Go to OpenReview Public Article ORCID homepageReal-Time DDoS Detection Using a Docker-Based Machine Learning Testbed
Abstract: Despite the widespread adoption of machine learning models for distributed denial of service (DDoS) attack detection, researchers face significant barriers in evaluating these models under real-time conditions due to platform specific and complex testbed configurations. Existing works continue to rely on dataset-driven validation, masking critical model performance limitations. To address these gaps, we introduce an open-source, cross-platform Docker testbed for simulating DDoS attack scenarios. Our framework runs seamlessly across Windows, Linux, and macOS on both ARM and x86 architectures. Through testing six pre-trained models in a 10-min DDoS attack simulation, we demonstrate how models performing well on static dataset evaluation (93% accuracy) significantly degrade in real-time environments (\(\le \)80% accuracy). Our findings provide empirical evidence for the limitations of dataset-based validation while offering researchers an accessible platform for robust model assessment.
External IDs:doi:10.1007/978-3-032-09694-4_24
Loading