Supervised Machine Learning Approaches for Robust DDoS Detection in Cloud Environments

Abstract

In today's landscape, the widespread adoption of cloud computing has been accompanied by a corresponding increase in security vulnerabilities, with Distributed Denial-of-Service (DDoS) attacks posing one of the most serious challenges by overwhelming resources such as CPU power, memory, and network bandwidth, thereby disrupting services for legitimate users. Detecting DDoS attacks in cloud environments is particularly difficult due to the similarity between malicious and legitimate traffic, often originating from numerous geographically dispersed sources. This study evaluates the effectiveness of five supervised machine learning algorithms Random Forest (RF), Decision Tree (DT), Support Vector Machine (SVM), k-Nearest Neighbours (KNN), and Naïve Bayes (NB) for detecting DDoS attacks in cloud computing environments using the publicly available Software Defined Networking (SDN) DDoS Attack Dataset. Comprehensive preprocessing including normalization, feature selection, and Synthetic Minority Oversampling Technique (SMOTE) was applied, along with rigorous regularization strategies to mitigate overfitting. Experimental results demonstrate that Random Forest achieved the highest balanced performance (95% accuracy, 96% precision, 95% recall), followed by KNN (94%), SVM (93%), DT (92%), and Naïve Bayes (91%). These findings confirm the potential of machine learning for reliable DDoS detection while emphasizing the importance of proper model regularization to ensure generalizability. Future work should explore larger datasets, real-time traffic analysis, and hybrid models to further enhance robustness.