(IJACSA) International Journal of Advanced Computer Science and Applications,

Vol. 15, No. 10, 2024

AI in the Detection and Prevention of Distributed

Denial of Service (DDoS) Attacks
Sina Ahmadi
National Coalition of Independent Scholars, NCIS, Seattle, USA

Abstract—Distributed Denial of Service (DDoS) attacks are administrators and service providers in terms of identification
malicious attacks that aim to disrupt the normal flow of traffic to and mitigation [4]. Although various machine learning methods
the targeted server or network by manipulating the server’s have been proposed for detecting DDoS attacks, there remains
infrastructure with overflowing internet traffic. This study aims to a gap in understanding which of these methods is most effective
investigate several artificial intelligence (AI) models and utilise in real-time scenarios, especially within SDN environments.
them in the DDoS detection system. The paper examines how AI is
being used to detect DDoS attacks in real-time to find the most This study aims to fill this gap by evaluating and comparing
accurate methods to improve network security. The machine different AI-based detection methods to determine the most
learning models identified and discussed in this research include accurate technique for real-time DDoS attack mitigation in
random forest, decision tree (DT), convolutional neural network SDN. By addressing the limitations of existing detection
(CNN), NGBoosT classifier, and stochastic gradient descent approaches, this research seeks to provide a more effective
(SGD). The research findings demonstrate the effectiveness of solution for identifying and preventing DDoS attacks. The
these models in detecting DDoS attacks. The study highlights the findings will offer valuable insights into how AI can enhance
potential for future enhancement of these technologies to enhance the security of SDN infrastructures, contributing to the broader
the security and privacy of data servers and networks in real-time. goal of protecting businesses from network disruptions and
Using the qualitative research method and comparing several AI security breaches.
models, research results reveal that the random forest model
offers the best detection accuracy (99.9974%). This finding holds Ultimately, this study’s significance lies in its potential to
significant implications for the enhancement of future DDoS advance current cybersecurity measures by integrating AI into
detection systems. SDN environments. As the intensity and sophistication of
cyberattacks continue to rise, finding more accurate detection
Keywords—Artificial intelligence; Distributed Denial of Service methods becomes crucial. The results of this research will be
(Ddos); machine learning; detection; accuracy essential for administrators and service providers seeking to
I. INTRODUCTION safeguard their networks against DDoS attacks, thus ensuring
greater operational stability and data security.
In today’s fast-paced digital landscape, web-based services
and software have seen a significant rise, with approximately II. LITERATURE REVIEW
57% of the global population now using the Internet [1]. While This section of the paper provides a detailed understanding
artificial intelligence (AI) and machine learning have become of existing research and guides how this research presents a
powerful tools across various industries, they have also different perspective in the field. Numerous researchers have
introduced a host of security challenges, particularly in investigated AI-based detection methods to understand which
maintaining the performance and security of networks. method is most accurate for managing detective services.
Traditional networks often struggle to keep up with the
demands for efficiency and robust security, leaving businesses A. Performance of AI / Machine Learning in DDoS Attack
vulnerable to cyber threats like Distributed Denial of Service Detention
(DDoS) attacks [2]. The escalating scale and frequency of these Meti et al., in their experiment, observe TCP traffic from
attacks highlight a critical problem: existing network actual networks along with the number of connected devices
infrastructures, including those managed by software-defined per second as an indicator [5]. In terms of precision, accuracy,
networking (SDN), are increasingly incapable of providing the and recall levels, the results of the comparison highlight that K-
security required to ensure smooth business operations. SDN, Nearest Neighbour (KNN) shows the best precision and
which manages network traffic through software platforms accuracy. Zekri et al. suggested that a DT is also effective in the
rather than hardware, provides a centralised control system that cloud network to detect DDoS attacks [6]. Sahoo et al. present
enhances network flexibility and manageability [3]. However, an enhanced support vector machine (SVM) model that
this centralised architecture also introduces vulnerabilities, implements genetic algorithms (GA) and kernel principal
particularly at the control layer, where attackers can disrupt or component analysis (KPCA) [7]. Bakker et al. discuss the
manipulate network traffic through DDoS assaults. These additional costs of using AI for DDoS attack detection in SDN
attacks are difficult to detect, and as their intensity and [8]. Another study by Polat and co-authors confirms that KNN
frequency continue to rise, they pose significant challenges for is the most accurate method for DDoS detection and security
improvements [9].

23 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 15, No. 10, 2024

B. Use of Machine Learning for DDoS Attack Detection large amounts of labelled data that might not be available in
Huyu et al. present techniques for optimising and creating every scenario.
detection models by sending real-time traffic data to an offline 4) NGBoosT classifier: This machine learning model is
learning network [10]. Data is collected through routers and used for tasks involving data classification. NGBoosT collects
transmitted to the offline pipeline for data transformation and different predictions from trees and evaluates those predictions
feature engineering. Optimised models combined with existing to propose a final prediction. It is helpful in detecting DDoS
models can be used to protect networks from DDoS attacks. attacks because it provides predictions about their uncertainty,
Chayomchai et al.’s study focuses on the impact of cybercrime which is helpful in managing unclear and uncertain situations.
and DDoS attacks on banking institutions and how these
institutions are responding to these negative effects [11]. The 5) Stochastic gradient descent: It is a straightforward and
study claims that massive malware assaults target Indian banks, efficient method to detect DDoS attacks on networks.
resulting in the theft of private customer information and huge Stochastic Gradient Descent is used to manage complex
financial losses. It also states that poorly designed detection machine learning issues commonly occurring during text
models that do not need annotated data to supervise DDoS categorisation and language processing tasks. This method can
attacks can be improved using latent Dirichlet allocation also be applied to different linear models and is convenient for
(LDA). Another alternative is to use an extra classification layer managing different DDoS detection scenarios.
to remove non-attack tweets from the dataset [12]. Ashraf and
Latif propose a SOM-based solution to significantly improve D. DDoS
accuracy [13]. However, SOM principles violate SDM Xu et al. present a technique to detect DDoS attacks in SDN.
principles as they are built on intelligence in the data plane [14]. The technique mainly depends on K-FKNN and K-means++.
Peng et al. provide a detection method for anomalous SDN The proposed detection system would be implemented into the
streams in an SDN architecture [15]. They applied the same controller. The experimental results of this study reveal that the
technique to detect DDoS attacks using DPTCM-KNN as the implemented technique is stable and efficient [16]. However,
core algorithm. The results of this study demonstrate that the some drawbacks that make the technique less accurate include
deployed technique is effective; however, the detection the longer time required to detect the attack and the high load it
accuracy obtained needs improvement. puts on the SDN resources.
C. Machine Learning Models Polat et al. present an alternative method for DDoS attack
1) Random forest: The random forest model of machine detection in SDN [9]. There are two aspects to the proposed
detection system. The first aspect analyses the DDoS attack
learning refers to a method of ensemble learning that combines
traffic and normal traffic on the SDN environment dataset.
forecasts from different DTs. This model is used for both Filtration wrapping and feature selection methods were
regression and classification. Predictions from different deployed in the second aspect to get the most effective features
decision trees are combined to formulate a final forecast, and for machine learning model classification. However, there is a
every entry in a random forest contains a different subset of the limitation to the introduced technique: the need for further
data. By deploying ensemble techniques, the individual enhancement in its performance and detection accuracy.
accuracy of DTs can be improved, making them more
Novaes et al. have implemented a DDoS attack and a
dependable for attack detection and prevention. mitigation method in SDN [17]. The whole system is called
2) Decision tree: A DT refers to the graphical LSTM-FUZZY. The detection system comprises three stages:
representation of a decision-making process that separates data characterisation, detection, and mitigation. The proposed
based on the input values into different subgroups. Each system is ineffective due to its restricted scope for addressing
subgroup produces further branching nodes that lead to other the vulnerabilities of other networks. In addition, the model
subgroups or outcomes. In regression and classification tasks, a lacks the characteristics required to test different network
DT is used to generate and present predictions based on data topologies [17].
feature values. Decision trees are simple and convenient to Sarwan et al. present a space- and time-efficient DDoS
understand, which is why they are helpful in detecting DDoS attack detection technique that possesses the characteristics of
attacks. However, the accuracy of DTs needs improvements in identifying hosts along with the attack’s origin [18]. The
terms of consistency in detection. technique uses different traffic characteristics to identify
3) Convolutional neural network: A CNN is used for image abnormal traffic behaviour. It also uses a threshold to identify
classification and identification. Convolutional neural networks normal and compromised hosts. This DDoS detection technique
have innumerable applications, such as face recognition, image is efficient as it saves time and space. However, it does have the
processing, object detection, and computer vision. They are AI- limitation of violating SDN standards by implementing logic
into switches. Thus, there is a need to improve its performance
powered systems that use images as input to perform. and algorithmic accuracy.
Convolutional neural networks work automatically to learn
certain features that might be used for categorisation. Studies reveal that DDoS attacks are often released from a
Algorithms are adjustable to different networks in SDN, single host to seize or disable access by overloading the target
making them suitable for environments where potential attacks network or system. The degree of damage or loss depends on
the strength of the attacker’s resources. There are different
might occur. In terms of detecting DDoS attacks, CNNs require
intentions and purposes for launching a Denial-of-Service

24 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 15, No. 10, 2024

attack, which could be personal or institutional. Attackers use packet rate are common characteristics that help differentiate
botnets or zombie computers to launch a DDoS attack. These between good and bad packets.
attacks are pre-planned to disrupt or destroy a target network by
using land moves and targeting a specific system [19]. B. Artificial Intelligence Techniques
Most relevant AI techniques include machine learning,
Existing literature covers different dimensions of the natural language processing, and speech recognition. Machine
proposed research topic; however, literature about the use of AI learning algorithms are utilised in most of the settings. These
to detect and prevent denial-of-service attacks is minimal. techniques, including Naive Bayes, support vector machines,
Artificial intelligence is evolving in every industry to automate and neural networks, are implemented based on the nature and
systems and enhance network performance. Researchers must frequency of attacks [21].
disseminate knowledge on the use of machine learning
applications in different fields to protect systems from malware C. Trends of DDoS Attack
and security assaults. The following section of the paper defines In the fast-paced business world, DDoS attacks are
the research problem and the significance of understanding and commonplace. For instance, public networks experience
addressing this problem. frequent instances of high-intensity floods, which significantly
affect the normal flow of network traffic and disrupt normal
III. PROBLEM DEFINITION functioning. Although the security protocols of a network
Denial-of-Service (DoS) attacks happen when authorised protect it against DDoS attacks, trends of attack vary based on
users fail to access network data due to malicious cyber threat the strength of the security protocols of a network. The number
activities launched by third parties. These attacks, driven by of organisations experiencing DDoS attacks is increasing
various motives, are launched against emails, passwords, annually, along with the growing dependence on software and
databases, and websites to hack the private information of databases for managing organisational processes. The
individuals or organisations. Business organisations using integration of technology is simultaneously easing and
advanced software and computing networks to perform complicating institutional processes.
everyday operations are prone to such attacks. For example,
banks store important organisational and customer information D. Integration of AI Models into Networks to Prevent DDoS
on online databases and transform sensitive information Attacks
through networks that hackers can conveniently hack and Distributed Denial of Service attacks have been
misuse. DoS attacks create enormous challenges for demonstrated to be major threats to the Internet, causing major
administrators and managers in keeping operations streamlined. losses to organisations and governments. With the advancement
Organisations with poor detection infrastructure cannot detect of technology, it has become convenient for attackers to launch
abnormal traffic timely, resulting in attacks and network DDoS attacks at low costs. Attackers use unknown hosts or
complications. Given the technological advancements and computers to launch DDoS attacks, and it is hard to detect them
emerging threats, the major problem lies in the timely detection without having advanced security infrastructures embedded in
of DoS attacks and the application of accurate methods to AI models. However, different AI models, like machine
network infrastructures. learning algorithms, are available to help detect DDoS attacks.
These models vary in accuracy and performance and can be
Artificial intelligence has become an essential tool for used based on network settings and requirements to prevent
transforming business experiences. It is revolutionising every DDoS attacks. Fig. 1 shows a machine learning-enabled DDoS
industry by redefining traditional business practices and detection architecture.
transforming customer experiences. By using AI applications
and enhancing AI-based models, defence against DoS attacks
is possible. For example, AI helps reduce the surface area
vulnerable to attack, thereby minimising the options available
to attackers. Load balancers mitigate this issue by restricting
direct Internet traffic to specific parts of the network to avoid
direct attacks. Similarly, Access Control Lists (ACLs) are
useful in controlling which traffic would reach applications in
a given time [20].
A. DDoS Detection and Prevention
Common mechanisms for detecting and preventing DDoS
include attack detection, prevention, and reaction. However, it
is difficult to detect DDoS attacks in a network as it is hard to
differentiate between abnormal and normal network traffic
during ongoing operations. The detection of abnormal traffic in
a network is the first step to detecting DDoS attacks. In
addition, AI classification methods can help in identifying good
and bad packets. Bed packets labelled as abnormal traffic would
be dropped. The number of packets, time interval variance,
average size of packets, number of bytes, size variance, and
Fig. 1. DDoS attack detection architecture based on machine learning.

25 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 15, No. 10, 2024

E. Accuracy and Adaptability further to detect and prevent DDoS attacks in various
It is essential for AI-based detection models to provide institutional settings. Through this comparative analysis
accurate detection results to protect networks against strategy, the research aimed to collect and evaluate diverse
unauthorised access and use. Models with the greatest accuracy perspectives and experiences to inform its findings and
rates are adaptable under certain standards. Detection models conclusions. Research results would contribute to the existing
should be able to predict possible abnormalities in the network literature by presenting a novel dimension of DDoS and
and must inform administrators to timely mitigate those network attacks.
abnormalities. AI-powered detection models can prevent DDoS D. Data Analysis
attacks and protect networks by focusing on security and
privacy [22]. The accuracy of machine learning detection The thematic analysis approach was utilised to analyse data
models can be determined using Eq. (1). collected from the literature review. Resources were carefully
selected and analysed to guide research problems. DDoS
𝐴𝑐𝑐𝑢𝑟𝑎𝑐𝑦 = 𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝐶𝑜𝑟𝑟𝑒𝑐𝑡 𝑃𝑟𝑒𝑑𝑖𝑐𝑡𝑖𝑜𝑛𝑠 / attacks are a wide research topic that researchers have
𝑇𝑜𝑡𝑎𝑙 𝑁𝑢𝑚𝑏𝑒𝑟 𝑜𝑓 𝑃𝑟𝑒𝑑𝑖𝑐𝑡𝑖𝑜𝑛𝑠 (1) extensively explored from different dimensions. It was ensured
that the proposed research problem addressed a novel concern,
IV. METHODOLOGY / APPROACH and relevant literature was used to guide the research. The
analysis process was detailed and comprehensive to enhance
A. Research Design the study’s credibility and guide research conclusions. Data
This study uses qualitative research methodology to collected from the literature review and banks using AI models
investigate several AI models and employ them in the DDoS to detect and prevent DDoS attacks was analysed collectively
detection system. Using qualitative research methodology, this to guide discussions and the research conclusion. Three banks
study aims to explore the application of AI to detect DDoS were randomly selected to provide e-banking services. Real-
attacks in real time in banks to find the most accurate methods time e-banking transactions were checked to track fraudulent
to improve network security. Qualitative research activities. An in-depth analysis of e-banking transaction logs
methodologies encompass the use of theory and literature to was conducted. Banks employed a multi-layered security
explore the diverse perspectives, experiences, and behaviours approach to prevent DDoS attacks, including the use of one-
of people. This approach is carefully chosen to explore and time passwords to ensure that authorised users have access to
compare machine learning detection models to detect and their accounts. Data from banks using AI-powered solutions to
prevent DDoS attacks. Conducting a qualitative analysis of ensure their data is protected and the minimal probability of
existing literature helps in understanding the different available attacks was analysed. Two banks use blockchain-powered
methods and their accuracy. This analysis may assist in DDoS mitigation strategies and solutions to prevent DDoS
determining which method is most accurate to avoid network attacks. Analysis of real-time e-banking transactions of banks
disturbances and breaches. The objective of this study is to revealed that AI and machine learning models/applications
compare detection models based on their performance and provide real-time protection to online transactions and ensure
accuracy scores and propose further improvements to enhance that institutional and customer data is protected from
the security of organisational and institutional networks. unauthorised access or breaches. The analysis of the collected
data aimed to provide an in-depth understanding of Internet
B. Research Setting and Participants networks prone to DDoS attacks, the nature of attacks, causes
The research setting consists of private banking institutions. and effects, methods to detect and prevent them, and ways in
The participants are banks that have experienced DDoS attacks which these methods could be further improved. Furthermore,
in the previous two years and used different detection and the correlation between research objectives and themes is also
prevention techniques to prevent further attacks. They also discussed. It highlights how information gained from these
include all researchers who presented relevant experiences themes guides understanding of the research problem and
regarding AI-detection methods and accuracy measures. Banks convinces the need for improved security protocols to prevent
are chosen in order to study the use of AI in the detection of future DDoS attacks. Thematic analysis not only summarises
DDoS in real-time. Moreover, AI-powered methods are research findings but also contextualises these findings for
effective at detecting these attacks and maintaining security readers and future researchers.
standards.
E. Ethical Considerations
C. Data Collection Research ethics were followed throughout the research
The data collection method started with the use of Google process. All resources utilised during the literature review were
Scholar, wherein different resources were collected using properly acknowledged through appropriate citations and
several research terms such as ‘Denial of Service Attacks,’ references, giving credit to the authors. The literature analysis
‘Applications of AI in detecting network attacks,’ ‘network was presented without any personal amendments or changes.
security,’ and ‘ML models of detection.’ These search terms All three banks approached to investigate how AI is helpful in
were chosen to retrieve relevant results from the search engine. detecting DDoS attacks in real-time requested not to reveal
Different articles were reviewed to collect relevant information their identities in the research paper. In order to respect their
and then compared with the observations gained from the AI privacy, their identities have been concealed, and all
detection models implemented in banks to avoid DDoS attacks. discussions pertaining to them have been conducted
The comparison aims to understand how different models work anonymously. The study addresses biases and conflicts
in theory and practice as well as how they could be improved observed in research studies. It ensures that personal conflicts

26 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 15, No. 10, 2024

and biases are avoided throughout the paper to ensure the VI. DISCUSSION
generalisability of the results and maintain integrity throughout
the research process. A. DDoS Attack Detection and Prevention in Banking
Industry
V. RESULTS An in-depth analysis of the e-banking transaction logs of
A. Machine Learning Models three banks reveals that AI applications are helpful in detecting
and preventing DDoS attacks in real time. In banking
This research paper examined and compared five machine institutions, blockchain-powered DDoS mitigation strategies
learning models: random forest, DT, CNN, NGBoosT are utilised to enhance security standards and protocols.
classifier, and SGD. Different performance parameters were Banking institutions are implementing strong security protocols
used to compare the precision and accuracy of each machine and exploring new defences against DDoS attacks. They are
learning model. The accuracy score of each model is illustrated using AI models to build strategies for identifying the origins
in Fig. 2. and underlying causes of attacks. Eliminating traditional DDoS
prevention approaches, banks are deploying advanced security
measures to avoid financial and non-financial losses. Machine
learning and AI have made it possible to automatically detect
and prevent DDoS attacks [25].
Based on the analysis of existing detection and prevention
models implemented by banks, some changes are proposed.
With the following structure, the random forest model would
provide the most accurate predictions about DDoS attacks.

Fig. 2. Accuracy of all models. The proposed changes in the DDoS detection and
prevention models would yield outstanding outcomes and
Accuracy is a quantitative measure that quantifies the ratio protect real-time customer interactions and transactions. This is
of false negatives and positives to the terms present in the depicted in Fig. 3.
numerator. The numerator further specifies the sum of true
negatives and true positives. Eq. (2) defines accuracy as
follows:
𝐴𝑐𝑐𝑢𝑟𝑎𝑐𝑦 = ((𝑇𝑃 + 𝑁𝑃) / (𝐹𝑃 + 𝐹𝑁)) ∗ 100 (2)
The accuracy scores were used to measure the effectiveness
of the five machine learning models in detecting DDoS attacks.
Fig. 2 presents the ideal accuracy score of 0.99 for the random
forest machine learning model. The purple bar of the random
forest model shows how accurate the prediction would be
compared to the rest of the four machine learning models.
Similarly, CNN, SGD, NGBoosT classifier, and DT show
accuracy scores of 0.98, 0.96, 0.93, and 0.91, respectively.
Hence, based on the accuracy scores, the random forest
machine learning model is the most effective for
implementation in institutional settings, whether banks or other
organisations, to detect and prevent DDoS attacks [23].
B. Comparative Analysis of Machine Learning Models
A comparative analysis of five machine learning models
reveals that each model has its strengths and weaknesses. The
random forest model is effective in making predictions for
complex settings and is conveniently adjustable in different
SDN settings compared to DT and NGBoosT classifiers. The
random forest model offers flexibility in different domains
compared to NGBoosT, which cancels overfitting into multiple
settings. All five machine learning models differ in their Fig. 3. Proposed machine learning model using e-banking datasets.
approach to handling DDoS attacks in different settings. The
accuracy and precision rate of each model differ, highlighting B. Adopting Advanced AI Solutions to Detect and Prevent
the usefulness and performance of each model in institutional DDoS Attack
settings. Each model can be individually deployed in different In the context of cyberattacks and threats, organisations
institutional settings based on the security requirements and should understand the importance of advanced and updated AI
infrastructure of that institution [24]. models to detect and prevent DDoS attacks. Along with
advancements in machine learning and AI, cyber threats are

27 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 15, No. 10, 2024

evolving. Therefore, it is essential to timely understand the need VII. CONCLUSION

for improved machine learning models and integrate them as The Internet has transformed the world over the years. It has
needed to avoid network breaches and data thefts. become an essential need for every institution and organisation.
Organisations and administrators can focus on evolving AI In this fast-paced world, the Internet is transforming lives and
trends and models being deployed to prevent DDoS attacks. complicating things as well. Cyberattacks have become
Based on the accuracy code and analysis of the machine commonplace in the technically advanced world, wherein an
learning models used in this study, the random forest model is unknown person can assess the private information of
most suitable for predicting DDoS attacks. institutions or organisations. A DDoS attack is a form of
C. Privacy and Confidentiality cyberattack in which hackers take control of the central
controller to disrupt or completely damage a network. Hackers
Banks are dealing with highly sensitive customer
can launch this attack from any server. The detection and
information that could cause major complications if breached.
prevention of DDoS attacks is a complicated and sometimes
Banks have a paramount responsibility to protect their
impossible task.
customers’ privacy and confidentiality. This can only be
achieved by using upgraded security protocols. Literature This paper aims to investigate the role of AI in the detection
analysis reveals that corporations and organisations use and prevention of DDoS attacks in real-time. To achieve this
different detection and prevention mechanisms to avoid objective, data was collected and analysed from existing
financial and non-financial losses due to DDoS attacks. In literature and three anonymous banks. Data analysis reveals
dealing with customers’ private information, organisations such that institutions are using attack mitigation techniques;
as banks are expected to adopt ever-changing AI applications however, these techniques are not as effective as machine
that protect network traffic and ensure no abnormalities exist. learning models in defending against DDoS attacks. From the
Collaborative DDoS attack detection and prevention methods reviewed machine learning models, the random forest model is
can be used to detect attacks at different locations before they the most effective model to implement in organisational
occur. settings to detect and prevent DDoS attacks promptly.
Considering the frequency of cyberattacks, researchers strongly
D. Implementation Challenges
advocate for the integration of machine learning models into the
The implementation of a machine learning model to protect strategic planning of large organisations and institutions. This
organisational networks against DDoS is a challenging task. will help mitigate long-term challenges by ensuring they
Organisations can protect their networks against these attacks implement advanced security protocols. It is recommended
by deploying advanced machine learning and AI-powered that, with evolving technologies, organisations understand the
solutions and technologies. One of the biggest challenges is that dynamic need for security upgrades to compete efficiently in
machine learning and AI require a large amount of labelled data the industry.
to make accurate predictions. Obtaining detailed data in any
SDN setting is challenging, which limits the adaptability of VIII. FUTURE WORK
these models to effectively detect and prevent DDoS attacks in This research discussed five machine learning models and
every situation. Another challenge is resource allocation. The found that the random forest model makes more accurate
deployment of machine learning models requires heavy predictions than the other models. Future researchers can
investments, imposing financial burdens on organisations. conduct further work on the accuracy and effectiveness of the
Moreover, not all organisations can afford the cost. In addition random forest model and why it is most accurate compared to
to purchasing and implementing machine learning models, other models. Future research can highlight how machine
regular updates and space requirements are also a concern. learning models are making a difference compared to
Organisations spend to mitigate cyberattacks; however, it is traditional models in detecting and preventing DDoS attacks.
expensive to deploy machine learning models as they require Researchers can also explore how the random forest model
planning from resources to training for successful deployment. effectively detects DDoS attacks in different network settings.
To cut cyberattack costs permanently, organisations should The adjustability, accuracy, and precision of the random forest
consider and prioritise the implementation of machine learning model can be studied in detail to justify its effectiveness in
models according to their needs and security infrastructure. comparison to other models.
This will ensure they have strong security protocols and that
their assets are protected from unauthorised access and theft. Moreover, advancements in prevention and detection
techniques and mechanisms can transform organisational
Financial institutions, such as banks, are at great risk outcomes. Hence, by integrating and adopting advanced
because of the monetary value of their data. Based on our machine learning models to detect DDoS attacks, organisations
analysis, the random forest machine learning model is one of can safeguard customers’ privacy and confidentiality and
the most effective models for making accurate predictions. By streamline their everyday operations.
enhancing its adjustability, this model can be implemented in
financial organisations to timely detect and prevent DDoS REFERENCES
attacks. The random forest model can detect abnormal traffic in [1] Internet growth usage statistics [Internet]. 2019 [cited 2024 Jan 10];
a network to make predictions regarding the occurrence of a Available from: https://www.clickz.com/internetgrowthusage-stats-2019-
DDoS attack at a certain point. Financial institutions can time-online-devices-users/235102/
effectively implement this model to avoid additional expenses
associated with addressing cyberattacks and data theft [26].

28 | P a g e
www.ijacsa.thesai.org
 (IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 15, No. 10, 2024

[2] Singh J, Behal S. Detection and mitigation of DDoS attacks in SDN: A [13] Ashraf J, Latif S. Handling intrusion and DDoS attacks in software-
comprehensive review, research challenges and future directions. defined networks using machine learning techniques [Internet]. IEEE
Comput. Sci Rev 2020;37:100279. Xplore. 2014. p. 55-60. Available from:
[3] Sheikh MNA, Hwang IS, Ganesan E, et al. Performance assessment for https://ieeexplore.ieee.org/abstract/document/6998241
different SDN-based controllers. In: Proceedings of the 2021 30th [14] 2014 IEEE National Software Engineering Conference [Internet].
Wireless and Optical Communications Conference (WOCC), Taipei, Interdisciplinary Centre for Mathematical and Computational Modelling.
Taiwan; 2021: p. 24-5. 2014 [cited 2024 Aug 6]. p. 55-60. Available from:
[4] Wang Y, Wang X, Ariffin MM, et al. Attack detection analysis in https://www.infona.pl/resource/bwmeta1.element.ieee-conf-
software-defined networks using various machine learning methods. 000006979384/
Comput Electr Eng 2023;108:108655. [15] Peng H, Sun Z, Zhao X, et al. A detection method for anomaly flow in
[5] Meti N, Narayan DG, Baligar VP. Detection of distributed denial of software defined network. IEEE Access 2018;6:27809-17.
service attacks using machine learning algorithms in software defined [16] Xu Y, Sun H, Xiang F, et al. Efficient DDoS detection based on K-FKNN
networks. In: Proceedings of the 2017 International Conference on in software defined networks. IEEE Access 2019;7:160536-45.
Advances in Computing, Communications and Informatics (ICACCI), [17] Novaes MP, Carvalho LF, Lloret Jaime, et al. Long short-term memory
Manipal, India; 2017: p. 1366-71. and fuzzy logic for anomaly detection and mitigation in software-defined
[6] Zekri M, El Kafhali S, Aboutabit N, et al. DDoS attack detection using network environment. IEEE Access 2020;8:83765-81.
machine learning techniques in cloud computing environments. In: [18] Ali S, Alvi MK, Faizullah S, et al. Detecting ddos attack on SDN due to
Proceedings of the 2017 3rd International Conference of Cloud vulnerabilities in openflow. IEEE 2019 International Conference on
Computing Technologies and Applications (CloudTech), Rabat, Advances in the Emerging Computing Technologies (AECT), Al
Morocco; 2017: p. 1-7. Madinah Al Munawwarah, Saudi Arabia; 2020: p. 1-6.
[7] Sahoo KS, Tripathy BK, Naik K, et al. An evolutionary SVM model for [19] Raza MS, Sheikh MNA, Hwang I, et al. Feature-selection-based DDOS
DDOS attack detection in software defined networks. IEEE Access attack detection using AI algorithms. Telecom 2024;5:333-46.
2020;8:132502-13.
[20] AWS. What is a DDOS attack & how to protect your site against one
[8] Bakker JN, Ng B, Seah WK. Can machine learning techniques be [Internet]. Amazon Web Services, Inc. 2024 [cited 2024 Aug 6];
effectively used in real networks against DDoS attacks? In: Proceedings Available from https://aws.amazon.com/shield/ddos-attack-protection/
of the 2018 27th International Conference on Computer Communication
and Networks (ICCCN), Hangzhou, China; 2018: p. 1-6. [21] D G. DDoS detection and prevention based on artificial intelligence
techniques. Sci Bull Nav Acad 2019;22:134-43.
[9] Polat H, Polat O, Cetin A. Detecting DDoS attacks in software-defined
[22] Bortey L. How do you measure machine learning model accuracy after
networks through feature selection methods and machine learning.
Sustain 2020;12:1035. data preprocessing? [Internet]. Linkedin. 2023 [cited 2024 Aug 6];
Available from: https://www.linkedin.com/posts/loretta-bortey-
[10] Huyn J. A scalable real-time framework for DDoS traffic monitoring and b2517481_how-do-you-measure-machine-learning-model-activity-
characterization. In: Proceedings of the Fourth IEEE/ACM International 7095092695324311552-KtJM
Conference on Big Data Computing, Applications and Technologies,
Austin, TX, USA: 2017: p. 265-6. [23] Islam U, Muhammad A, Mansoor R, et al. Detection of distributed denial
of service (DDOS) attacks in IOT based monitoring system of banking
[11] Mhamane SS, Lobo LMRJ. Internet banking fraud detection using HMM. sector using machine learning models. Sustain 2022;14:8374.
In: Proceedings of the 2012 Third International Conference on
Computing, Communication and Networking Technologies [24] Noi PT, Kappas M. Comparison of random Forest, K-Nearest Neighbor,
(ICCCNT’12), Coimbatore, India; 2012. and Support vector machine classifiers for land cover classification using
Sentinel-2 imagery. Sensors 2017;18:18.
[12] Chayomchai A, Phonsiri W, Junjit A, et al. Factors affecting acceptance
and use of online technology in Thai people during COVID-19 quarantine [25] D G. DDoS detection and prevention based on artificial intelligence
time. Manag Sci Lett 2020;10:3009-16. techniques. Sci Bull Nav Acad 2019;22:134-43.
[26] Zhang C, Liu C, Zhang X, et al. An up-to-date comparison of state-of-the-
art classification algorithms. Expert Syst Appl 2017;82:128-50.

29 | P a g e
www.ijacsa.thesai.org