Implementasi ANOVA Pada Algoritma KNN++ Untuk Klasifikasi Serangan DDoS UDP Flood

Abstract

Cybersecurity has become a critical issue in the digital era, particularly with the significant rise of Distributed Denial of Service (DDoS) UDP Flood attacks, which increased by 59.77% in 2023. This study implements the K-Nearest Neighbors++ (KNN++) algorithm, enhanced with feature selection using Analysis of Variance (ANOVA) and data balancing through the Synthetic Minority Oversampling Technique (SMOTE), to detect UDP Flood DDoS attacks based on network traffic anomalies. The CICDDoS2019 dataset is processed through comprehensive preprocessing stages, including the removal of 20 irrelevant features, Min-Max normalization, and class distribution balancing. Experimental results show the best performance at K=3, achieving an accuracy of 99.994%, precision of 99.998%, recall of 99.996%, and an F1-score of 99.997%. The application of SMOTE successfully increased the minority class recall by 2.51% compared to the model without SMOTE, with a computation time of 3,846 seconds, which is considered efficient for large-scale datasets. These findings demonstrate the effectiveness of the combined KNN++, ANOVA, and SMOTE approach as a comprehensive solution for anomaly-based intrusion detection systems