Enhancing DDoS Attacks Detection using Machine Learning Algorithms with Feature Selection based on Mutual Information | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Enhancing DDoS Attacks Detection using Machine Learning Algorithms with Feature Selection based on Mutual Information MAZIGHI Abdellah Author, Lahoucine BALLIHI Author, Ghizlane ORHANOU Author This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-7198289/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Distributed Denial of Service attacks are very frequent and dangerous since they are mainly designed for blocking or restricting services delivered by networks or computers to the users. They constitute a significant threat to internet services and can have disastrous consequences on websites, web applications or information systems availability, often leading to closures. Because of their ability to be started remotely and reflected by legitimated users on networks, it is usually impossible for victims to detect or to prevent them. Furthermore, these attacks are increasing with a dizzying speed quantitatively and qualitatively. That's why the need for powerful and efficient intrusion detection systems is of vital importance. Usually, traditional DDoS detection systems need to adapt to evolving attackers strategies and deal with imbalanced data distributions. Consequently, these challenges often lead to reduced performances of the IDSs. In the present paper, we have made a deep analysis of the CICDDoS2019 dataset and applied some Machine Learning techniques combined with feature selection based on Mutual Information whith the aim of improving DDoS attacks detection.After the pre-processing step, we have proved by experiments implementations the positive effects of feature selection with Mutual Information on DDoS attacks detection performances. We have used four (4) machine learning algorithms (Decision Tree (DT), Extra Trees (ET), Random Forest (RF) and XGBoost (XGB)) on the CICDDoS2019 for DDoS attacks detection. We dealt with the high dimensionality of the dataset by the feature selection with Mutual Information aiming to improve execution time and other detection performance criteria. Finally, we concluded by analyzing our experimental results and propose some future works. CICDDoS-2019 DDoS attack intrusion detection DDos detection Machine learning Feature selection Mutual Information. Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-7198289","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":498412718,"identity":"06da7494-a546-4f4b-b12f-f2027fe7dbca","order_by":0,"name":"MAZIGHI Abdellah Author","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA6UlEQVRIiWNgGAWjYJCCA4wNEgwGDAmMD4AcHj5StDAbgLSwEWUNYwMDSAubBIhDUItu+/GHB7/usJA3Z08+Vvk1x06GjYH54aMbeLSYnUlIOCx7RsJwZ8+ztNuy25KBDmMzNs7Bp+VAwoHDkm0SjBtu5JjdltzGDNTCwyaNV8v5hw0gLfYbbuR/K5bcVk+ElhvJDAc/tkkkAm1hY/y47TAxWp4xHGZsk0gG+sVYmnHbcR42ZkJ+OZ/++OPPtjrb7ezJDz/+3FZtz8/e/PAxPi0gwMyDwmAmoBwEGH+gM0bBKBgFo2AUIAMARvxN99MjYQoAAAAASUVORK5CYII=","orcid":"","institution":"Mohammed V University","correspondingAuthor":true,"prefix":"","firstName":"MAZIGHI","middleName":"Abdellah","lastName":"Author","suffix":""},{"id":498412720,"identity":"6ac87821-42cd-457b-a565-4257967ee70e","order_by":1,"name":"Lahoucine BALLIHI Author","email":"","orcid":"","institution":"Mohammed V University","correspondingAuthor":false,"prefix":"","firstName":"Lahoucine","middleName":"BALLIHI","lastName":"Author","suffix":""},{"id":498412723,"identity":"959e4cf4-fb3d-4615-a1c4-db55706f9cae","order_by":2,"name":"Ghizlane ORHANOU Author","email":"","orcid":"","institution":"Mohammed V University","correspondingAuthor":false,"prefix":"","firstName":"Ghizlane","middleName":"ORHANOU","lastName":"Author","suffix":""}],"badges":[],"createdAt":"2025-07-23 16:08:11","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-7198289/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-7198289/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":89064484,"identity":"573a878f-4477-473e-a817-a70813fded61","added_by":"auto","created_at":"2025-08-14 10:27:50","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1046703,"visible":true,"origin":"","legend":"","description":"","filename":"MazighiEurazipJIS2025.pdf","url":"https://assets-eu.researchsquare.com/files/rs-7198289/v1_covered_ae30bcee-f03b-42d3-990a-4ecd62b18da6.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Enhancing DDoS Attacks Detection using Machine Learning Algorithms with Feature Selection based on Mutual Information","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"CICDDoS-2019, DDoS attack, intrusion detection, DDos detection, Machine learning, Feature selection, Mutual Information.","lastPublishedDoi":"10.21203/rs.3.rs-7198289/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-7198289/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eDistributed Denial of Service attacks are very frequent and dangerous since they are mainly designed for blocking or restricting services delivered by networks or computers to the users. They constitute a significant threat to internet services and can have disastrous consequences on websites, web applications or information systems availability, often leading to closures. Because of their ability to be started remotely and reflected by legitimated users on networks, it is usually impossible for victims to detect or to prevent them. Furthermore, these attacks are increasing with a dizzying speed quantitatively and qualitatively. That's why the need for powerful and efficient intrusion detection systems is of vital importance. Usually, traditional DDoS detection systems need to adapt to evolving attackers strategies and deal with imbalanced data distributions. Consequently, these challenges often lead to reduced performances of the IDSs. In the present paper, we have made a deep analysis of the CICDDoS2019 dataset and applied some Machine Learning techniques combined with feature selection based on Mutual Information whith the aim of improving DDoS attacks detection.After the pre-processing step, we have proved by experiments implementations the positive effects of feature selection with Mutual Information on DDoS attacks detection performances. We have used four (4) machine learning algorithms (Decision Tree (DT), Extra Trees (ET), Random Forest (RF) and XGBoost (XGB)) on the CICDDoS2019 for DDoS attacks detection. We dealt with the high dimensionality of the dataset by the feature selection with Mutual Information aiming to improve execution time and other detection performance criteria. Finally, we concluded by analyzing our experimental results and propose some future works.\u003c/p\u003e","manuscriptTitle":"Enhancing DDoS Attacks Detection using Machine Learning Algorithms with Feature Selection based on Mutual Information","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-08-11 05:34:28","doi":"10.21203/rs.3.rs-7198289/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"6f3d6f97-4ddb-4a3a-a340-d1806a8cb6e5","owner":[],"postedDate":"August 11th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[],"tags":[],"updatedAt":"2025-08-13T22:38:15+00:00","versionOfRecord":[],"versionCreatedAt":"2025-08-11 05:34:28","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-7198289","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-7198289","identity":"rs-7198289","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.