Table 26 Training strategy overview.
From: A hybrid deep learning model for detection and mitigation of DDoS attacks in VANETs
Aspect | Details |
|---|---|
Dataset used | CIC-DDoS2019 (Version: 2019) |
Dataset version | CIC-DDoS2019 (Published by Canadian Institute for Cybersecurity, March 2019) (https://www.unb.ca/cic/datasets/ddos-2019.html) |
Total samples used | 280,000 samples |
Split strategy | Hold-Out (Stratified) + 5-Fold Cross-Validation |
Training set | 70% Training (196,000 samples) |
Testing set | 30% Testing (84,000 samples) |
Normal traffic samples | 40,000 (14.3%) |
DDoS attack samples | 240,000 (85.7%) |
Attack types included | UDP Flood, SYN Flood, PortScan, ICMP Flood, WebDDoS, etc., |
Class imbalance handling | SMOTE applied only to the training set to ensure balanced class learning |
Features extracted | Network traffic statistics, GPS-based spatiotemporal data, deep traffic embeddings (GCN + BiLSTM), behavioral patterns (LSTM-based timelines) |
Feature extraction tools | Python (v3.10), using Scapy, PyShark, tshark , and flow-based aggregation |
Feature windowing | 5-s non-overlapping time windows for session-based profiling |
Preprocessing techniques | Savitzky–Golay Filter (window = 11, polyorder = 3), MinMax normalization, IQR-based outlier removal (threshold = 1.5 × IQR) |
Augmentation | SMOTE with k=5 applied post-scaling on minority attack classes |
Train-test split | 80% training / 20% testing (stratified by attack type) |
Optimizer | Adam (lr = 0.0001, β₁ = 0.9, β₂ = 0.999) |
Batch size | 64 |
Epochs | 100 |
Early stopping | Enabled (patience = 10, min Δval_loss = 0.001) |
Dropout rate | 0.4 (applied to dense and recurrent layers) |
Feature selection strategy | ADA + EGOA hybrid: Pop size = 30, Iterations = 50, α = 0.6, β = 0.4 |
Training/Test split | 70/30 and 80/20 splits; stratified sampling to preserve class ratio |
Learning rate | 0.001 (with scheduler decay) |
Testing set handling | Left unaltered to preserve real-world class distribution |
Class proportions | •Normal traffic: 40,000 samples (14.3%) •DDoS attack traffic: 240,000 samples (85.7%) •Attack types: UDP Flood, SYN Flood, PortScan, ICMP Flood, WebDDoS, etc |
SMOTE application | SMOTE was applied only to the training set (70%) after dataset splitting • Training set balanced to improve model learning • Testing set preserved in original imbalanced state to ensure realistic evaluation |
