{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,28]],"date-time":"2026-03-28T18:38:10Z","timestamp":1774723090508,"version":"3.50.1"},"reference-count":44,"publisher":"MDPI AG","issue":"11","license":[{"start":{"date-parts":[[2025,11,1]],"date-time":"2025-11-01T00:00:00Z","timestamp":1761955200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Computers"],"abstract":"<jats:p>Distributed denial of service (DDoS) attacks pose a serious risk to the operational stability of a network for companies, often leading to service disruptions and financial damage and a loss of trust and credibility. The increasing sophistication and scale of these threats highlight the pressing need for advanced mitigation strategies. Despite the numerous existing studies on DDoS detection, many rely on large, redundant feature sets and lack validation for real-time applicability, leading to high computational complexity and limited generalization across diverse network conditions. This study addresses this gap by proposing a feature-optimized and computationally efficient ML framework for DDoS detection and mitigation using benchmark dataset. The proposed approach serves as a foundational step toward developing a low complexity model suitable for future real-time and hardware-based implementation. The dataset was systematically preprocessed to identify critical parameters, such as packet length Min, Total Backward Packets, Avg Fwd Segment Size, and others. Several ML algorithms, involving Logistic Regression, Decision Tree, Random Forest, Gradient Boosting, and Cat-Boost, are applied to develop models for detecting and mitigating abnormal network traffic. The developed ML model demonstrates high performance, achieving 99.78% accuracy with Decision Tree and 99.85% with Random Forest, representing improvements of 1.53% and 0.74% compared to previous work, respectively. In addition, the Decision Tree algorithm achieved 99.85% accuracy for mitigation. with an inference time as low as 0.004 s, proving its suitability for identifying DDoS attacks in real time. Overall, this research presents an effective approach for DDoS detection, emphasizing the integration of ML models into existing security systems to enhance real-time threat mitigation.<\/jats:p>","DOI":"10.3390\/computers14110472","type":"journal-article","created":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T17:32:01Z","timestamp":1762191121000},"page":"472","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":2,"title":["Feature-Optimized Machine Learning Approaches for Enhanced DDoS Attack Detection and Mitigation"],"prefix":"10.3390","volume":"14","author":[{"given":"Ahmed Jamal","family":"Ibrahim","sequence":"first","affiliation":[{"name":"Department of Electrical Engineering and Infocommunications, Sz\u00e9chenyi Istv\u00e1n University, 9026 Gy\u0151r, Hungary"},{"name":"Technical Engineering College of Al-Najaf, Al-Furat Al-Awsat Technical University (ATU), Najaf 540011, Iraq"}]},{"given":"S\u00e1ndor R.","family":"R\u00e9p\u00e1s","sequence":"additional","affiliation":[{"name":"Department of Electrical Engineering and Infocommunications, Sz\u00e9chenyi Istv\u00e1n University, 9026 Gy\u0151r, Hungary"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7648-7474","authenticated-orcid":false,"given":"Nurullah","family":"Bekta\u015f","sequence":"additional","affiliation":[{"name":"Department of Structural Engineering and Geotechnics, Sz\u00e9chenyi Istv\u00e1n University, 9026 Gy\u0151r, Hungary"}]}],"member":"1968","published-online":{"date-parts":[[2025,11,1]]},"reference":[{"key":"ref_1","first-page":"24","article-title":"DDoS Detection using Machine Learning Techniques","volume":"4","author":"Amrish","year":"2022","journal-title":"J. IoT Soc. Mob. Anal. Cloud"},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"689","DOI":"10.1007\/s11277-011-0280-0","article-title":"Application Oriented Multi Criteria Optimization in WSNs Using on AHP","volume":"65","author":"Karaca","year":"2012","journal-title":"Wirel. Pers. Commun."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"e4150","DOI":"10.1002\/ett.4150","article-title":"Network intrusion detection system: A systematic study of machine learning and deep learning approaches","volume":"32","author":"Ahmad","year":"2021","journal-title":"Trans. Emerg. Telecommun. Technol."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"106432","DOI":"10.1016\/j.engappai.2023.106432","article-title":"Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks","volume":"123","author":"Bhayo","year":"2023","journal-title":"Eng. Appl. Artif. Intell."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"e247","DOI":"10.1002\/itl2.247","article-title":"COVID-19 pandemic cybersecurity issues","volume":"4","author":"Pranggono","year":"2021","journal-title":"Internet Technol. Lett."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"13039","DOI":"10.1007\/s00500-021-06608-1","article-title":"Deep learning approaches for detecting DDoS attacks: A systematic review","volume":"27","author":"Mittal","year":"2023","journal-title":"Soft Comput."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Saluja, K., Bagchi, S., Solanki, V., Khan, M.N.A., Dhamija, E., and Debnath, S.K. (2024, January 22\u201324). Exploring Robust DDoS Detection: A Machine Learning Analysis with the CICDDoS2019 Dataset. Proceedings of the 2024 IEEE 5th India Council International Subsections Conference (INDISCON), Chandigarh, India.","DOI":"10.1109\/INDISCON62179.2024.10744272"},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"70850","DOI":"10.1109\/ACCESS.2022.3188311","article-title":"Toward Software-Defined Networking-Based IoT Frameworks: A Systematic Literature Review, Taxonomy, Open Challenges and Prospects","volume":"10","author":"Siddiqui","year":"2022","journal-title":"IEEE Access"},{"key":"ref_9","doi-asserted-by":"crossref","first-page":"7156420","DOI":"10.1155\/2021\/7156420","article-title":"Genetic CFL: Hyperparameter Optimization in Clustered Federated Learning","volume":"2021","author":"Agrawal","year":"2021","journal-title":"Comput. Intell. Neurosci."},{"key":"ref_10","doi-asserted-by":"crossref","unstructured":"Prima, F., Dylan, L., and Gunawan, A.A.S. (2023, January 6\u20137). Comparison of Machine Learning Models for Classification of DDoS Attacks. Proceedings of the 2023 5th International Conference on Cybernetics and Intelligent System (ICORIS), Pangkapinang, Indonesia.","DOI":"10.1109\/ICORIS60118.2023.10352232"},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Parfenov, D., Kuznetsova, L., Yanishevskaya, N., Bolodurina, I., Zhigalov, A., and Legashev, L. (2020, January 25\u201326). Research Application of Ensemble Machine Learning Methods to the Problem of Multiclass Classification of DDoS Attacks Identification. Proceedings of the 2020 International Conference Engineering and Telecommunication (En&T), Dolgoprudny, Russia.","DOI":"10.1109\/EnT50437.2020.9431255"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"21443","DOI":"10.1109\/ACCESS.2022.3152577","article-title":"A Machine Learning-Based Classification and Prediction Technique for DDoS Attacks","volume":"10","author":"Mohmand","year":"2022","journal-title":"IEEE Access"},{"key":"ref_13","unstructured":"Nagpal, B., Sharma, P., Chauhan, N., and Panesar, A. (2015, January 11\u201313). DDoS tools: Classification, analysis and comparison. Proceedings of the 2015 2nd International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi, India. Available online: https:\/\/ieeexplore.ieee.org\/document\/7100270."},{"key":"ref_14","doi-asserted-by":"crossref","first-page":"10834","DOI":"10.1109\/ACCESS.2024.3352281","article-title":"An Effective Classification of DDoS Attacks in a Distributed Network by Adopting Hierarchical Machine Learning and Hyperparameters Optimization Techniques","volume":"12","author":"Dasari","year":"2024","journal-title":"IEEE Access"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"17","DOI":"10.1186\/s40537-023-00692-w","article-title":"Performance evaluation of deep learning techniques for DoS attacks detection in wireless sensor network","volume":"10","author":"Salmi","year":"2023","journal-title":"J. Big Data"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Chovanec, M., Hasin, M., Havrilla, M., and Chovancov\u00e1, E. (2023). Detection of HTTP DDoS Attacks Using NFStream and TensorFlow. Appl. Sci., 13.","DOI":"10.3390\/app13116671"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Mishra, A., Gupta, B.B., Perakovic, D., Penalvo, F.J.G., and Hsu, C.-H. (2021, January 10\u201312). Classification Based Machine Learning for Detection of DDoS attack in Cloud Computing. Proceedings of the 2021 IEEE International Conference on Consumer Electronics (ICCE), Las Vegas, NV, USA.","DOI":"10.1109\/ICCE50685.2021.9427665"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"161908","DOI":"10.1109\/ACCESS.2020.3021435","article-title":"A New Framework for DDoS Attack Detection and Defense in SDN Environment","volume":"8","author":"Tan","year":"2020","journal-title":"IEEE Access"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"122495","DOI":"10.1109\/ACCESS.2021.3109490","article-title":"Detection and Classification of DDoS Flooding Attacks on Software-Defined Networks: A Case Study for the Application of Machine Learning","volume":"9","author":"Sangodoyin","year":"2021","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","unstructured":"Peng, S., Tian, J., Zheng, X., Chen, S., and Shu, Z. (2025). DDoS Defense Strategy Based on Blockchain and Unsupervised Learning Techniques in SDN. Future Internet, 17.","DOI":"10.3390\/fi17080367"},{"key":"ref_21","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1016\/j.ejcon.2021.07.001","article-title":"Adaptive tuning of network traffic policing mechanisms for DDoS attack mitigation systems","volume":"61","author":"Karpowicz","year":"2021","journal-title":"Eur. J. Control"},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1016\/j.dt.2022.10.006","article-title":"IQR-based approach for DDoS detection and mitigation in SDN","volume":"25","author":"Swami","year":"2023","journal-title":"Def. Technol."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"51630","DOI":"10.1109\/ACCESS.2024.3384398","article-title":"Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model","volume":"12","author":"Alashhab","year":"2024","journal-title":"IEEE Access"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Hamarshe, A., Ashqar, H.I., and Hamarsheh, M. (2023). Detection of DDoS Attacks in Software Defined Networking Using Machine Learning Models. arXiv.","DOI":"10.1007\/978-3-031-33743-7_51"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Elsayed, M.S., Le-Khac, N.-A., Dev, S., and Jurcut, A.D. (2020). DDoSNet: A Deep-Learning Model for Detecting Network Attacks. arXiv.","DOI":"10.1109\/WoWMoM49955.2020.00072"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"58689","DOI":"10.1007\/s11042-023-17724-5","article-title":"Efficient hybrid optimization based feature selection and classification on high dimensional dataset","volume":"83","author":"Khan","year":"2023","journal-title":"Multimed. Tools Appl."},{"key":"ref_27","unstructured":"(2024, October 26). NSF NHERI DesignSafe|DesignSafe-CI. Available online: https:\/\/www.designsafe-ci.org\/."},{"key":"ref_28","unstructured":"(2024, October 25). DDoS 2019|Datasets|Research|Canadian Institute for Cybersecurity|UNB. Available online: https:\/\/www.unb.ca\/cic\/datasets\/ddos-2019.html."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"8658","DOI":"10.1109\/JIOT.2023.3245153","article-title":"Feature Engineering and Machine Learning Framework for DDoS Attack Detection in the Standardized Internet of Things","volume":"10","author":"Kamaldeep","year":"2023","journal-title":"IEEE Internet Things J."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Raju, V.N.G., Lakshmi, K.P., Jain, V.M., Kalidindi, A., and Padma, V. (2020, January 20\u201322). Study the Influence of Normalization\/Transformation process on the Accuracy of Supervised Classification. Proceedings of the 2020 Third International Conference on Smart Systems and Inventive Technology (ICSSIT), Tirunelveli, India.","DOI":"10.1109\/ICSSIT48917.2020.9214160"},{"key":"ref_31","doi-asserted-by":"crossref","first-page":"103294","DOI":"10.1016\/j.jnca.2021.103294","article-title":"On the scalability of Big Data Cyber Security Analytics systems","volume":"198","author":"Ullah","year":"2022","journal-title":"J. Netw. Comput. Appl."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Medar, R., Rajpurohit, V.S., and Rashmi, B. (2017, January 7\u201318). Impact of Training and Testing Data Splits on Accuracy of Time Series Forecasting in Machine Learning. Proceedings of the 2017 International Conference on Computing, Communication, Control and Automation (ICCUBEA), Pune, India.","DOI":"10.1109\/ICCUBEA.2017.8463779"},{"key":"ref_33","doi-asserted-by":"crossref","unstructured":"Zou, X., Hu, Y., Tian, Z., and Shen, K. (2019, January 19\u201320). Logistic Regression Model Optimization and Case Analysis. Proceedings of the 2019 IEEE 7th International Conference on Computer Science and Network Technology (ICCSNT), Dalian, China.","DOI":"10.1109\/ICCSNT47585.2019.8962457"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"e19","DOI":"10.2196\/medinform.8805","article-title":"Secure Logistic Regression Based on Homomorphic Encryption: Design and Evaluation","volume":"6","author":"Kim","year":"2018","journal-title":"JMIR Med. Inform."},{"key":"ref_35","unstructured":"Iwendi, C., Boulouard, Z., and Kryvinska, N. (2023). DDoS Attack Prediction Using Decision Tree and Random Forest Algorithms. Proceedings of ICACTCE\u201923\u2014The International Conference on Advances in Communication Technology and Computer Engineering, Bolton, UK, 24\u201325 February 2023, Springer Nature."},{"key":"ref_36","unstructured":"Breiman, L. (2025, January 01). Random Forest. Available online: https:\/\/www.stat.berkeley.edu\/~breiman\/randomforest2001.pdf."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Sharma, P., Singh, P., and Kumar, C.N.S.V. (2024, January 4\u20135). Web Guardian: Harnessing Web Mining to Combat Online Terrorism. Proceedings of the 2024 International Conference on Signal Processing, Computation, Electronics, Power and Telecommunication (IConSCEPT), Karaikal, India.","DOI":"10.1109\/IConSCEPT61884.2024.10627856"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Hajjouz, A., and Avksentieva, E. (2024, January 12\u201314). Evaluating the Effectiveness of the CatBoost Classifier in Distinguishing Benign Traffic, FTP BruteForce and SSH BruteForce Traffic. Proceedings of the 2024 9th International Conference on Signal and Image Processing (ICSIP), Nanjing, China.","DOI":"10.1109\/ICSIP61881.2024.10671552"},{"key":"ref_39","first-page":"571","article-title":"Machine Learning for Improved Threat Detection: LightGBM vs. CatBoost","volume":"7","author":"Saleem","year":"2024","journal-title":"J. Comput. Biomed. Inform. Jun"},{"key":"ref_40","doi-asserted-by":"crossref","first-page":"3200","DOI":"10.1109\/JSTARS.2021.3063507","article-title":"GPU-Accelerated CatBoost-Forest for Hyperspectral Image Classification Via Parallelized mRMR Ensemble Subspace Feature Selection","volume":"14","author":"Samat","year":"2021","journal-title":"IEEE J. Sel. Top. Appl. Earth Obs. Remote Sens."},{"key":"ref_41","doi-asserted-by":"crossref","unstructured":"Ramzan, M., Shoaib, M., Altaf, A., Arshad, S., Iqbal, F., Castilla, \u00c1.K., and Ashraf, I. (2023). Distributed Denial of Service Attack Detection in Network Traffic Using Deep Learning Algorithm. Sensors, 23.","DOI":"10.3390\/s23208642"},{"key":"ref_42","doi-asserted-by":"crossref","unstructured":"Chaira, M., Belhenniche, A., and Chertovskih, R. (2025). Enhancing DDoS Attacks Mitigation Using Machine Learning and Blockchain-Based Mobile Edge Computing in IoT. Computation, 13.","DOI":"10.3390\/computation13070158"},{"key":"ref_43","doi-asserted-by":"crossref","first-page":"333","DOI":"10.3390\/telecom5020017","article-title":"Feature-Selection-Based DDoS Attack Detection Using AI Algorithms","volume":"5","author":"Raza","year":"2024","journal-title":"Telecom"},{"key":"ref_44","doi-asserted-by":"crossref","unstructured":"Chu, T.S., Si, W., Simoff, S., and Nguyen, Q.V. (2022, January 19\u201322). A Machine Learning Classification Model Using Random Forest for Detecting DDoS Attacks. Proceedings of the 2022 International Symposium on Networks, Computers and Communications (ISNCC), Shenzhen, China.","DOI":"10.1109\/ISNCC55209.2022.9851797"}],"container-title":["Computers"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/11\/472\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,11,3]],"date-time":"2025-11-03T17:46:59Z","timestamp":1762192019000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-431X\/14\/11\/472"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,11,1]]},"references-count":44,"journal-issue":{"issue":"11","published-online":{"date-parts":[[2025,11]]}},"alternative-id":["computers14110472"],"URL":"https:\/\/doi.org\/10.3390\/computers14110472","relation":{},"ISSN":["2073-431X"],"issn-type":[{"value":"2073-431X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,11,1]]}}}