Model creation for Denial of Service (DoS) attack classification using an ensemble learning approach on multi-dataset network traffic

Abstract

The rapid advancement of information technology has increased cybersecurity threats, one of which is the Denial of Service (DoS) attack that can disrupt service availability. Most existing studies on DoS attack classification rely on a single dataset and a single machine learning model, which limits the generalizability of their results across different network environments. This study addresses this gap by proposing an ensemble learning-based model for DoS attack classification using multi-dataset network traffic. The datasets used in this research are UNSW-NB15 and TON-IoT, which were combined based on feature compatibility. After the preprocessing stage, a final dataset consisting of 73,302 records was obtained, comprising 64,267 normal traffic instances and 9,035 DoS attack instances. The dataset was then split using stratified sampling with an 80:20 ratio for training and testing data. The ensemble learning methods applied include Random Forest (bagging) and XGBoost (boosting), with training scenarios using both the original dataset and data balanced using the Synthetic Minority Over-sampling Technique (SMOTE). Model evaluation was conducted using a confusion matrix and performance metrics including accuracy, precision, recall, F1-score, and ROC-AUC.The results show that the ensemble learning approach achieves high performance in classifying DoS attacks. However, the application of SMOTE did not improve model performance in this study. The best-performing model was Random Forest trained on the original dataset, achieving an accuracy of 0.9854, precision of 0.9515, recall of 0.928, F1-score of 0.9402, and ROC-AUC of 0.996. These results indicate that the proposed model is effective for DoS attack classification across heterogeneous network traffic data.