Random Forest Classifier Evaluation in DDoS Detection System for Cyber Defence Preparation

Cyberattack has become common problems in network security. One of the common techniques of the attack is Distributed Denial of Service (DDoS). A DDoS attack happens when the attacker is sending a huge amount of network requests to the connected host from many different sources. The attack can cause the network service disrupted and cannot be used due to overwhelmed machine that tried to serve the request from many sources. The impact of the attack can cause the network to be unavailable and can lead to user dissatisfaction. Therefore, the detection of DDoS is needed for maintaining the influx of network services and preventing the flooding of unwanted traffic to the host. The detection technique of a DDoS attack must distinguish between legitimate traffic and botnet traffic. The technique used for detecting the traffic that causes DDoS attacks will be using a machine learning algorithm. One of the implemented algorithms is the Random Forest technique. This study is focusing on evaluating the Random Forest implementation as the network classifier. The result of this study is determining the effectiveness and accuracy of the Random Forest Classifier. This algorithm also is compared with other algorithms. The evaluation has resulted in Random Forest Algorithm having better performance based on the variable that is related to accuracy and processing time than other compared algorithms, with a tight difference from the J48 algorithm. This study is contributing to the enhancement of machine learning implementation on DDoS attack detection and as part of cyber defense preparation for the stakeholders.