A REVIEW OF MACHINE LEARNING AND FEATURE SELECTION TECHNIQUES FOR CYBERSECURITY ATTACK DETECTION WITH A FOCUS ON DDOS ATTACKS

Abstract

This study provides a systematic review of machine learning (ML) techniques applied in intrusion detection systems (IDS), with a particular focus on Random Forest (RF), Support Vector Machine (SVM), and Decision Tree (DT). Following the PRISMA guidelines, a comprehensive search of relevant databases identified 205 articles, from which 68 were selected for detailed analysis. The findings highlight that RF consistently outperforms other models, achieving accuracy rates as high as 99.72% in detecting Distributed Denial of Service (DDoS) attacks due to its ensemble learning approach. SVM, while effective in specific scenarios with binary classification tasks, struggles with scalability and high-dimensional datasets, though feature selection significantly improves its performance. DT models, known for their simplicity and interpretability, are prone to overfitting, but this issue is mitigated when combined with feature selection techniques. The study further emphasizes the importance of feature selection in enhancing IDS accuracy and efficiency across various models. Additionally, ensemble and hybrid methods, which combine multiple ML techniques, offer promising improvements in detection accuracy and real-time performance. These findings underscore the potential of machine learning, particularly through the use of ensemble and hybrid approaches, to significantly improve cybersecurity measures in modern networks.