Information Gain-Based Feature Selection and Machine Learning Classification for DDoS Attack Variant Detection in Cloud Computing Environment

Authors

  • Eko Arip Winanto Department of Computer Engineering, Faculty of Computer Science, Universitas Dinamika Bangsa, Jambi, Indonesia
  • Kurniabudi Department of Information Systems, Faculty of Computer Science, Universitas Dinamika Bangsa, Jambi, Indonesia
  • Sharipuddin Department of Information Systems, Faculty of Computer Science, Universitas Dinamika Bangsa, Jambi, Indonesia
  • Denia Igesti Nur Mellyati Department of Information Systems, Faculty of Computer Science, Universitas Dinamika Bangsa, Jambi, Indonesia

DOI:

https://doi.org/10.52436/1.jutif.2026.7.3.5752

Keywords:

Cloud Computing, DDoS Attack Detection, Feature Selection, Information Gain, Machine Learning

Abstract

Cloud computing environments face significant security vulnerabilities from Distributed Denial of Service (DDoS) attacks, which can cause system failures and service disruptions. Despite various existing detection methods, challenges remain regarding high computational overhead and suboptimal accuracy due to redundant features in complex datasets. This study aims to identify the optimal feature subset and evaluate its impact on detection performance across multiple machine learning algorithms for multi-class DDoS variants. The research methodology employs a two-stage approach: feature selection using Information Gain (IG) to reduce 47 original features into subsets of 8, 10, 15, and 20, followed by classification using Decision Tree (DT), Random Forest (RF), and Naïve Bayes (NB) on the CICIoT2023 dataset. Experimental results demonstrate that the Decision Tree model with an optimized subset of only 8 features, primarily Inter-Arrival Time (IAT), Header_Length, and Tot_size, achieves a superior accuracy of 99.97%. While Naïve Bayes performs well in binary classification, its accuracy drops significantly to approximately 30% in multiclass settings. This study concludes that IG-based feature selection reduces computational complexity by 30-40% while maintaining high performance across 12 DDoS variants. These findings provide a practical framework for scalable and efficient intrusion detection systems suitable for real-time deployment in resource-constrained IoT-cloud environments.

Downloads

Download data is not yet available.

References

P. Borra, “An overview of cloud computing and leading cloud service providers,” Int. J. Comput. Eng. Technol. Vol., vol. 15, pp. 122–133, 2024.

M. A. Omer, A. A. Yazdeen, H. S. Malallah, and L. M. Abdulrahman, “A Survey on Cloud Security: Concepts, Types, Limitations, and Challenges,” J. Appl. Sci. Technol. Trends, vol. 3, no. 02, pp. 47–57, Dec. 2022, doi: 10.38094/jastt301137.

S. Shamkura, “The Impact of Cloud Elasticity and Pay as You Go Pricing on Financial Risk and Cost Optimization for Variable Workloads,” J. Multidiscip., vol. 5, no. 7, pp. 56–65, 2025.

A. Mahida, “Comprehensive review on optimizing resource allocation in cloud computing for cost efficiency,” J. Artif. Intell. & Cloud Comput. SRC/JAICC-249. DOI doi. org/10.47363/JAICC/2022, vol. 232, pp. 2–4, 2022.

A. Sharma, S. Reddy, P. S. Patwal, D. Gowda, and others, “Data analytics and cloud-based platform for internet of things applications in smart cities,” in 2022 International Conference on Industry 4.0 Technology (I4Tech), 2022, pp. 1–6.

M. Almutairi and F. T. Sheldon, “IoT--cloud integration security: A survey of challenges, solutions, and directions,” Electronics, vol. 14, no. 7, p. 1394, 2025.

A. Bhardwaj, V. Mangat, R. Vig, S. Halder, and M. Conti, “Distributed denial of service attacks in cloud: State-of-the-art of scientific and commercial solutions,” Computer Science Review, vol. 39. Elsevier Ireland Ltd, Feb. 01, 2021. doi: 10.1016/j.cosrev.2020.100332.

P. Verma, N. Bharot, J. G. Breslin, M. Sharma, N. Chaurasia, and A. Vidyarthi, “Uncovering collateral damages and advanced defense strategies in cloud environments against DDoS attacks: A comprehensive review,” Trans. Emerg. Telecommun. Technol., vol. 35, no. 4, p. e4934, 2024.

Z. R. Alashhab, M. Anbar, M. M. Singh, I. H. Hasbullah, P. Jain, and T. A. Al-Amiedy, “Distributed Denial of Service Attacks against Cloud Computing Environment: Survey, Issues, Challenges and Coherent Taxonomy,” Applied Sciences (Switzerland), vol. 12, no. 23. MDPI, Dec. 01, 2022. doi: 10.3390/app122312441.

L. Poonia and S. Tinker, “A comprehensive analysis of the types, impacts, prevention, and mitigation of DDoS attacks,” Recent Patents Eng., vol. 19, no. 9, p. E18722121322166, 2025.

S. Basuli and M. Padhya, “Botnet-Based DDoS Attack: Automatic Detection, Mitigation, and Real-Time Traffic Filtering in Cloud Environments,” in International Conference on Advanced Network Technologies and Intelligent Computing, 2024, pp. 140–161.

A. Odeh, A. Aboshgifa, and N. Belhaj, “Mitigating DDoS attacks in cloud computing environments: Challenges and strategies,” in 2023 International Conference on Electrical, Computer and Energy Technologies (ICECET), 2023, pp. 1–4.

M. Agoramoorthy, A. Ali, D. Sujatha, M. R. T. F, and G. Ramesh, “An Analysis of Signature-Based Components in Hybrid Intrusion Detection Systems,” in 2023 Intelligent Computing and Control for Engineering and Business Systems (ICCEBS), 2023, pp. 1–5. doi: 10.1109/ICCEBS58601.2023.10449209.

S. Balasubramaniam et al., “Optimization enabled deep learning-based DDoS attack detection in cloud computing,” Int. J. Intell. Syst., vol. 2023, no. 1, p. 2039217, 2023.

Y. Sanjalawe and T. Althobaiti, “DDoS Attack Detection in Cloud Computing Based on Ensemble Feature Selection and Deep Learning,” Comput. Mater. & Contin., vol. 75, no. 2, 2023.

E. S. GSR, R. Ganeshan, I. D. J. Jingle, and J. P. Ananth, “FACVO-DNFN: Deep learning-based feature fusion and Distributed Denial of Service attack detection in cloud computing,” Knowledge-Based Syst., vol. 261, p. 110132, 2023.

A. Berguiga, A. Harchay, and A. Massaoudi, “HIDS-IoMT: A Deep Learning-Based Intelligent Intrusion Detection System for the Internet of Medical Things,” IEEE Access, vol. 13, pp. 32863–32882, 2025, doi: 10.1109/ACCESS.2025.3543127.

A. H. Halbouni, T. S. Gunawan, M. Halbouni, F. A. A. Assaig, M. R. Effendi, and N. Ismail, “CNN-IDS: Convolutional neural network for network intrusion detection system,” in 2022 8th International Conference on Wireless and Telematics (ICWT), 2022, pp. 1–4.

E. U. H. Qazi, M. H. Faheem, and T. Zia, “HDLNIDS: a hybrid deep-learning-based network intrusion detection system,” Appl. Sci., vol. 13, no. 8, p. 4921, 2023.

V. Sharma, A. Rai, Y. Dixit, Y. Tomar, R. Rai, and T. Sharma, “Interpretable Deep Learning Framework for Anomaly Detection in High-Dimensional Network Traffic Data,” Reconstruction, vol. 26, no. 30, p. 40.

C. Kavitha, S. M, T. R. Gadekallu, N. K, B. P. Kavin, and W.-C. Lai, “Filter-based ensemble feature selection and deep learning model for intrusion detection in cloud computing,” Electronics, vol. 12, no. 3, p. 556, 2023.

G. N. Tikhe and P. S. Patheja, “A wrapper feature selection based hybrid deep learning model for DDoS detection in a network with NFV behaviors,” Wirel. Pers. Commun., vol. 133, no. 1, pp. 481–506, 2023.

S. V. Dicholkar and J. H. Nirmal, “DoS Attack Detection Using Feature Selection with Information Gain and ML Classification,” in 2024 Second International Conference on Advances in Information Technology (ICAIT), 2024, pp. 1–6.

M. Alduailij, Q. W. Khan, M. Tahir, M. Sardaraz, M. Alduailij, and F. Malik, “Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method,” Symmetry (Basel), vol. 14, no. 6, pp. 1–15, 2022, doi: 10.3390/sym14061095.

A. A. Elshweikh, A. M. Maher, M. Hussein, and A. D. Elbayoumy, “Intrusion Detection System for IoT Using CICloT2023 Dataset,” in 2024 6th Novel Intelligent and Leading Emerging Sciences Conference (NILES), 2024, pp. 512–516.

E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, “CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment,” Sensors, vol. 23, no. 13, 2023, doi: 10.3390/s23135941.

W. A. H. Salman and C. H. Yong, “Overview of the CICIoT2023 Dataset for Internet of Things Intrusion Detection Systems,” Mesopotamian J. Big Data, vol. 2025, pp. 50–60, 2025, doi: 10.58496/MJBD/2025/004.

A. M. Al-Ghamdi and M. M. Alansari, “Enhancing IoT Security: A Comparative Study of CNN and RNN-Based Anomaly Detection Using the CICIoT2023 Dataset,” IAENG Int. J. Comput. Sci., vol. 52, no. 5, 2025.

E. Halabaku and E. Bytyçi, “Overfitting in Machine Learning: A Comparative Analysis of Decision Trees and Random Forests,” Intell. Autom. & Soft Comput., vol. 39, no. 6, 2024.

J. Zhang, “A Random Forest-Based Approach for Cybersecurity Attack Detection,” J. Next Comput., vol. 1, no. 1, pp. 1–12, 2025.

K. H. Le, M. H. Nguyen, T. D. Tran, and N. D. Tran, “IMIDS: An Intelligent Intrusion Detection System against Cyber Threats in IoT,” Electron., vol. 11, no. 4, pp. 1–16, 2022, doi: 10.3390/electronics11040524.

S. H. Mohammed et al., “A review on the evaluation of feature selection using machine learning for cyber-attack detection in smart grid,” IEEE Access, vol. 12, pp. 44023–44042, 2024.

N. Hasdyna and R. K. Dinata, “A hybrid optimization of supervised learning models using information gain-based feature selection,” Int. J. Comput., vol. 24, no. 1, pp. 178–189, 2025.

M. R. Islam, A. A. Lima, S. C. Das, M. F. Mridha, A. R. Prodeep, and Y. Watanobe, “A comprehensive survey on the process, methods, evaluation, and challenges of feature selection,” IEEE Access, vol. 10, pp. 99595–99632, 2022.

N. Uddamari and P. Sammulal, “Ensemble-Based Network Anomaly Detection Using RFE and Information Gain for Optimized Feature Selection,” Informatica, vol. 49, no. 10, 2025.

A. S. Afolabi and O. A. Akinola, “Network intrusion detection using knapsack optimization, mutual information gain, and machine learning,” J. Electr. Comput. Eng., vol. 2024, no. 1, p. 7302909, 2024.

R. Tekin, O. Yaman, and T. Tuncer, “Decision Tree Based Intrusion Detection Method in the Internet of Things,” Int. J. Innov. Eng. Appl., vol. 6, no. 1, pp. 17–23, 2022.

Z. Sun, G. Wang, P. Li, H. Wang, M. Zhang, and X. Liang, “An improved random forest based on the classification accuracy and correlation measurement of decision trees,” Expert Syst. Appl., vol. 237, p. 121549, 2024.

H. A. Salman, A. Kalakech, and A. Steiti, “Random Forest Algorithm Overview,” Babylonian J. Mach. Learn., vol. 2024, pp. 69–79, 2024, doi: 10.58496/BJML/2024/007.

M. Alduailij, Q. W. Khan, M. Tahir, M. Sardaraz, M. Alduailij, and F. Malik, “Machine-learning-based DDoS attack detection using mutual information and random forest feature importance method,” Symmetry (Basel), vol. 14, no. 6, p. 1095, 2022.

A. Abbas, M. A. Khan, S. Latif, M. Ajaz, A. A. Shah, and J. Ahmad, “A New Ensemble-Based Intrusion Detection System for Internet of Things,” Arab. J. Sci. Eng., vol. 47, no. 2, pp. 1805–1819, Feb. 2022, doi: 10.1007/s13369-021-06086-5.

N. Konyrbaev et al., “Evaluation and Optimization of The Naive Bayes Algorithm For Intrusion Detection Systems Using The USB-IDS-1 Dataset,” Eastern-European J. Enterp. Technol., vol. 132, no. 2, 2024.

S. Naiem, A. E. Khedr, A. M. Idrees, and M. I. Marie, “Enhancing the efficiency of Gaussian Naive Bayes machine learning classifier in the detection of DDOS in cloud computing,” IEEE Access, vol. 11, pp. 124597–124608, 2023.

Additional Files

Published

2026-06-15

How to Cite

[1]
E. A. . Winanto, K. Kurniabudi, S. Sharipuddin, and D. I. N. . Mellyati, “Information Gain-Based Feature Selection and Machine Learning Classification for DDoS Attack Variant Detection in Cloud Computing Environment”, J. Tek. Inform. (JUTIF), vol. 7, no. 3, pp. 2994–3011, Jun. 2026.

Issue

Vol. 7 No. 3 (2026): JUTIF Volume 7, Number 3, June 2026

Section

Articles

License

Copyright (c) 2026 Eko Arip Winanto, Kurniabudi, Sharipuddin, Denia Igesti Nur Mellyati

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.