Development of a Machine Learning-Based Framework for Real-Time Detection and Mitigation of Distributed Denial of Service Attacks

Distributed Denial-of-Service (DDoS) attacks continue to pose a significant threat to digital infrastructures, often resulting in degraded service availability and financial losses. Traditional detection systems, which depend on static rule sets, struggle to adapt to evolving traffic patterns, leading to increased false positives and undetected attacks. This paper presents a real-time, machine learning-based framework for DDoS detection and mitigation. The framework incorporates supervised learning algorithms, including Random Forest, XGBoost, and Multi-Layer Perceptron (MLP), trained on the CIC-DDoS2019 dataset using carefully selected network traffic features to enhance detection accuracy. The system architecture integrates Scapy for traffic capture, Apache Kafka for message queuing, and Flask with Plotly for dynamic monitoring. Evaluation results demonstrate superior performance compared to legacy methods across precision, recall, F1-score, false positive rate (FPR), and false negative rate (FNR). Additionally, adaptive models such as Passive-Aggressive and Stochastic Gradient Descent (SGD) enhance robustness against evolving attack vectors. The proposed solution delivers an effective and scalable real-time defense mechanism suitable for banking, cloud, and enterprise systems. However, the system’s performance remains influenced by the characteristics of the training dataset and may introduce computational overhead during high-throughput traffic analysis. Future work will explore improved computational efficiency and responsiveness to rare or emerging DDoS patterns.