Skip to main content

Defending against DDoS attacks

Built a robust IDS model using Random Forest to detect and classify Distributed Denial-of-Service (DDoS) attacks. Trained on the CIC-IDS-2017 dataset, this project showcases efficient feature engineering and real-time threat prediction capabilities.

Visit Github
  • Python
  • Google CO-Lab
  • CIC-IDS 2017
  • Random Forest Classifier Model
The RFIDS app interface, showing the main page with network traffic data.

Overview

This project focuses on creating an Intrusion Detection System (IDS) using the Random Forest algorithm to detect and classify Distributed Denial-of-Service (DDoS) attacks. Built using Python and developed in Google Colab, the system analyzes network traffic data from the CIC-IDS-2017 dataset.

It processes over a million records, cleans and selects relevant features, and trains a robust model capable of real-time detection with high accuracy.

The RFIDS app interface, showing the content page with detailed network traffic analysis.
The RFIDS app interface, showing the content page with detailed network traffic analysis.

Improving the Security Posture

This project improves the network security landscape by enabling faster and more reliable detection of abnormal traffic patterns. It automates the identification of DDoS threats and reduces human effort in threat monitoring. The system can be integrated into IoV and IoT environments where lightweight, high-accuracy models are essential.

The RFIDS app interface, showing the features page with model performance metrics and real-time detection capabilities.

Meaningful details

During this project, over one million rows of raw network flow data were carefully merged and preprocessed to create a clean dataset suitable for machine learning. Key steps included removing null values, handling outliers, encoding categorical features, and scaling numerical data. Feature selection techniques were applied to reduce dimensionality and retain only the most impactful attributes, improving both performance and interpretability. Exploratory Data Analysis (EDA) was conducted using heatmaps, correlation plots, and distribution graphs to better understand the data patterns and relationships. These steps not only improved model efficiency but also built a strong foundation for real-time intrusion detection workflows.

Project outcomes

The resulting Random Forest-based IDS model demonstrated impressive results, achieving over 99% accuracy in detecting and classifying DDoS attacks. The model also showed high precision and recall, making it suitable for real-world applications where false positives can be costly. Beyond the performance metrics, this project delivered a fully modular and reproducible pipeline — from raw data processing to model deployment — that can be adapted for other cybersecurity use cases. The experience gained also contributed to a deeper understanding of ensemble learning in the context of network security. This project has been officially copyrighted and is reserved for academic and research use, forming a solid base for future work in hybrid IDS systems.

Last result of the RFIDS project, showcasing the final model performance metrics and detection capabilities.