Estimates of the Complexity of Detecting Types of DDOS Attacks


  • Nikolay A. Ignatev
  • Erkin R. Navruzov



DDOS attacks, structure of object relations, latent features, Big Data, hierarchical agglomerative grouping


The problem of substantiating decisions made in the field of information security through estimates of the complexity of detecting types of DDOS attacks is considered. Estimates are a quantitative measure of a particular type of attack relative to normal network operation traffic data in its own feature space. Own space is represented by a set of informative features. To assess the complexity of detecting types of DDOS attacks, a measure of compactness by latent features on the numerical axis was used. The values of this measure were calculated as the product of intraclass similarity and interclass difference. It is shown that compactness in terms of latent features in its own space is higher than in the entire space. The values of latent features were calculated using the method of generalized estimates. According to this method, objects of normal traffic and a specific type of attack are considered as opposition to each other. An informative feature set is the result of an algorithm that uses the rules of hierarchical agglomerative grouping. At the first step, the feature with the maximum weight value is included in the set. The grouping rules apply the feature invariance property to the scales of their measurements. An analysis of the complexity of detection for 12 types of DDOS attacks is given. The power of sets of informative features ranged from 3 to 16.


V. Datla Anurag, A. Ravi, S. Venkata, B. Venkatesh, and R. Kannadasan, “Detection of ddos attacks using machine learning techniques: A hybrid approach,” ICT Systems and Sustainability, p. 439–446, 2020. [Online]. Available:

S. Rezaei and X. Liu, “Deep learning for encrypted traffic classification: An overview,” IEEE Communications Magazine, vol. 57, pp. 76–81, 2019. [Online]. Available:

A. Finamore, M. Mellia, M. Meo, and D. Rossi, “Kiss: Stochastic packet inspection classifier for udp traffic,” IEEE/ACM Transactions on Networking, vol. 18, pp. 1505–1515, 2010. [Online]. Available:

L. Vu, C. Bui, Q. Nguyen, and D. Rossi, “A deep learning based method for handling imbalanced problem in network traffic classification.” December 2017, pp. 333–339. [Online]. Available:

G. Aceto, D. Ciuonzo, A. Montieri, and P. A, “Multi-classification approaches for classifying mobile app traffic,” Journal of Network and Computer Applications, vol. 57, pp. 131–145, 2018. [Online]. Available:

I. Sharafaldin, A. H. Lashkari, and A. A. Ghorbani, “Toward generating a new intrusion detection dataset and intrusion traffic characterization,” 2018, pp. 108–116. [Online]. Available: 10.5220/0006639801080116

A. Agarwal, M. Khari, and R. Singh, “Detection of ddos attack using deep learning model in cloud storage application,” Wireless Personal Communications, 2021. [Online]. Available: 1007/s11277-021-08271-z

D. Jisa and T. Ciza, “Detection of distributed denial of service attacks based on information theoretic approach in time series models journal of information security and applications,” Journal of Information Security and Applications, vol. 55, 2020. [Online]. Available:

S. Gómez, B. Martínez, J. Antonio, and H. Luis, “Ensemble network traffic classification: Algorithm comparison and novel ensemble scheme proposal,” Computer Networks, vol. 127, pp. 131–145, 2017. [Online]. Available:

P. Wang, C. Xuejiao, Y. Feng, and S. Zhixin, “A survey of techniques for mobile service encrypted traffic classification using deep learning,” IEEE Access, vol. 7, pp. 54 024–54 033, 2019. [Online]. Available:

A. B. Petrovsky and V. N. Lobanov, “Multi-criteria choice in the space of high-dimensional features : Paks-m multi-method technology,” Artificial intelligence and decision making, no. 3, pp. 92–104, 2014.

A. B. Petrovsky, “Indicators of similarity and differences of multi-attribute objects in metric spaces of sets and multisets,” Artificial intelligence and decision making, no. 4, pp. 78–94, 2017.

N. Miloslavskaya, A. Tolstoy, and S. Zapechnikov, “Taxonomy for unsecure big data processing in security operations centers,” Aug.22- 24 2016, pp. 154–159. [Online]. Available: W-FiCloud.2016.42

N. Miloslavskaya and A. Makhmudova, “Survey of big data information security,” vol. 8, Aug.22-24 2016, pp. 133–138. [Online]. Available:

S. F. Madrakhimov, K. T. Makharov, and M. Y. Lolayev, “Data preprocessing on input,” AIP Conference Proceedings, vol. 1, no. 16, pp. 29–41, 2021. [Online]. Available:

B. Naveen and S. Manu, “Evaluating the impact of feature selection methods on the performance of the machine learning models in detecting ddos attacks,” Romanian journal of information science and technology, vol. 23, no. 3, p. 250 – 261, 2020.

I. Sharafaldin, A. H. Lashkari, H. Saqib, and A. Ghorban, “Developing realistic distributed denial of service (ddos) attack dataset and taxonomy,” in In Proceedings of the 2019 International Carnahan Conference on Security Technology (ICCST). IEEE, Oct. 1-3, pp. 1–8. [Online]. Available:

S. E. Mahmoud, L. Nhien-An, D. Soumyabrata, and D. J. Anca, “Ddosnet: A deep-learning model for detecting network attacks,” in 2020 IEEE 21st International Symposium on "A World of Wireless, Mobile and Multimedia Networks" (WoWMoM). IEEE, 31 Aug.-3 Sept. 2020, pp. 1–8. [Online]. Available: 00072

M. S. Yin, P. A. Pye, and S. H. Aye, “A slow ddos attack detection mechanism using feature weighing and rankingn,” Proceedings of the 11th Annual International Conference on Industrial Engineering and Operations Management Singapore, pp. 4500–4509, March. 7-11, 2021.

A. H. Lashkari, D. G. Gerard, M. M. Mamun, and A. A. Ghorbani, “Characterization of tor traffic using time based features,” 2017, pp. 253–262. [Online]. Available:

N. A. Ignatiev, “On nonlinear transformations of features based on the functions of objects belonging to classes,” Pattern Recognition and Image Analysist, vol. 2, no. 31, pp. 197–204, June 30 2021. [Online]. Available:

P. N. Matheus, F. C. Luiz, L. Jaime, and L. P. Mario, “Long shortterm memory and fuzzy logic for anomaly detection and mitigation in software-defined network environment,” 2020, pp. 83 765–83 781. [Online]. Available:

E. N. Zguralskaya, “Sustainability of dividing data in intervals in the problems of recognition and searching for hidden laws,” Proceedings of the Samara Scientific Center Russian Academy of Sciences, vol. 3, no. 4, pp. 451–455, 2018.

N. Miloslavskaya, “Information security management in socs and sics,” Journal of Intelligent Fussy Systems. - IOS Press (Netherlands), vol. 35, no. 3, pp. 2637–2647, 2018. [Online]. Available: https: //

N. A. Ignatyev and M. A. Rakhimova, “Formation and analysis of sets of informative features of objects by pairs of classes,” Artificial intelligence and decision making, no. 4, pp. 18 – 26, 2021. [Online]. Available:

N. G. Zagoruiko, I. A. Borisova, and O. A. Kutnenko, “Constructing a concise description of data using the competitive similarity function,” Siberian Journal of Industrial Mathematics, vol. 1, no. 16, pp. 29–41, 2013.

N. A. Ignatiev, “Structure choice for relations between objects in metric classification algorithms,” Pattern Recognition and Image Analysist, vol. 28, no. 4, pp. 695–702, 2018. [Online]. Available:

“Ddos evaluation dataset (cic-ddos2019),” 2018. [Online]. Available:




How to Cite

Ignatev, N. A., & Navruzov, E. R. (2022). Estimates of the Complexity of Detecting Types of DDOS Attacks. International Journal of Computing, 21(4), 443-449.