Exploring the Vulnerability of Implementing DDoS Detection Systems based on Random-Forest Classifiers and Open Datasets

DDoS attacks are threats to governments and IT industries as they can render important computing servers and networks inaccessible. Random forest classifiers are efficient and effective in detecting DDoS attacks when they are used with a large number of training samples to build up an accurate model. However, it is extremely difficult for IT professionals to construct a DDoS training dataset because a realistic DDoS attack scheme is characterized by a large swarm of geographically dispersed computers simultaneously flooding the victim server with superfluous requests. To overcome this difficulty, most of the existing DDoS-detection studies use open datasets to train their random-forest model. While the aforementioned methodology provides a convenient way to conduct academic research, it may not be safe in practice. Thus, we explored the vulnerability of implementing DDoS detection systems based on random-forest classifiers and open datasets. Using a publicly accessible machine-learning library named Scikit-learn and an open DDoS dataset named CIC-DDoS2019, we implemented random-forest-based DDoS detection for a security risk assessment.