Enhanced DDoS Attack Detection using Machine Learning

Enhanced DDoS Attack Detection using Machine Learning

1Setty Vari Sai Mokshagna, 2N Harish, 3P Sai Murali Krishna, 4S Harsha Vardhan Reddy, 5Kiran Kumari Patil

1-4Department of Computer Science, CMR University, Bangalore, India

5Professor and Deputy Director, Department of Computer Science, CMR University, Bangalore, India, 1settyvari.saimokshagna@cmr.edu.in, 2nagisetty.harish@cmr.edu.in,z 5kirankumari.p@cmr.edu.in

Abstract—Distributed Denial of Service (DDoS) attacks have become one of the most pressing cybersecurity concerns due to their ability to disrupt services, damage reputations, and impact entire infrastructures. This study aims to develop an effective and accurate detection system for such attacks using machine learning techniques. By leveraging the CICIDS2017 dataset—which offers realistic, labeled network traffic data including both benign and malicious samples—the project analyzes multiple classification algorithms to identify the most reliable models for detecting DDoS threats. The dataset was preprocessed and divided into training and testing subsets to ensure thorough model evaluation. Eight different algorithms were implemented and tested: Artificial Neural Network (ANN), Convolutional Neural Network (CNN), Decision Tree, Logistic Regression, Naive Bayes, Random Forest, Support Vector Machine (SVM), and k-Nearest Neighbor (k-NN). Performance was assessed using key metrics such as accuracy, precision, recall, F1 score, and confusion matrix to determine how well each model could differentiate between benign and DDoS traffic. Among all the models, tree-based classifiers like Random Forest and Decision Tree stood out, each achieving an accuracy of 99.98%, indicating their strength in handling complex network traffic patterns. The results also highlight the potential of ensemble learning methods in cybersecurity applications, where both detection accuracy and low false positive rates are crucial. While the study demonstrates that several models are capable of high-performance detection, it also emphasizes the need for further refinement through hyperparameter tuning and dimensionality reduction to enhance real-time deployment. As DDoS attacks continue to evolve in nature, employing dynamic and adaptive detection systems based on machine learning becomes not just beneficial but necessary for proactive cybersecurity. In addition to demonstrating high accuracy, the study emphasizes the importance of understanding feature importance and selection in building more interpretable and lightweight models. Certain features within the dataset, such as flow duration, packet size statistics, and header flags, were found to be more indicative of DDoS activity, highlighting how specific attributes contribute significantly to detection accuracy. This not only aids in reducing computational complexity but also enhances the model’s applicability in real-time environments where response speed is critical. By analyzing and comparing the performance of various models, the study identifies not just the most accurate classifiers but also the trade-offs involved in their use—such as training time, scalability, and ease of deployment in practical systems. Furthermore, the inclusion of deep learning methods like ANN and CNN adds an advanced dimension to the research, showcasing how neural networks can learn complex patterns and relationships within network traffic data, though they may require more computational resources.

Index Terms—DDoS Detection, Machine Learning, Network Security, CICIDS2017 Dataset, Classification Algorithms, Cyber Threats, Random Forest, Decision Tree, Neural Networks, Intrusion Detection System.