Machine Learning-Based Cyber Threat Detection Using DDoS Traffic

Abstract

The sophistication of the current cyberattacks and especially Distributed Denial of Service (DDoS) attacks is becoming a serious threat to the contemporary digital infrastructure. The signature-based traditional intrusion detection systems (IDS) have been in most cases unable to identify zero-day and evolving threats. In order to combat this obstacle, the proposed study features a model of machine learning-based cyber threat detection, namely, DDoS detection based on a realistic subset of the CIC-IDS-2017 dataset. This data set of labeled network traffic f lows that comprise benign and DDoS activity data. It uses a thorough data preprocessing pipeline, which includes missing value imputation, feature scaling, and ANOVA F-test based statistical feature selection. Three monitored classifiers, Logistic Regression (LR), Random Forest (RF) and a Deep Neural Network (DNN) are trained and tested on the picked features. To test the developed models, common measures of performance relevance, accuracy, precision, recall, F1-score and AUC Curve, are used. As shown by experimental results, Random Forest model performs better than the rest, coming up with 99.13% percent accuracy and AUC score of 0.991, showing a high capability and generalization. The results on the DNN and LR are quite competitive as well demonstrating the efficacy of the proposed approach. This work demonstrates the applied benefit of machine learning on the topic of Cyber threat detection, and has built a repeatable baseline on which new research may be derived. Some of the extensions that can be suggested are multi-class attack detection, real-time deployment, integration of explainability tools to have transparency in the models.