Stream-Based DDoS Mitigation: A Hybrid Approach Using Incremental Feature Selection and Hoeffding Adaptive Trees

Abstract

The sheer volume of traffic generated by IoT devices and 5G networks has created a massive bottleneck for traditional cybersecurity systems. While batch-learning models are effective, they have a critical blind spot: they cannot adapt to new attack patterns without undergoing a slow, offline retraining process. This paper tackles that latency problem by introducing OFS-HAT (Online Feature Selection with Hoeffding Adaptive Trees), a framework built specifically for the constraints of edge computing. Unlike standard streaming models that try to digest every piece of data, OFS-HAT actively filters noise in real-time, using incremental Pearson correlation to identify the features that actually matter. Our tests on the CICIDS2017 dataset show that this approach hits a "sweet spot," achieving 99.21% accuracy—matching heavy ensemble methods—while processing traffic 3.4 times faster and consuming significantly less memory.