DDoS Detection Framework Using Machine Learning Optimized by Bayesian and PSO Techniques

Authors

  • Posathip Sathaporn Department of Robotics and AI, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand https://orcid.org/0009-0008-0329-1276
  • Woranidtha Krungseanmuang Department of Biosystems and Agricultural Engineering, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand https://orcid.org/0009-0008-1601-5019
  • Vasutorn Chaowalittawin Department of Robotics and AI, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand https://orcid.org/0009-0006-1021-9438
  • Chawalit Benjangkaprasert Department of IoT and Information Engineering, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand https://orcid.org/0009-0006-5832-2450
  • Tuanjai Archevapanich Department of Electronics and Communication Engineering, Faculty of Engineering and Architecture. Rajamangala University of Technology Suvarnabhumi, Nonthaburi, 11000 Thailand https://orcid.org/0000-0001-5020-6697
  • Boonchana Purahong Department of IoT and Information Engineering, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand https://orcid.org/0009-0008-1172-1870

DOI:

https://doi.org/10.59796/jcst.V16N3.2026.204

Keywords:

DDoS detection framework, feature selection, hyperparameter optimization, machine learning, XGBoost

Abstract

This paper presents a distributed denial of service (DDoS) detection framework using machine learning techniques enhanced with hyperparameter optimization for network traffic classification and evaluated on the BCCC-cPacket-Cloud-DDoS-2024 dataset. The framework includes data preprocessing with normalization and class imbalance handling via the synthetic minority over-sampling technique. A critical contribution of this study is the rigorous analysis of the trade-off between detection accuracy and model complexity. Unlike arbitrary feature selection methods, we empirically determined the optimal feature set using information gain, identifying that the top 100 features represent the saturation point that balances high accuracy with minimal overhead. Model performance was further improved through hyperparameter optimization using particle swarm optimization and Bayesian algorithms. The extreme gradient boosting (XGBoost) model optimized using Bayesian optimization and the top 100 features achieved the highest performance, with an accuracy of 99.29% and an F1-score of 98.91%. As a result, the proposed framework improves detection performance while reducing model complexity by selecting an optimal feature set to improve model stability and efficiency.

Author Biographies

Woranidtha Krungseanmuang, Department of Biosystems and Agricultural Engineering, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand

WORANIDTHA KRUNGSEANMUANG received the D.Eng. degree in Robotic and Intelligent Systems from King Mongkut's Institute of Technology Ladkrabang (KMITL). in 2025. She is a co-founder and AI researcher of Egg E Egg, an AI egg detection machine developed by Consolutech Co., Ltd. from Thailand.

Her research focuses on deep learning, image processing, computer vision, and related applications in manufacturing and real-world business use cases. She has three years of professional experience at Consolutech, a Thai technology startup specializing in modern application development and AI cloud solutions for the agricultural sector. Most of her work emphasizes practical and deployable solutions. Her long-term goal is to expand knowledge through collaboration with industry and to share best practices for practical solutions with the broader community and students.

Vasutorn Chaowalittawin, Department of Robotics and AI, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand

VASUTORN CHAOWALITTAWIN received the D.Eng. degree in Robotic and Intelligent Systems from King Mongkut's Institute of Technology Ladkrabang (KMITL). in 2025. He is a founder and AI researcher of Egg E Egg, an AI  egg detection machine developed by Consolutech Co., Ltd. from Thailand.

With expertise in bridging business needs and IT solutions, he has experience translating complex requirements into actionable plans and has served as a key liaison between stakeholders and technical teams, including managing supply chain–related projects for an oil and gas company. His research and professional interests focus on leveraging artificial intelligence and modern application technologies to improve real-world business efficiency and reduce waste.

Chawalit Benjangkaprasert, Department of IoT and Information Engineering, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand

Chawalit Benjangkaprasert received his B.Ind.Tech. and M.Eng. degrees from King Mongkut's Institute of Technology Ladkrabang, Thailand in 1987 and 1990, respectively. In 2006, he received Doctor degree in engineering from Tokai University, Japan. Since 1987 he has been with King Mongkut’s Institute of Technology Ladkrabang, where he is now pensioner associate professor and adjunct professor in School of Engineering, King Mongkut’s Institute of Technology Ladkrabang. His current research interests are in signal processing, modern wireless communications and engineering applications of artificial intelligence.

Tuanjai Archevapanich, Department of Electronics and Communication Engineering, Faculty of Engineering and Architecture. Rajamangala University of Technology Suvarnabhumi, Nonthaburi, 11000 Thailand

TUANJAI ARCHEVAPANICH  received the D.Eng. degree in electrical engineering from King Mongkut's Institute of Technology Ladkrabang (KMITL). She is currently a Associate Professor with the department of Electronics and Communication Engineering, Rajamangala University of Technology Suvarnabhumi (RMUTSB).

 

Boonchana Purahong, Department of IoT and Information Engineering, School of Engineering, King Mongkut’s Institute of Technology Ladkrabang, Bangkok 10520, Thailand

BOONCHANA PURAHONG received the D.Eng. degree in electrical engineering from King Mongkut's Institute of Technology Ladkrabang (KMITL). in 2021. He is currently a Associate Professor with the department of IoT and Information Engineering, King Mongkut's Institute of Technology Ladkrabang (KMITL).

His areas of teaching are diverse, encompassing electrical engineering, information engineering, microcontrollers, IoT, AI, and other applications.  His laboratory, established 20 years ago and known as "Boonchana's Laboratory," specializes in applying image processing and controllers.

References

Ahmad, I., Imran, M., Qayyum, A., Ramzan, M. S., & Alassafi, M. O. (2023). An optimized hybrid deep intrusion detection model (HD-IDM) for enhancing network security. Mathematics, 11(21), Article 4501. https://doi.org/10.3390/math11214501

Al-Shareeda, M. A., Manickam, S., & Saare, M. A. (2023). DDoS attacks detection using machine learning and deep learning techniques: analysis and comparison. Bulletin of Electrical Engineering and Informatics, 12(2), 930-939. https://doi.org/10.11591/eei.v12i2.4466

Awan, M. J., Farooq, U., Babar, H. M. A., Yasin, A., Nobanee, H., Hussain, M., ... & Zain, A. M. (2021). Real-time DDoS attack detection system using big data approach. Sustainability, 13(19), Article 10743. https://doi.org/10.3390/su131910743

Becerra-Suarez, F. L., Fernández-Roman, I., & Forero, M. G. (2024). Improvement of distributed denial of service attack detection through machine learning and data processing. Mathematics, 12(9), Article 1294. https://doi.org/10.3390/math12091294

Bhattacharya, S., S, S. R. K., Maddikunta, P. K. R., Kaluri, R., Singh, S., Gadekallu, T. R., Alazab, M., & Tariq, U. (2020). A novel PCA-firefly based XGBoost classification model for intrusion detection in networks using GPU. Electronics, 9(2), Article 219. https://doi.org/10.3390/electronics9020219

Breiman, L. (2001). Random forests. Machine Learning, 45(1), 5-32. https://doi.org/10.1023/A:1010933404324

Breiman, L., Friedman, J., Olshen, R. A., & Stone, C. J. (2017). Classification and regression trees. New York, US: Chapman and Hall/CRC. https://doi.org/10.1201/9781315139470

Chawla, N. V., Bowyer, K. W., Hall, L. O., & Kegelmeyer, W. P. (2002). SMOTE: Synthetic minority over-sampling technique. Journal of Artificial Intelligence Research, 16, 321-357. https://doi.org/10.1613/jair.953

Chen, S. R., Chen, S. J., & Hsieh, W. B. (2025). Enhancing machine learning-based DDoS detection through hyperparameter optimization. Electronics, 14(16), Article 3319. https://doi.org/10.3390/electronics14163319

Chen, T., & Guestrin, C. (2016). Xgboost: A scalable tree boosting system [Conference presentation]. Proceedings of the 22nd ACM Sigkdd International Conference on Knowledge Discovery and Data Mining, New York, US. https://doi.org/10.1145/2939672.2939785

Cil, A. E., Yildiz, K., & Buldu, A. (2021). Detection of DDoS attacks with feed forward based deep neural network model. Expert Systems with Applications, 169, Article 114520. https://doi.org/10.1016/j.eswa.2020.114520

Cover, T., & Hart, P. (1967). Nearest neighbor pattern classification. IEEE Transactions on Information Theory, 13(1), 21-27. https://doi.org/10.1109/TIT.1967.1053964

Cox, D. R. (1958). The regression analysis of binary sequences. Journal of the Royal Statistical Society Series B: Statistical Methodology, 20(2), 215-232. https://doi.org/10.1111/j.2517-6161.1958.tb00292.x

Dasari, S., & Kaluri, R. (2024). An effective classification of DDoS attacks in a distributed network by adopting hierarchical machine learning and hyperparameters optimization techniques. IEEE Access, 12, 10834-10845. https://doi.org/10.1109/ACCESS.2024.3352281

Indrasiri, P. L., Lee, E., Rupapara, V., Rustam, F., & Ashraf, I. (2022). Malicious traffic detection in IoT and local networks using stacked ensemble classifier. Computers, Materials and Continua, 71(1), 489-515. https://doi.org/10.32604/cmc.2022.019636

Kennedy, J., & Eberhart, R. (1995). Particle swarm optimization [Conference presentation]. Proceedings of ICNN'95-International Conference on Neural Networks, Perth, WA, Australia. https://doi.org/10.1109/ICNN.1995.488968

Liu, Z., Wang, Y., Feng, F., Liu, Y., Li, Z., & Shan, Y. (2023). A DDoS detection method based on feature engineering and machine learning in software-defined networks. Sensors, 23(13), Article 6176. https://doi.org/10.3390/s23136176

Mohmand, M. I., Hussain, H., Khan, A. A., Ullah, U., Zakarya, M., Ahmed, A., ... & Haleem, M. (2022). A machine learning-based classification and prediction technique for DDoS attacks. IEEE Access, 10, 21443-21454. https://doi.org/10.1109/ACCESS.2022.3152577

Krishna, S. G., & Sahu, K. K. (2015). Normalization: A preprocessing stage. International Advanced Research Journal in Science, Engineering and Technology, 2(3), 20–22. https://doi.org/10.17148/IARJSET.2015.2305

Prokhorenkova, L., Gusev, G., Vorobev, A., Dorogush, A. V., & Gulin, A. (2018). CatBoost: Unbiased boosting with categorical features. Advances in Neural Information Processing Systems, 31. https://proceedings.neurips.cc/paper_files/paper/2018/file/14491b756b3a51daac41c24863285549-Paper.pdf

Rai, M., & Mandoria, H. L. (2019). Network Intrusion Detection: A comparative study using state-of-the-art machine learning methods [Conference presentation]. 2019 international conference on issues and challenges in intelligent computing techniques (ICICT). IEEE, Ghaziabad, India. https://doi.org/10.1109/ICICT46931.2019.8977679

Sadhwani, S., Manibalan, B., Muthalagu, R., & Pawar, P. (2023). A lightweight model for DDoS attack detection using machine learning techniques. Applied Sciences, 13(17), Article 9937. https://doi.org/10.3390/app13179937

Saghezchi, F. B., Mantas, G., Violas, M. A., de Oliveira Duarte, A. M., & Rodriguez, J. (2022). Machine learning for DDoS attack detection in industry 4.0 CPPSs. Electronics, 11(4), Article 602. https://doi.org/10.3390/electronics11040602

Saini, P. S., Behal, S., & Bhatia, S. (2020). Detection of DDoS attacks using machine learning algorithms [Conference presentation]. 2020 7th International Conference on Computing for Sustainable Global Development (INDIACom), IEEE, New Delhi, India. https://doi.org/10.23919/INDIACom49435.2020.9083716

Sanchez, O. R., Repetto, M., Carrega, A., & Bolla, R. (2021). Evaluating ML-based DDoS detection with grid search hyperparameter optimization [Conference presentation]. 2021 IEEE 7th International Conference on Network Softwarization (NetSoft), IEEE, Tokyo, Japan. https://doi.org/10.1109/NetSoft51509.2021.9492633

Santos, R., Souza, D., Santo, W., Ribeiro, A., & Moreno, E. (2020). Machine learning algorithms to detect DDoS attacks in SDN. Concurrency and Computation: Practice and Experience, 32(16), Article e5402. https://doi.org/10.1002/cpe.5402

Sathaporn, P., Krungseanmuang, W., Chaowalittawin, V., Benjangkaprasert, C., & Purahong, B. (2025). DDoS detection using a hybrid CNN–RNN model enhanced with multi-head attention for cloud infrastructure. Applied Sciences, 15(21), Article 11567. https://doi.org/10.3390/app152111567

Shafi, M., Lashkari, A. H., Rodriguez, V., & Nevo, R. (2024). Toward generating a new cloud-based distributed denial of service (DDoS) dataset and cloud intrusion traffic characterization. Information, 15(4), Article 195. https://doi.org/10.3390/info15040195

Sharafaldin, I., Lashkari, A. H., & Ghorbani, A. A. (2018). Toward generating a new intrusion detection dataset and intrusion traffic characterization [Conference presentation]. Proceedings of the 4th International Conference on Information Systems Security and Privacy (ICISSP), Madeira, Portugal. https://doi.org/10.5220/0006639801080116

Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy [Conference presentation]. 2019 international carnahan conference on security technology (ICCST), IEEE, Chennai, India. https://doi.org/10.1109/CCST.2019.8888419

Snoek, J., Larochelle, H., & Adams, R. P. (2012). Practical bayesian optimization of machine learning algorithms. Advances in Neural Information Processing Systems, 25. https://proceedings.neurips.cc/paper_files/paper/2012/hash/05311655a15b75fab86956663e1819cd-Abstract.html

Vinayakumar, R., Alazab, M., Soman, K. P., Poornachandran, P., Al-Nemrat, A., & Venkatraman, S. (2019). Deep learning approach for intelligent intrusion detection system. IEEE Access, 7, 41525-41550. https://doi.org/10.1109/ACCESS.2019.2895334

Yoachimik, O., & Pacheco, J. (2025). Hyper-volumetric DDoS attacks skyrocket: Cloudflare’s 2025 Q2 DDoS threat report. Retrieved from https://blog.cloudflare.com/ddos-threat-report-for-2025-q2/

Downloads

Published

2026-06-25

How to Cite

Sathaporn, P., Krungseanmuang, W., Chaowalittawin, V. ., Benjangkaprasert, C., Archevapanich, T., & Purahong, B. (2026). DDoS Detection Framework Using Machine Learning Optimized by Bayesian and PSO Techniques. Journal of Current Science and Technology, 16(3), 204. https://doi.org/10.59796/jcst.V16N3.2026.204

Issue

Vol. 16 No. 3 (2026): July-September

Section

Research Article

Categories

License

Copyright (c) 2026 Journal of Current Science and Technology

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.