  1. 4037
    Citations
  2. 2.7
    CiteScore
A hybrid machine learning framework for detecting LDoS attacks using hyperparameter optimization and principal component analysis

Heyshanthini Pandiyakumari S1 and Suganya R2

Research Scholar, New Horizon College of Engineering,Bangalore, Kadubeesanahalli, Bengaluru, Karnataka 560103,India1
Associate Professor, New Horizon College of Engineering,Bangalore, Kadubeesanahalli, Bengaluru, Karnataka 560103,India2
Corresponding Author : Heyshanthini Pandiyakumari S

Recieved : 16-December-2024; Revised : 26-August-2025; Accepted : 27-August-2025

Abstract

In today’s digitized world, people increasingly rely on intelligent machines to perform everyday tasks. The rapid surge in smart devices has led to a corresponding rise in security vulnerabilities. Among these, the low-rate denial of service (LDoS) attack stands out as particularly dangerous due to its stealthy and variable nature, posing significant challenges for existing intrusion detection systems (IDS). A hybrid approach was proposed to investigate LDoS attack characteristics by combining hyperparameter optimization (HPO) with principal component analysis (PCA). To address the issue of dataset imbalance, the synthetic minority over-sampling technique (SMOTE) is employed. PCA is utilized for dimensionality reduction, with the primary hyperparameter to optimize being n_components, which is fine-tuned using HPO. The study uses the CIC-IDS-2017 and CSE-CIC-IDS2018 datasets to emphasize the importance of dimensionality reduction in improving detection performance. The proposed hybrid method, termed HPO-SMOTE-PCA, is applied to analyze LDoS traffic and extract relevant features. A notable trade-off between the true positive rate (TPR) and accuracy has been observed in prior studies; this research aims to enhance both metrics using the proposed approach. Various machine learning classifiers were trained on the selected features, including logistic regression (LR), support vector machine (SVM), decision tree (DT), random forest (RF), K-nearest neighbors (KNN), kernel SVM, Gradient Boosting, extreme gradient boosting (XGBoost), and naive Bayes (NB). Among them, RF and KNN achieved outstanding results, with KNN attaining a 99.9% detection rate for positive anomalies. PCA, when configured with the optimal number of components, delivered strong results in terms of both mean reconstruction error (MRE) and explained variance ratio (EVR). Overall, KNN emerged as the top-performing classifier across all key metrics, including accuracy, TPR, MRE, and EVR.

Keywords

Low-rate denial of service (LDoS), Intrusion detection system (IDS), Principal component analysis (PCA), Hyperparameter optimization (HPO), Synthetic minority over-sampling technique (SMOTE), Machine learning classifiers.

Cite this article

S HP, R S. A hybrid machine learning framework for detecting LDoS attacks using hyperparameter optimization and principal component analysis. International Journal of Advanced Technology and Engineering Exploration. 2025;12(129):1326-1346. DOI : 10.19101/IJATEE.2024.111102213

References
[1]
Waqas M, Tu S, Halim Z, Rehman SU, Abbas G, Abbas ZH. The role of artificial intelligence and machine learning in wireless networks security: Principle, practice and challenges. Artificial Intelligence Review. 2022; 55(7):5215-61.
[Crossref] [Google Scholar]
[2]
Prajapati P, Bhatt B, Zalavadiya G, Ajwalia M, Shah P. A review on recent intrusion detection systems and intrusion prevention systems in IoT. In 11th international conference on cloud computing, data science & engineering (Confluence) 2021 (pp. 588-93). IEEE.
[Crossref] [Google Scholar]
[3]
Yousef D. Unveiling the stealthy threat: low-rate denial of service (LDoS) attacks. InKey Issues in Network Protocols and Security. 2024. IntechOpen.
[Crossref] [Google Scholar]
[4]
Rao GS, Subbarao PK. A novel framework for detection of dos/ddos attack using deep learning techniques, and an approach to mitigate the impact of dos/ddos attack in network environment. International Journal of Intelligent Systems and Applications in Engineering. 2024; 12(1):450-66.
[Google Scholar]
[5]
Tang D, Cao H, Zhang J, Qin Z, Liang W, Ma X. EXCLF:a LDoS attack detection & mitigation model based on programmable data plane. Computer Networks. 2024; 252:110666.
[Crossref] [Google Scholar]
[6]
Shi W, Tang D, Zhan S, Qin Z, Wang X. An approach for detecting LDoS attack based on cloud model. Frontiers of Computer Science. 2022; 16(6):166821.
[Crossref] [Google Scholar]
[7]
Tang D, Chen J, Wang X, Zhang S, Yan Y. A new detection method for LDoS attacks based on data mining. Future Generation Computer Systems. 2022; 128:73-87.
[Crossref] [Google Scholar]
[8]
Zhijun W, Wenjing L, Liang L, Meng Y. Low-rate DoS attacks, detection, defense, and challenges: a survey. IEEE Access. 2020; 8:43920-43.
[Crossref] [Google Scholar]
[9]
Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. Journal of Artificial Intelligence Research. 2002; 16:321-57.
[Crossref] [Google Scholar]
[10]
Rios V, Inacio P, Magoni D, Freire M. Detection of slowloris attacks using machine learning algorithms. In proceedings of the 39th ACM/SIGAPP symposium on applied computing 2024 (pp. 1321-30). ACM.
[Crossref] [Google Scholar]
[11]
Salih AO. Exploring LDoS attack detection in SDNs using machine learning techniques. Engineering, Technology & Applied Science Research. 2025; 15(1):19568-74.
[Crossref] [Google Scholar]
[12]
Liu Y, Sun D, Zhang R, Li W. A method for detecting LDoS attacks in SDWSN based on compressed hilbert–huang transform and convolutional neural networks. Sensors. 2023; 23(10):1-14.
[Crossref] [Google Scholar]
[13]
Li X, Zheng K, Tang D, Qin Z, Zheng Z, Zhang S. LDoS attack detection based on ASNNC-OOFA algorithm. In wireless communications and networking conference (WCNC) 2021 (pp. 1-6). IEEE.
[Crossref] [Google Scholar]
[14]
Sun W, Guan S, Wang P, Wu Q. A hybrid deep learning model based low‐rate DoS attack detection method for software defined network. Transactions on Emerging Telecommunications Technologies. 2022; 33(5):e4443.
[Crossref] [Google Scholar]
[15]
Kampourakis V, Makrakis GM, Kolias C. From seek-and-destroy to split-and-destroy: connection partitioning as an effective tool against low-rate dos attacks. Future Internet. 2024; 16(4):1-31.
[Crossref] [Google Scholar]
[16]
Ilango HS, Ma M, Su R. Low rate DoS attack detection in IoT-SDN using deep learning. In international conferences on internet of things (IThings) and IEEE green computing & communications (GreenCom) and IEEE cyber, physical & social computing (CPSCom) and IEEE smart data (SmartData) and IEEE congress on cybermatics (Cybermatics) 2021 (pp. 115-20). IEEE.
[Crossref] [Google Scholar]
[17]
Haddadi M, Khiat A, Bouaoud H, Djehiche H. SPGDAD: slow HTTP-Get denial of service attack detection using ontology. Information Security Journal: A Global Perspective. 2025; 34(1):79-87.
[Crossref] [Google Scholar]
[18]
Tang D, Yan Y, Dai R, Qin Z, Chen J, Zhang D. A novel LDoS attack detection method based on reconstruction anomaly. Cluster Computing. 2022; 25(2):1373-92.
[Crossref] [Google Scholar]
[19]
Batchu RK, Bikku T, Thota S, Seetha H, Ayoade AA. A novel optimization-driven deep learning framework for the detection of DDoS attacks. Scientific Reports. 2024; 14(1):1-16.
[Crossref] [Google Scholar]
[20]
Xie S, Xing C, Zhang G, Zhao J. A table overflow Ldos attack defending mechanism in software‐defined networks. Security and Communication Networks. 2021; 2021(1):1-16.
[Crossref] [Google Scholar]
[21]
Wu Z, Yin Y, Li G, Yue M. Coherent detection of synchronous low‐rate DoS attacks. Security and Communication Networks. 2021; 2021(1):6694264.
[Crossref] [Google Scholar]
[22]
Hossain MA, Islam MS. Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: a promising solution for robust cybersecurity. Measurement: Sensors. 2024; 32:101037.
[Crossref] [Google Scholar]
[23]
Yuvaraja T, Rajan SJWG, Ashokkumar SR, Premkumar M. Detecting and mitigating low-rate DoS and DDoS attacks: multimodal fusion of time-frequency analysis and deep learning model. Tehnički Vjesnik. 2024; 31(2):495-501.
[Crossref] [Google Scholar]
[24]
Fu Y, Duan X, Wang K, Li B. Low-rate denial of service attack detection method based on time-frequency characteristics. Journal of Cloud Computing. 2022; 11(1):1-19.
[Crossref] [Google Scholar]
[25]
Hongsong C, Caixia M, Zhongchuan F, Lee CH. Novel LDoS attack detection by Spark‐assisted correlation analysis approach in wireless sensor network. IET Information Security. 2020; 14(4):452-8.
[Crossref] [Google Scholar]
[26]
Ahir DD, Shaikh NF. Understanding issues and challenges posed by LDoS, FRC attacks on cloud environment. Results in Control and Optimization. 2025; 18:100512.
[Crossref] [Google Scholar]
[27]
Rajakumaran G, Venkataraman N, Quadir A. Early detection of LDoS attack using SNMP MIBs. In ITM web of conferences 2021 (pp. 1-8). EDP Sciences.
[Crossref] [Google Scholar]
[28]
Zhang H, Huang L, Wu CQ, Li Z. An effective convolutional neural network based on SMOTE and gaussian mixture model for intrusion detection in imbalanced dataset. Computer Networks. 2020; 177:107315.
[Crossref] [Google Scholar]
[29]
Dash SK, Dash S, Mahapatra S, Mohanty SN, Khan MI, Medani M, et al. Enhancing DDoS attack detection in IoT using PCA. Egyptian Informatics Journal. 2024; 25:100450.
[Google Scholar]
[30]
Akiba T, Sano S, Yanase T, Ohta T, Koyama M. Optuna: a next-generation hyperparameter optimization framework. In proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining 2019 (pp. 2623-31). ACM.
[Crossref] [Google Scholar]
[31]
Probst P, Boulesteix AL, Bischl B. Tunability: importance of hyperparameters of machine learning algorithms. Journal of Machine Learning Research. 2019; 20(53):1-32.
[Google Scholar]
[32]
Kim M. Supervised learning‐based DDoS attacks detection: tuning hyperparameters. ETRI Journal. 2019; 41(5):560-73.
[Crossref] [Google Scholar]
[33]
Wu J, Chen XY, Zhang H, Xiong LD, Lei H, Deng SH. Hyperparameter optimization for machine learning models based on bayesian optimization. Journal of Electronic Science and Technology. 2019; 17(1):26-40.
[Crossref] [Google Scholar]
[34]
Liu L, Yin Y, Wu Z, Pan Q, Yue M. LDoS attack detection method based on traffic classification prediction. IET Information Security. 2022; 16(2):86-96.
[Crossref] [Google Scholar]
[35]
Ilango HS, Ma M, Su R. A feedforward–convolutional neural network to detect low-rate DOS in IoT. Engineering Applications of Artificial Intelligence. 2022; 114:1-10.
[Crossref] [Google Scholar]