Feature Selection based on Mutual Information and Machine Learning for DDoS Attacks Detection

MAZIGHI Abdellah; Lahoucine BALLIHI; Ghizlane ORHANOU

doi:https://doi.org/10.14445/22315381/IJETT-V74I5P129

Research Article | Open Access | Download PDF

Volume 74 | Issue 5 | Year 2026 | Article Id. IJETT-V74I5P129 | DOI : https://doi.org/10.14445/22315381/IJETT-V74I5P129

Feature Selection based on Mutual Information and Machine Learning for DDoS Attacks Detection

MAZIGHI Abdellah, Lahoucine BALLIHI, Ghizlane ORHANOU

Received	Revised	Accepted	Published
05 Dec 2025	02 Mar 2026	28 Mar 2026	30 May 2026

Citation :

MAZIGHI Abdellah, Lahoucine BALLIHI, Ghizlane ORHANOU, "Feature Selection based on Mutual Information and Machine Learning for DDoS Attacks Detection," International Journal of Engineering Trends and Technology (IJETT), vol. 74, no. 5, pp. 458-483, 2026. Crossref, https://doi.org/10.14445/22315381/IJETT-V74I5P129

Abstract

Because of the dizzying increase of Distributed Denial of Service attacks (DDoS) all over the world and despite all the progress made in the field of the development of Intrusion Detection Systems (IDSs), there are still advances to be made in this area, particularly through the use of machine learning techniques. In the present paper, our main objective is to improve DDoS attacks detection by the use of Machine Learning techniques combined with feature selection based on Mutual Information. After the pre-processing step, we have proved by experiments on a recent large public dataset the positive effects of feature selection with Mutual Information on DDoS attacks detection performances. (Complexity, Resource consumption, Execution times and incorrectly classified). We dealt with high dimensionality of the dataset by feature selection with Mutual Information. Performance is evaluated by the use of relevant metrics such as accuracy, precision, recall, and F1-score. Finally, we conclude by analyzing our experimental results and propose some future works.

Keywords

CICDDoS-2019, DDoS attack, Intrusion detection, DDos detection, Machine Learning, Feature selection, Mutual Information.

References

[1] “Cisco 2018 Annual Cybersecurity Report,” Technical Report, Technical Report by Cisco systems, 2018.
[Publisher Link]

[2] Statista - The Statistics Portal, Statista, 2020. [Online]. Available: www.statista.com.

[3] Muhammad Ashfaq Khan, “HCRNNIDS: Hybrid Convolutional Recurrent Neural Network-Based Network Intrusion Detection System,” Processes, vol. 9, no. 5, pp. 1-14, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[4] Yuanyuan Wei et al., “AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification,” IEEE Access, vol. 9, pp. 146810-146821, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[5] Mona Alduailij et al., “Machine-Learning-Based DDoS Attack Detection Using Mutual Information and Random Forest Feature Importance Method,” Symmetry, vol. 14, no. 6, pp. 1-15, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[6] Swathi Sambangi, and Lakshmeeswari Gondi, “A Machine Learning Approach for DDoS (Distributed Denial of Service) Attack Detection Using Multiple Linear Regression,” Proceedings, vol. 63, no. 1, pp. 1-12, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[7] Tasnuva Mahjabin et al., “A Survey of Distributed Denial-of-Service Attack, Prevention, and Mitigation Techniques,” International Journal of Distributed Sensor Networks, vol. 13, no. 12, pp. 1-33, 2017.
[CrossRef] [Google Scholar] [Publisher Link]

[8] Rutika S. Chaudhari, and Girish Talmale, “A Review on Detection Approaches for Distributed Denial of Service Attacks,” 2019 International Conference on Intelligent Sustainable Systems (ICISS), Palladam, India, pp. 323-327, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[9] Muhammad Naveed et al., “A Deep Learning-Based Framework for Feature Extraction and Classification of Intrusion Detection in Networks,” Wireless Communications and Mobile Computing, vol. 2022, no. 1, pp. 1-11, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[10] Ziadoon Kamil Maseer et al., “Benchmarking of Machine Learning for Anomaly Based Intrusion Detection Systems in the CICIDS2017 Dataset,” IEEE Access, vol. 9, pp. 22351-22370, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[11] Lirim Ashiku, and Cihan Dagli, “Network Intrusion Detection System Using Deep Learning,” Procedia Computer Science, vol. 185, pp. 239-247, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[12] Zahra Jadidi et al., “Flow-Based Anomaly Detection Using Neural Network Optimized with GSA Algorithm,” 2013 IEEE 33rd International Conference on Distributed Computing Systems Workshops, Philadelphia, PA, USA, pp. 76-81, 2013.
[CrossRef] [Google Scholar] [Publisher Link]

[13] Ansam Khraisat et al., “Survey of Intrusion Detection Systems: Techniques, Datasets and Challenges,” Cybersecurity, vol. 2, no. 1, pp. 1-22, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[14] Bo Sun et al., “Intrusion Detection Techniques in Mobile Ad Hoc and Wireless Sensor Networks,” IEEE Wireless Communications, vol. 14, no. 5, pp. 56-63, 2007.

[CrossRef] [Google Scholar] [Publisher Link]

[15] Youssef Regragui et al., “Impact Evaluation of Feature Selection Algorithms on Machine Learning-Based Intrusion Detection,” 2024 11th International Conference on Wireless Networks and Mobile Communications (WINCOM), Leeds, United Kingdom, pp. 1-6, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[16] Xuan-Ha Nguyen, and Kim-Hung Le, “Robust Detection of Unknown DoS/DDoS Attacks in IoT Networks Using a Hybrid Learning Model,” Internet of Things, vol. 23, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[17] Ansam Khraisat, and Ammar Alazab, “A Critical Review of Intrusion Detection Systems in the Internet of Things: Techniques, Deployment Strategy, Validation Strategy, Attacks, Public Datasets and Challenges,” Cybersecurity, vol. 4, no. 1, pp. 1-27, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[18] Yi Xie, and Shun-Zheng Yu, “A Large-Scale Hidden Semi-Markov Model for Anomaly Detection on User Browsing Behaviors,” IEEE/ACM Transactions on Networking, vol. 17, no. 1, pp. 54-65, 2009.
[CrossRef] [Google Scholar] [Publisher Link]

[19] Ognjen Joldzic, Zoran Djuric, and Pavle Vuletic, “A Transparent and Scalable Anomaly-Based DoS Detection Method,” Computer Networks, vol. 104, pp. 27-42, 2016.
[CrossRef] [Google Scholar] [Publisher Link]

[20] Maulik Gohil, and Sathish Kumar, “Evaluation of Classification Algorithms for Distributed Denial of Service Attack Detection,” 2020 IEEE Third International Conference on Artificial Intelligence and Knowledge Engineering (AIKE), Laguna Hills, CA, USA, pp. 138-141, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[21] Julius Jow, Yang Xiao, and Wenlin Han, “A Survey of Intrusion Detection Systems in Smart Grid,” International Journal of Sensor Networks, vol. 23, no. 3, pp. 170-186, 2017.
[CrossRef] [Google Scholar] [Publisher Link]

[22] Elijah M. Maseno, Zenghui Wang, and Hongyan Xing, “A Systematic Review on Hybrid Intrusion Detection System,” Security and Communication Networks, vol. 2022, no. 1, pp. 1-23, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[23] Sulaiman Alhaidari, and Mohamed Zohdy, “Hybrid Learning Approach of Combining Cluster-Based Partitioning and Hidden Markov Model for IoT Intrusion Detection,” Proceedings of the 2019 3^rd International Conference on Information System and Data Mining, pp. 27-31, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[24] B. Geluvaraj, P. M. Satwik, and T. A. Ashok Kumar et al., “The Future of Cybersecurity: Major Role of Artificial Intelligence, Machine Learning, and Deep Learning in Cyberspace,” International Conference on Computer Networks and Communication Technologies: ICCNCT 2018, Singapore, pp. 739-747, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[25] Bilgehan Arslan, Sedef Gunduz, and Seref Sagiroglu, “A Review on Mobile Threats and Machine Learning Based Detection Approaches,” 2016 4^th International Symposium on Digital Forensic and Security (ISDFS), Little Rock, AR, USA, pp. 7-13, 2016.
[CrossRef] [Google Scholar] [Publisher Link]

[26] Kamran Shaukat et al., “A Survey on Machine Learning Techniques for Cyber Security in the Last Decade,” IEEE Access, vol. 8, pp. 222310-222354, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[27] Mouhammd Al-Kasassbeh et al., “Feature Selection Using a Machine Learning to Classify a Malware,” Handbook of Computer Networks and Cyber Security: Principles and Paradigms, pp. 889-904, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[28] Kahraman Kostas, “Anomaly Detection in Networks Using Machine Learning,” Research Proposal, vol. 23, pp. 1-70, 2018.
[Google Scholar]

[29] Tamara Zhukabayeva et al., “Enhancing IoT Security: Effective Botnet Attack Detection through Machine Learning,” Procedia Computer Science, vol. 241, pp. 421-426, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[30] Abdussalam Ahmed Alashhab et al., “Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model,” IEEE Access, vol. 12, pp. 51630-51649, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[31] Akindele S. Afolabi, and Olubunmi A. Akinola, “Network Intrusion Detection Using Knapsack Optimization, Mutual Information Gain, and Machine Learning,” Journal of Electrical and Computer Engineering, vol. 2024, no. 1, pp. 1-21, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[32] Abdussalam Ahmed Alashhab et al., “Ensemble Based Detection Model for DDoS Attacks in SDNs Using Advanced Feature Selection,” 2024 17^th International Conference on Signal Processing and Communication System (ICSPCS), Surfers Paradise, Australia, pp. 1-5, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[33] Ahmed Mohamed Salama, Mohamed AbdElAzim Mohamed, and Eman AbdElhalim, “Enhancing Network Security in IoT Applications through DDoS Attack Detection Using ML,” Mansoura Engineering Journal, vol. 49, no. 3, pp. 1-21, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[34] Yongqiang Shang, “Prevention and Detection of DDoS Attack in Virtual Cloud Computing Environment Using Naive Bayes Algorithm of Machine Learning,” Measurement: Sensors, vol. 31, pp. 1-9, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[35] Md. Alamgir Hossain, and Md. Saiful Islam, “Enhancing DDoS Attack Detection with Hybrid Feature Selection and Ensemble-Based Classifier: A Promising Solution for Robust Cybersecurity,” Measurement: Sensors, vol. 32, pp. 1-12, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[36] Dyari Mohammed Sharif, and Hakem Beitollahi, “Detection of Application-Layer DDoS Attacks Using Machine Learning and Genetic Algorithms,” Computers & Security, vol. 135, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[37] Siriporn Chimphlee, and Witcha Chimphlee, “Machine Learning to Improve the Performance of Anomaly-Based Network Intrusion Detection in Big Data,” Indonesian Journal of Electrical Engineering and Computer Science, vol. 30, no. 2, pp. 1106-1119, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[38] Mohammad Najafimehr, Sajjad Zarifzadeh, and Seyedakbar Mostafavi, “DDoS Attacks and Machine-Learning-Based Detection Methods: A Survey and Taxonomy,” Engineering Reports, vol. 5, no. 12, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[39] Mohamed Riadh Kadri et al., “Survey and Classification of Dos and DDos Attack Detection and Validation Approaches for IoT Environments,” Internet of Things, vol. 25, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[40] Erick Odhiambo Omuya, George Okeyo, and Michael Kimwele, “Sentiment Analysis on Social Media Tweets Using Dimensionality Reduction and Natural Language Processing,” Engineering Reports, vol. 5, no. 3, pp. 1-14, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[41] Swathi Sambangi Lakshmeeswari Gondi, and Shadi Aljawarneh, “A Feature Similarity Machine Learning Model for DDoS Attack Detection in Modern Network Environments for Industry 4.0,” Computers and Electrical Engineering, vol. 100, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[42] Erick Odhiambo Omuya, George Onyango Okeyo, and Michael Waema Kimwele, “Feature Selection for Classification Using Principal Component Analysis and Information Gain,” Expert Systems with Applications, vol. 174, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[43] Anaahat Dhindsa et al., “An Improvised Machine Learning Model Based on Mutual Information Feature Selection Approach for Microbes Classification,” Entropy, vol. 23, no. 2, pp. 1-15, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[44] Md Al-Imran, and Shamim H. Ripon, “Network Intrusion Detection: An Analytical Assessment Using Deep Learning and State-of-the-Art Machine Learning Models,” International Journal of Computational Intelligence Systems, vol. 14, no. 1, pp. 1-20, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[45] Mohammed Al-Sarem et al., “An Aggregated Mutual Information Based Feature Selection with Machine Learning Methods for Enhancing IoT Botnet Attack Detection,” Sensors, vol. 22, no. 1, pp. 1-20, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[46] Majid Torabi et al., “A Review on Feature Selection and Ensemble Techniques for Intrusion Detection System,” International Journal of Advanced Computer Science and Applications, vol. 12, no. 5, pp. 538-553, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[47] Iman Sharafaldin, Arash Habibi Lashkari, and Ali A. Ghorbani, “Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization,” In Proceedings of the 4^th International Conference on Information Systems Security and Privacy ICISSP, Funchal, Madeira, Portugal, vol. 1, pp. 108-116, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[48] Arash Habibi Lashkari et al., “Characterization of Tor Traffic Using Time Based Features,” In Proceedings of the 3^rd International Conference on Information Systems Security and Privacy ICISSP, Porto, Portugal, vol. 1, pp. 253-262, 2017.
[CrossRef] [Google Scholar] [Publisher Link]

[49] Mehmud Abliz, “Internet Denial of Service Attacks and Defense Mechanisms,” Technical Report, University of Pittsburgh, pp. 1-50, 2011.
[Google Scholar]

[50] Alvin Huseinović et al., “A Survey of Denial-of-Service Attacks and Solutions in the Smart Grid,” IEEE Access, vol. 8, pp. 177447-177470, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[51] Monowar H. Bhuyan, D. K. Bhattacharyya, and Jugal K. Kalita, “An Empirical Evaluation of Information Metrics for Low-Rate and High-Rate DDoS Attack Detection,” Pattern Recognition Letters, vol. 51, pp. 1-7, 2015.
[CrossRef] [Google Scholar] [Publisher Link]

[52] Abebe Abeshu Diro, and Naveen Chilamkurti, “Distributed Attack Detection Scheme Using Deep Learning Approach for Internet of Things,” Future Generation Computer Systems, vol. 82, pp. 761-768, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[53] Omer Yoachimik, and Jorge Pacheco, DDoS Threat Report for 2023 Q4, Cloudflare, 2023. [Online]. Available: https://blog.cloudflare.com/ddos-threat-report-2023-q4/

[54] Rocky K. C. Chang, “Defending against Flooding-Based Distributed Denial-of-Service Attacks: A Tutorial,” IEEE Communications Magazine, vol. 40, no. 10, pp. 42-51, 2002.
[CrossRef] [Google Scholar] [Publisher Link]

[55] Mohammad Masdari, and Marzie Jalali, “A Survey and Taxonomy of DoS Attacks in Cloud Computing,” Security and Communication Networks, vol. 9, no. 16, pp. 3724-3751, 2016.
[CrossRef] [Google Scholar] [Publisher Link]

[56] Clément Boin et al., “Scale Matters: A Comparative Study of Datasets for DDoS Attack Detection in CSP Infrastructure,” 2023 IEEE 12^th International Conference on Cloud Networking (CloudNet), Hoboken, NJ, USA, pp. 27-35, 2023.
[CrossRef] [Google Scholar] [Publisher Link]

[57] Clément Boin et al., “One Year of DDoS Attacks against a Cloud Provider: An Overview,” 2022 4^th International Conference on Advances in Computer Technology, Information Science and Communications (CTISC), Suzhou, China, pp. 1-5, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[58] Kameswari Kotapati et al., “A Taxonomy of Cyber Attacks on 3G Networks,” International Conference on Intelligence and Security Informatics, pp. 631-633, 2005.
[CrossRef] [Google Scholar] [Publisher Link]

[59] Iman Sharafaldi et al., “Developing Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy,” 2019 International Carnahan Conference on Security Technology (ICCST), Chennai, India, pp. 1-8, 2019.
[CrossRef] [Google Scholar] [Publisher Link]

[60] Datasets, SCVIC-TS-2022: Network intrusion data with original raw network packets, IEEEDataPort, 2023.[Online]. Available: https://ieee-dataport.org/documents/scvic-ts-2022-network-intrusion-data-original-raw-network-packets

[61] Liang Xiao et al., “IoT Security Techniques Based on Machine Learning: How Do IoT Devices Use AI to Enhance Security?,” IEEE Signal Processing Magazine, vol. 35, no. 5, pp. 41-49, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[62] Inès Ben Kraiem, “Multiple Anomaly Detection by Automatic Rule Learning in Time Series,” University of Toulouse-Jean Jaurès, pp. 1-145, 2021.
[Google Scholar] [Publisher Link]

[63] Sumeet Dua, and Xian Du, Data Mining and Machine Learning in Cybersecurity, CRC Press, 2016.
[Google Scholar] [Publisher Link]

[64] Parag Saxena, Ultimate Machine Learning with Scikit-Learn: Unleash the Power of Scikit-Learn and Python to Build Cutting-Edge Predictive Modeling Applications and Unlock Deeper Insights Into Machine Learning, Orange Education Pvt. Ltd., 2024.
[Google Scholar] [Publisher Link]

[65] Gilles Louppe, “Understanding Random Forests: From Theory to Practice,” PhD dissertation, Universite de Liege, 2014.
[Google Scholar]

[66] Ansam Khraisat, Iqbal Gondal, and Peter Vamplew, “An Anomaly Intrusion Detection System Using C5 Decision Tree Classifier,” Trends and Applications in Knowledge Discovery and Data Mining: PAKDD 2018, pp. 149-155, 2018.
[CrossRef] [Google Scholar] [Publisher Link]

[67] HongFang Zhou et al., “A Feature Selection Algorithm of Decision Tree Based on Feature Weight,” Expert Systems with Applications, vol. 164, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[68] Ahmad Turmudi Zy et al., “Detecting DDoS Attacks through Decision Tree Analysis: An EDA Approach with the CIC DDoS 2019 Dataset,” 2024 8^th International Conference on Information Technology, Information Systems and Electrical Engineering (ICITISEE), Yogyakarta, Indonesia, pp. 202-207, 2024.
[CrossRef] [Google Scholar] [Publisher Link]

[69] Manjula C. Belavagi, and Balachandra Muniyal, “Performance Evaluation of Supervised Machine Learning Algorithms for Intrusion Detection,” Procedia Computer Science, vol. 89, pp. 117-123, 2016.
[CrossRef] [Google Scholar] [Publisher Link]

[70] Kurniabudi et al., “CICIDS-2017 Dataset Feature Analysis with Information Gain for Anomaly Detection,” IEEE Access, vol. 8, pp. 132911-132921, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[71] Rabie A. Ramadan, and Kusum Yadav, “A Novel Hybrid Intrusion Detection System (IDS) for the Detection of Internet of Things (IoT) Network Attacks,” Annals of Emerging Technologies in Computing (AETiC), vol. 4, no. 5, pp. 61-74, 2020.
[CrossRef] [Google Scholar] [Publisher Link]

[72] Gerard Drapper Gil et al., “Characterization of Encrypted and VPN Traffic using Time-Related Features,” In Proceedings of the 2^nd International Conference on Information Systems Security and Privacy ICISSP, Rome, Italy, vol. 1, pp. 407-414, 2016.
[CrossRef] [Google Scholar] [Publisher Link]

[73] Tala Talaei Khoei et al., “Ensemble Learning Methods for Anomaly Intrusion Detection System in Smart Grid,” 2021 IEEE International Conference on Electro Information Technology (EIT), Mt. Pleasant, MI, USA, pp. 129-135, 2021.
[CrossRef] [Google Scholar] [Publisher Link]

[74] Raj Kumar Batchu, and Hari Seetha, “On Improving the Performance of DDoS Attack Detection System,” Microprocessors and Microsystems, vol. 93, 2022.
[CrossRef] [Google Scholar] [Publisher Link]

[75] Junhong Li, “Detection of DDoS Attacks Based on Dense Neural Networks, Autoencoders and Pearson Correlation Coefficient,” Faculty of Graduate Studies Online Theses, Dalhousie University Halifax, 2020.
[Google Scholar] [Publisher Link]

[76] Wes McKinney, Python for Data Analysis Data Wrangling with Pandas, NumPy, and IPython, 3^rd ed., O’REILLY, 2017.
[Google Scholar] [Publisher Link]

[77] Pandas, Pandas - Python Data Analysis Library, 2026. [Online]. Available: https://pandas.pydata.org/.

[78] Mahbod Tavallaee et al., “A Detailed Analysis of the KDD Cup 99 Data Set,” 2009 IEEE Symposium on Computational Intelligence for Security and Defense Applications, Ottawa, ON, Canada, pp. 1-6, 2009.
[CrossRef] [Google Scholar] [Publisher Link]

[79] Matt Harrisson, Learning Pandas Python Tools for Data Munging, Data Analysis, and Visualization, WordPress, pp. 1-208, 2016.
[Publisher Link]

[80]Md Alamgir Hossain, and Md Saiful Islam, “A Novel Hybrid Feature Selection and Ensemble-based Machine Learning Approach for Botnet Detection,” Scientific Reports, vol. 13, no. 1, pp. 1-28, 2023.
[CrossRef] [Google Scholar] [Publisher Link]