Abstract—With the increased usage of internet-enabled devices in the contemporary networked world, vulnerability to security attacks has significantly widened. Distributed Denial of Service (DDoS) attacks are particularly critical, as they impact service availability and diminish valuable computing and internet resources. The study aims to enhance fine-grained DDoS identification by evaluating and comparing the performance of machine learning algorithms over Software-Defined Networks (SDNs), to improve accuracy and reduce false positives. We assessed machine learning algorithms, namely Extreme Gradient Boosting (XGBoost), Random Forest (RF), Naive Bayes (NB), and the Hidden Markov Model (HMM), against the labelled DDoS datasets, the LR-HR DDoS 2024 and InSDN. We employed a vaccine-based binary wolf grey optimization feature selection approach to rank data attributes by their respective levels of importance. The measures employed for the purpose included time delay, accuracy, false positive rate, and true positive rate. From the models compared, XGBoost showed the most effective detection, with the best accuracy and reduced false positive instances, especially when employed with an enhanced vaccine-based feature selection. Experimental results confirm that XGBoost, especially when combined with vaccine-based Binary Grey Wolf Optimization (BGWO) feature selection, gives a highly effective solution for detecting DDoS attacks in a Software Defined Network environment.
 
Keywords—distributed denial of service, software defined networks, cybersecurity, machine learning


Copyright © 2026 by the authors. This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited (CC BY 4.0).