A hybrid machine learning framework for detecting LDoS attacks using hyperparameter optimization and principal component analysis
Heyshanthini Pandiyakumari S 1 and Suganya R2
Associate Professor, New Horizon College of Engineering,Bangalore, Kadubeesanahalli, Bengaluru, Karnataka 560103,2
Corresponding Author : Heyshanthini Pandiyakumari S
Recieved : 16-Dec-2024; Revised : 26-Aug-2025; Accepted : 27-Aug-2025
Abstract
In today’s digitized world, people increasingly rely on intelligent machines to perform everyday tasks. The rapid surge in smart devices has led to a corresponding rise in security vulnerabilities. Among these, the low-rate denial of service (LDoS) attack stands out as particularly dangerous due to its stealthy and variable nature, posing significant challenges for existing intrusion detection systems (IDS). A hybrid approach was proposed to investigate LDoS attack characteristics by combining hyperparameter optimization (HPO) with principal component analysis (PCA). To address the issue of dataset imbalance, the synthetic minority over-sampling technique (SMOTE) is employed. PCA is utilized for dimensionality reduction, with the primary hyperparameter to optimize being n_components, which is fine-tuned using HPO. The study uses the CIC-IDS-2017 and CSE-CIC-IDS2018 datasets to emphasize the importance of dimensionality reduction in improving detection performance. The proposed hybrid method, termed HPO-SMOTE-PCA, is applied to analyze LDoS traffic and extract relevant features. A notable trade-off between the true positive rate (TPR) and accuracy has been observed in prior studies; this research aims to enhance both metrics using the proposed approach. Various machine learning classifiers were trained on the selected features, including logistic regression (LR), support vector machine (SVM), decision tree (DT), random forest (RF), K-nearest neighbors (KNN), kernel SVM, Gradient Boosting, extreme gradient boosting (XGBoost), and naive Bayes (NB). Among them, RF and KNN achieved outstanding results, with KNN attaining a 99.9% detection rate for positive anomalies. PCA, when configured with the optimal number of components, delivered strong results in terms of both mean reconstruction error (MRE) and explained variance ratio (EVR). Overall, KNN emerged as the top-performing classifier across all key metrics, including accuracy, TPR, MRE, and EVR.
Keywords
Low-rate denial of service (LDoS), Intrusion detection system (IDS), Principal component analysis (PCA), Hyperparameter optimization (HPO), Synthetic minority over-sampling technique (SMOTE), Machine learning classifiers.
References
[1] Waqas M, Tu S, Halim Z, Rehman SU, Abbas G, Abbas ZH. The role of artificial intelligence and machine learning in wireless networks security: Principle, practice and challenges. Artificial Intelligence Review. 2022; 55(7):5215-61.
[2] Prajapati P, Bhatt B, Zalavadiya G, Ajwalia M, Shah P. A review on recent intrusion detection systems and intrusion prevention systems in IoT. In 11th international conference on cloud computing, data science & engineering (Confluence) 2021 (pp. 588-93). IEEE.
[3] Yousef D. Unveiling the stealthy threat: low-rate denial of service (LDoS) attacks. InKey Issues in Network Protocols and Security. 2024. IntechOpen.
[4] Rao GS, Subbarao PK. A novel framework for detection of dos/ddos attack using deep learning techniques, and an approach to mitigate the impact of dos/ddos attack in network environment. International Journal of Intelligent Systems and Applications in Engineering. 2024; 12(1):450-66.
[5] Tang D, Cao H, Zhang J, Qin Z, Liang W, Ma X. EXCLF:a LDoS attack detection & mitigation model based on programmable data plane. Computer Networks. 2024; 252:110666.
[6] Shi W, Tang D, Zhan S, Qin Z, Wang X. An approach for detecting LDoS attack based on cloud model. Frontiers of Computer Science. 2022; 16(6):166821.
[7] Tang D, Chen J, Wang X, Zhang S, Yan Y. A new detection method for LDoS attacks based on data mining. Future Generation Computer Systems. 2022; 128:73-87.
[8] Zhijun W, Wenjing L, Liang L, Meng Y. Low-rate DoS attacks, detection, defense, and challenges: a survey. IEEE Access. 2020; 8:43920-43.
[9] Chawla NV, Bowyer KW, Hall LO, Kegelmeyer WP. SMOTE: synthetic minority over-sampling technique. Journal of Artificial Intelligence Research. 2002; 16:321-57.
[10] Rios V, Inacio P, Magoni D, Freire M. Detection of slowloris attacks using machine learning algorithms. In proceedings of the 39th ACM/SIGAPP symposium on applied computing 2024 (pp. 1321-30). ACM.
[11] Salih AO. Exploring LDoS attack detection in SDNs using machine learning techniques. Engineering, Technology & Applied Science Research. 2025; 15(1):19568-74.
[12] Liu Y, Sun D, Zhang R, Li W. A method for detecting LDoS attacks in SDWSN based on compressed hilbert–huang transform and convolutional neural networks. Sensors. 2023; 23(10):1-14.
[13] Li X, Zheng K, Tang D, Qin Z, Zheng Z, Zhang S. LDoS attack detection based on ASNNC-OOFA algorithm. In wireless communications and networking conference (WCNC) 2021 (pp. 1-6). IEEE.
[14] Sun W, Guan S, Wang P, Wu Q. A hybrid deep learning model based low‐rate DoS attack detection method for software defined network. Transactions on Emerging Telecommunications Technologies. 2022; 33(5):e4443.
[15] Kampourakis V, Makrakis GM, Kolias C. From seek-and-destroy to split-and-destroy: connection partitioning as an effective tool against low-rate dos attacks. Future Internet. 2024; 16(4):1-31.
[16] Ilango HS, Ma M, Su R. Low rate DoS attack detection in IoT-SDN using deep learning. In international conferences on internet of things (IThings) and IEEE green computing & communications (GreenCom) and IEEE cyber, physical & social computing (CPSCom) and IEEE smart data (SmartData) and IEEE congress on cybermatics (Cybermatics) 2021 (pp. 115-20). IEEE.
[17] Haddadi M, Khiat A, Bouaoud H, Djehiche H. SPGDAD: slow HTTP-Get denial of service attack detection using ontology. Information Security Journal: A Global Perspective. 2025; 34(1):79-87.
[18] Tang D, Yan Y, Dai R, Qin Z, Chen J, Zhang D. A novel LDoS attack detection method based on reconstruction anomaly. Cluster Computing. 2022; 25(2):1373-92.
[19] Batchu RK, Bikku T, Thota S, Seetha H, Ayoade AA. A novel optimization-driven deep learning framework for the detection of DDoS attacks. Scientific Reports. 2024; 14(1):1-16.
[20] Xie S, Xing C, Zhang G, Zhao J. A table overflow Ldos attack defending mechanism in software‐defined networks. Security and Communication Networks. 2021; 2021(1):1-16.
[21] Wu Z, Yin Y, Li G, Yue M. Coherent detection of synchronous low‐rate DoS attacks. Security and Communication Networks. 2021; 2021(1):6694264.
[22] Hossain MA, Islam MS. Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: a promising solution for robust cybersecurity. Measurement: Sensors. 2024; 32:101037.
[23] Yuvaraja T, Rajan SJWG, Ashokkumar SR, Premkumar M. Detecting and mitigating low-rate DoS and DDoS attacks: multimodal fusion of time-frequency analysis and deep learning model. Tehnički Vjesnik. 2024; 31(2):495-501.
[24] Fu Y, Duan X, Wang K, Li B. Low-rate denial of service attack detection method based on time-frequency characteristics. Journal of Cloud Computing. 2022; 11(1):1-19.
[25] Hongsong C, Caixia M, Zhongchuan F, Lee CH. Novel LDoS attack detection by Spark‐assisted correlation analysis approach in wireless sensor network. IET Information Security. 2020; 14(4):452-8.
[26] Ahir DD, Shaikh NF. Understanding issues and challenges posed by LDoS, FRC attacks on cloud environment. Results in Control and Optimization. 2025; 18:100512.
[27] Rajakumaran G, Venkataraman N, Quadir A. Early detection of LDoS attack using SNMP MIBs. In ITM web of conferences 2021 (pp. 1-8). EDP Sciences.
[28] Zhang H, Huang L, Wu CQ, Li Z. An effective convolutional neural network based on SMOTE and gaussian mixture model for intrusion detection in imbalanced dataset. Computer Networks. 2020; 177:107315.
[29] Dash SK, Dash S, Mahapatra S, Mohanty SN, Khan MI, Medani M, et al. Enhancing DDoS attack detection in IoT using PCA. Egyptian Informatics Journal. 2024; 25:100450.
[30] Akiba T, Sano S, Yanase T, Ohta T, Koyama M. Optuna: a next-generation hyperparameter optimization framework. In proceedings of the 25th ACM SIGKDD international conference on knowledge discovery & data mining 2019 (pp. 2623-31). ACM.
[31] Probst P, Boulesteix AL, Bischl B. Tunability: importance of hyperparameters of machine learning algorithms. Journal of Machine Learning Research. 2019; 20(53):1-32.
[32] Kim M. Supervised learning‐based DDoS attacks detection: tuning hyperparameters. ETRI Journal. 2019; 41(5):560-73.
[33] Wu J, Chen XY, Zhang H, Xiong LD, Lei H, Deng SH. Hyperparameter optimization for machine learning models based on bayesian optimization. Journal of Electronic Science and Technology. 2019; 17(1):26-40.
[34] Liu L, Yin Y, Wu Z, Pan Q, Yue M. LDoS attack detection method based on traffic classification prediction. IET Information Security. 2022; 16(2):86-96.
[35] Ilango HS, Ma M, Su R. A feedforward–convolutional neural network to detect low-rate DOS in IoT. Engineering Applications of Artificial Intelligence. 2022; 114:1-10.