A hybrid machine learning model with improved feature set for DDoS attack detection under bigdata perspective

The rapid expansion of internet-connected devices and the surge in digital data generation have
significantly increased the risk and complexity of Distributed Denial of Service (DDoS) attacks, posing
critical cybersecurity challenges. Traditional detection systems struggle to effectively analyze large-
scale, high-dimensional network data while maintaining accuracy and robustness. This research
addresses this gap by proposing a novel hybrid machine learning model tailored for DDoS attack
detection under the big data paradigm. The primary objective is to enhance detection accuracy,
scalability, and robustness against outliers through an improved feature engineering and classification
approach. The methodology incorporates a robust normalization process combining Median Absolute
Deviation (MAD) and quantile-based Tanh estimation to ensure data consistency and resilience to
anomalies. To manage large-scale data efficiently, the system leverages the MapReduce framework for
parallel processing, enabling scalable feature extraction that includes improved entropy-based metrics
and statistical descriptors. A hybrid classification model is developed by integrating an Improved
Support Vector Machine (ISVM) with Neural Networks, utilizing a novel Weighted Exponential Inverse
Laplacian kernel to capture complex nonlinear interactions. The proposed ISVM+NN hybrid model
achieves the highest detection accuracy of 0.927, significantly outperforming traditional methods such
as SVM (0.877), NN (0.858), and others in effectively identifying DDoS attacks