Performance Comparison of Random Tree, K-NN, and A-NN Algorithms for DDoS Attack Detection on Software Defined Network (SDN)

Abstract

Software-Defined Networks (SDNs) with a centralized architecture are vulnerable to Distributed Denial of Service (DDoS) attacks, which can cause widespread network service failures. This study aims to compare the performance of three Machine Learning algorithms—K-Nearest Neighbor (K-NN), Artificial Neural Network (ANN), and Random Tree—in detecting DDoS attacks in an SDN environment. The DDoS-SDN dataset, consisting of 104,345 rows and 23 columns, was used with a data split of 70% for training and 30% for testing. Evaluation was conducted using accuracy, precision, recall, F1-score, and AUC-ROC metrics. The results showed that ANN achieved the best performance with an accuracy of 96.85%, precision of 94.35%, recall of 97.79%, F1-score of 96.04%, and AUC of 0.994, followed by K-NN with an accuracy of 88.89% and Random Tree with the lowest accuracy of 86.49%. The superiority of ANN is attributed to its ability to capture complex non-linear patterns, perform automatic feature extraction, and adapt to the heterogeneity of data from the 22 features used. These findings indicate that ANN is the optimal choice for implementing a real-time DDoS attack detection system in an SDN environment, providing a strong foundation for the development of intelligent and adaptive Machine Learning-based network security systems