Evaluating ML-based DDoS Detection with Grid Search Hyperparameter Optimization

Distributed Denial of Service (DDoS) attacks disrupt global network services by mainly overwhelming the victim host with requests originating from multiple traffic sources. DDoS attacks are currently on the rise due to the ease of execution and rental of distributed architectures such as the Internet of Things (IoT) and cloud infrastructures, which could potentially result in substantial revenue losses. Therefore, the detection and prevention of DDoS attacks are currently topics of high interest. In this study, we use traffic flow information to determine if a specific flow is associated with a DDoS attack. We used traditional Machine Learning (ML) methods in developing our DDoS detector and applied an exhaustive hyperparameter search to optimize their detection capability. Using lightweight approaches is suitable for resource-constrained environments such as IoT to reduce computing overhead. Our evaluation shows that most algorithms provide satisfactory results, with Random Forests achieving as high as 99% of detection accuracy, which is similar to the performance of current deep learning solutions for DDoS detection.