Strategic recommendations for enhancing DDoS defense mechanisms in cloud environments

As presented and motivated in the introduction of this project study, a DDoS detection system for a cloud environment aided by a machine learning modem technique was implemented and a comparative analysis modem was conducted. The CICFlowMeter was used to extract the new dataset to CSV format which includes obtaining the proper flow features for the model building. Furthermore, feature selection using person correlation coefficient improved the accuracy performance of the ML models training with Random Forest, Support Vector Machine, Decision Tree, and K-Nearest Neighbors achieving a rate of 100% accuracy, precision, recall and F1 score except for Naive Bayes with a 98% accuracy, 97% precision, 99% recall and 98% F1 score. Also, the open-source dataset performs very well with RF, DT and KNN achieving an accuracy of 100%, SVM 95% and NB 99%. Overall, the new dataset outperforms the open-source dataset with an accuracy score of 99.6% while the benchmark achieved 98.8%. Based on the results achieved, all the models selected, the new datasets and the open-source dataset used for this study are ideal models and datasets for intrusion detection.
The comprehensive study in Chapter 2 was conducted, where the fundamentals of an overview and the history of DDoS attacks, DDoS classification and attack tools. Discussion of some resources used to solve this type of problem. Summary of existing work, use of machine learning in this research and research gaps were further presented.
The implemented experimental setup was presented in Chapter 3, which included the system setup and supervised ML flow process used to solve this problem. The system set-up comprised of the initial set up of the systems which involved the generation of the attack using the slowloris tool and how benign traffic was generated. The next is the supervised ML flow process starting from how the raw data was generated, processed, trained, tested and validated using ML models. Finally, the results were evaluated.
In conclusion, theoretical, and mathematical performance analysis in Chapter 4 was presented. The outcome of the ML models was evaluated using tables and charts and documented in this section which includes results on performance metrics like accuracy, precision, recall, F1-score, and computation time. In addition, the confusion matrix and validation results were explained.
5.1 Recommendation for Future Work
Further numerous studies can arise from this project study, considering both the theoretical simulation and practical implementation. The practical implementation can be modified such that an automation system is implemented and evaluated as a holistic study. Furthermore, several types of mitigating DDoS attacks using machine learning can be introduced into the system.
In terms of theoretical and mathematical performance analysis, further parameters can be investigated and derived, such as different types of machine learning and real-time dataset will be investigated.