Detection of DDOS Attacks in Software-Based Systems in Cyberspace Using Machine Learning

Zeynep Dolmaz; Ilkay Cinar

doi:10.47134/jtsi.v2i4.5033

Authors

Zeynep Dolmaz Selçuk University https://orcid.org/0009-0007-1953-0123
Ilkay Cinar Selçuk University https://orcid.org/0000-0003-0611-3316

DOI:

https://doi.org/10.47134/jtsi.v2i4.5033

Keywords:

Machine Learning, SDN, DDoS Detection, Feature Engineering

Abstract

Distributed Denial of Service (DDoS) attacks have emerged as one of the most critical threats to contemporary network security. Rapid and accurate detection of such attacks is major for ensuring service continuity in large-scale networks. This study proposes an integrated approach that combines feature engineering with machine learning algorithms for the detection of DDoS attacks. In the initial phase, ANOVA and Chi-Square tests were applied to the dataset to identify statistically significant features; attributes such as dt, switch, dur, bytecount, and pktcount, which contributed minimally to classification performance or contained redundant information, were excluded. The optimized feature set was then evaluated using several machine learning algorithms, namely Decision Tree, Support Vector Machine (SVM), K-Nearest Neighbors (KNN), and Logistic Regression (LR). Quantitatively, feature selection improved SVM accuracy from 74.88% to 95.05%, increased Decision Tree accuracy to nearly 99.94%, slightly reduced KNN performance while maintaining its overall strength, and decreased LR accuracy from 77.15% to 74.87%. The experimental findings demonstrate that the proposed approach not only enhances classification performance but also reduces model runtime. Accordingly, the study presents an effective solution that simultaneously delivers high accuracy and computational efficiency in DDoS detection.

References

Aslan, Ö. (2022). A Methodology to Detect Distributed Denial of Service

Attacks. International Journal of InformaticsTechnologies, 15(2). https://doi.org/10.17671/gazibtd.1002178

Ayodele, B., & Buttigieg, V. (2024). SDN as a defence mechanism: a comprehensive survey. International Journal of Information Security, 23(1), 141-185. https://doi.org/10.1007/s10207-023-00764-1

Aytaç, T., Aydın, M. A., & Zaim, A. H. (2020). Detection DDOS attacks using machine learning methods. Electrica, 20(2), 159-167. https://doi.org/10.5152/electrica.2020.20049

Catak, F. O., & Mustacoglu, A. F. (2019). Distributed denial of service attack detection using autoencoder and deep neural networks. Journal of Intelligent & Fuzzy Systems, 37(3), 3969-3979. https://doi.org/10.3233/JIFS-190159

Cover, T., & Hart, P. (1967). Nearest neighbor pattern classification. IEEE transactions on information theory, 13(1), 21-27. https://doi.org/10.1109/TIT.1967.1053964

Çatak, F. Ö., & Balaban, M. E. (2016). A MapReduce-based distributed SVM algorithm for binary classification. Turkish Journal of Electrical Engineering and Computer Sciences, 24(3), 863-873. https://doi.org/10.3906/elk-1302-68

Çetinkaya, Ş., & Terzi, S. (2024). Analysing the Effects of Cyber Security on National Security from a Realist Perspective:" Stuxnet" Example. Güvenlik Çalışmaları Dergisi, 26(1), 38-51. https://doi.org/10.54627/gcd.1443278

Deepa, V., Sudar, K. M., & Deepalakshmi, P. (2019). Design of ensemble learning methods for DDoS detection in SDN environment. 2019 International Conference on Vision Towards Emerging Trends in Communication and Networking (ViTECoN),

Erhan, D., & Anarım, E. (2020). Istatistiksel Yöntemler Ile DDoS Saldırı Tespiti DDoS Detection Using Statistical Methods. 2020 28th Signal Processing and Communications Applications Conference (SIU), Gaziantep, Turkey.

Eşidir, K. A. (2025). Makine Öğrenimi Modelleri ile Yetişkin Eğitimi Analizi: Modellerin Karşılaştırmalı Performansı. Elektronik Sosyal Bilimler Dergisi, 24(2), 946-964. https://doi.org/10.17755/esosder.1589887

Farhana, N., Firdaus, A., Darmawan, M. F., & Ab Razak, M. F. (2023). Evaluation of Boruta algorithm in DDoS detection. Egyptian Informatics Journal, 24(1), 27-42. https://doi.org/10.1016/j.eij.2022.10.005

Garcia-Ramirez, I.-A., Calderon-Mora, A., Mendez-Vazquez, A., Ortega-Cisneros, S., & Reyes-Amezcua, I. (2022). A novel framework for fast feature selection based on multi-stage correlation measures. Machine Learning and Knowledge Extraction, 4(1), 131-149. https://doi.org/10.3390/make4010007

Giuzio, A., Mecca, G., Quintarelli, E., Roveri, M., Santoro, D., & Tanca, L. (2019). INDIANA: An interactive system for assisting database exploration. Information Systems, 83, 40-56. https://doi.org/10.1016/j.is.2019.01.003

Holat, O. (2021). Yeni medya ve siber savaş kavramları bağlamında Stuxnet saldırısı örneğinin incelenmesi. Abant Kültürel Araştırmalar Dergisi, 6(11), 105-121.

Holm, H. (2014). Signature based intrusion detection for zero-day attacks:(not) a closed chapter? 2014 47th Hawaii international conference on system sciences, Waikoloa, HI, USA.

Hossain, M. A. (2025). Deep learning-based intrusion detection for IoT networks: a scalable and efficient approach. EURASIP Journal on Information Security, 2025(1), 28. https://doi.org/10.1186/s13635-025-00202-w

Huang, L.-S., & Chen, J. (2008). Analysis of variance, coefficient of determination and F-test for local polynomial regression. The Annals of Statistics. https://doi.org/10.1214/07-AOS531

Ivanova, V., Tashev, T., & Draganov, I. (2022). DDoS attacks classification using SVM. WSEAS Transactions on Information Science and Applications, 19, 1-11. https://doi.org/10.37394/23209.2022.19.1

Karaman, M. S., Turan, M., & Aydın, M. A. (2020). Yapay sinir ağı kullanılarak anomali tabanlı saldırı tespit modeli uygulaması. Avrupa Bilim ve Teknoloji Dergisi(Ejosat Ek Özel Sayı (HORA)), 10-17. https://doi.org/10.31590/ejosat.1115825

Kreutz, D., Ramos, F. M., Verissimo, P. E., Rothenberg, C. E., Azodolmolky, S., & Uhlig, S. (2014). Software-defined networking: A comprehensive survey. Proceedings of the IEEE, 103(1), 14-76. https://doi.org/10.1109/JPROC.2014.2371999

Liu, Y., Zhi, T., Shen, M., Wang, L., Li, Y., & Wan, M. (2022). Software-defined DDoS detection with information entropy analysis and optimized deep learning. Future Generation Computer Systems, 129, 99-114. https://doi.org/10.1016/j.future.2021.11.009

Mahamat, S. B., & Çeken, C. (2019). Anomaly detection in software-defined networking using machine learning. Düzce Üniversitesi Bilim ve Teknoloji Dergisi, 7(1), 748-756.

Moustafa, N., & Slay, J. (2015). UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set). 2015 military communications and information systems conference (MilCIS),

Nadeem, M. W., Goh, H. G., Ponnusamy, V., & Aun, Y. (2022). Ddos detection in SDN using machine learning techniques. Computers, Materials & Continua, 71(1). https://doi.org/10.32604/cmc.2022.021669

Özel, Z., & Demirsöz, M. (2021). Makine Öğrenmesi Yöntemleri İle COVID-19 Verilerinin İncelenmesi: Türkiye Örneği. Sağlık Bilimlerinde Yapay Zeka Dergisi, 1(2), 1-7.

Paltacı, B. M. (2022). Ukrayna-rusya savaşı bağlamında siber güvenlik ekosistemi ‘nde yaşanan gelişmeler ve değerlendirmeler. Orta Doğu ve Orta Asya-Kafkaslar Araştırma ve Uygulama Merkezi Dergisi, 2(2), 1-19.

Sarhan, M., Layeghy, S., & Portmann, M. (2021). Feature analysis for machine learning-based IoT intrusion detection. arXiv preprint arXiv:2108.12732. https://doi.org/10.48550/arXiv.2108.12732

Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization. ICISSp, 1(2018), 108-116.

Söğüt, E., & Erdem, O. (2023). SDN Tabanlı SCADA Sistemlerinde Makine Öğrenmesi Tabanlı DDoS Saldırı Tespiti. Gazi Mühendislik Bilimleri Dergisi, 1(1).

Suvra, D. K. (2025). An Efficient Real Time DDoS Detection Model Using Machine Learning Algorithms. arXiv preprint arXiv:2501.14311. https://doi.org/10.48550/arXiv.2501.14311

Topbaş, Z. (2024). Bir Boyutlu Evrişimli Sinir Ağları Kullanılarak ağ Saldırı Tespiti Necmettin Erbakan University (Turkey)].

Wang, B., Jiang, Y., Liao, Y., & Li, Z. (2024). DDoS‐MSCT: A DDoS Attack Detection Method Based on Multiscale Convolution and Transformer. IET Information Security, 2024(1), 1056705. https://doi.org/10.1049/2024/1056705

Wang, Y., & Zhou, C. (2020). Feature selection method based on chi-square test and minimum redundancy. International Conference on Intelligent and Interactive Systems and Applications,

Yağmur, E. (2023). Scada Sistemlerinde Dagitik Hizmet Disi Birakma Saldirilarinin Derin Ögrenme ve Makine Ögrenmesi Yöntemleri ile Tespiti Konya Teknik Üniversitesi].

Zahid, M., & Bharati, T. S. (2025). Enhancing cybersecurity in IoT systems: a hybrid deep learning approach for real-time attack detection. Discover Internet of Things, 5(1), 73. https://doi.org/10.1007/s43926-025-00156-y