DDoS Detection Using Machine Learning for Cloud Service Providers

Abstract

Distributed Denial of Service (DDoS) attacks pose severe threats to Cloud Service Providers (CSPs) due to their massive network scale and unique traffic characteristics. This paper proposes a comprehensive detection framework that addresses CSP-specific challenges through integrated Machine Learning (ML) models and visualization techniques. Our approach combines feature selection algorithms (Salp Swarm Algorithm, Gray Wolf Optimization, Particle Swarm Optimization) with ten Machine Learning and Deep Learning classifiers (Logistic Regression, K-Nearest Neighbors, Random Forest, AdaBoost, Support Vector Machines, Decision Trees, XGBoost, Naïve Bayes, Artificial Neural Networks, Long Short-Term Memory) optimized for CSP-scale traffic. Experimental validation is conducted using a hybrid dataset that combines the benchmark The Canadian Institute for Cybersecurity-IoT (CICIoT)-2023 dataset with real-world CSP backbone traffic, where 65% of the data is from real CSP environments. The proposed framework achieves high detection rates, with 99.9% accuracy and an AUC of 0.999. While these metrics are exceptional, we acknowledge that they represent performance on our specific hybrid dataset and may vary in real-world environments, particularly in the presence of zero-day attacks. The framework demonstrates high accuracy while addressing the "weak signal" problem inherent to hyperscale environments. Visualization components provide critical insights into feature correlations, attack distributions, and model performance trade-offs. This research extends traditional DDoS detection methods by incorporating bio-inspired optimization and comprehensive visualization, providing CSPs with actionable intelligence for real-time threat mitigation.