Mitigating Class Imbalance in DDoS Detection: The Impact of Random Over Sampling on Machine Learning Performance
DOI:
https://doi.org/10.26418/elkha.v17i2.95037Keywords:
Class balancing, DDoS detection, Machine learning, Random Over Sampling, ROSAbstract
Distributed Denial of Service (DDoS) attacks are a major cybersecurity threat, involving malicious traffic generated from numerous compromised sources to overwhelm and disable targeted services. Although machine learning (ML) has shown promise in detecting DDoS attacks through network traffic analysis, a key challenge remains: the class imbalance in datasets such as UNSW-NB15, where normal traffic significantly outweighs attack instances. This imbalance leads to biased predictions and degraded detection performance for minority attack classes. To address this issue, our study investigates the impact of Random Over Sampling (ROS), a simple yet effective balancing technique on improving detection accuracy in multi-class DDoS classification tasks. While prior works have primarily focused on ensemble algorithms or feature selection, our approach is distinct in emphasizing the effect of data balancing on macro evaluation metrics such as macro precision, macro recall, and macro F1-score. ROS was selected over more complex alternatives, such as SMOTE or ADASYN, due to its computational efficiency and ability to establish a performance baseline without introducing synthetic noise. We evaluate four machine learning algorithms: Decision Tree, Naïve Bayes, Random Forest, and XGBoost, using the UNSW-NB15 dataset. The results show that Decision Tree combined with ROS yields the highest improvement in macro F1-score, increasing by 36%. However, this improvement is accompanied by a moderate reduction in accuracy for certain algorithms. These findings highlight the critical role of class balancing in enhancing the reliability of DDoS detection models, especially in imbalanced multi-class scenarios.References
A. A. Alqarni, “Majority Vote-Based Ensemble Approach for Distributed Denial of Service Attack Detection in Cloud Computing,†JCSANDM, Mar. 2022.
M. A. Bouke, A. Abdullah, S. H. ALshatebi, M. T. Abdullah, and H. E. Atigh, “An intelligent DDoS attack detection tree-based model using Gini index feature selection method,†Microprocessors and Microsystems, vol. 98, p. 104823, Apr. 2023.
F. A. Rafrastara, G. F. Shidik, W. Ghozi, N. Rijati, and O. Setiono, “Tree-based Ensemble Algorithms and Feature Selection Method for Intelligent Distributed Denial of Service Attack Detection,†Journal of Cyber Security and Mobility, vol. 14, no. 1, pp. 1–24, Feb. 2025.
M. A. H. Azmi, C. F. M. Foozy, K. A. M. Sukri, N. A. Abdullah, I. R. A. Hamid, and H. Amnur, “Feature Selection Approach to Detect DDoS Attack Using Machine Learning Algorithms,†JOIV : International Journal on Informatics Visualization, vol. 5, no. 4, p. 395, Dec. 2021.
Adam Zukhruf, Bagus Fatkhurrozi, and Andriyatna Agung Kurniawan, “COMPARATIVE STUDY OF DISTRIBUTED DENIAL OF SERVICE (DDOS) ATTACK DETECTION IN COMPUTER NETWORKS,†J. Tek. Inform. (JUTIF), vol. 4, no. 5, pp. 1033–1039, Oct. 2023.
L. Zhou, Y. Zhu, T. Zong, and Y. Xiang, “A feature selection-based method for DDoS attack flow classification,†Future Generation Computer Systems, vol. 132, pp. 67–79, Jul. 2022.
S. Sadhwani, B. Manibalan, R. Muthalagu, and P. Pawar, “A Lightweight Model for DDoS Attack Detection Using Machine Learning Techniques,†Applied Sciences, vol. 13, no. 17, p. 9937, Sep. 2023.
Ismail et al., “A Machine Learning-Based Classification and Prediction Technique for DDoS Attacks,†IEEE Access, vol. 10, pp. 21443–21454, 2022.
J. Bhayo, S. A. Shah, S. Hameed, A. Ahmed, J. Nasir, and D. Draheim, “Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks,†Engineering Applications of Artificial Intelligence, vol. 123, p. 106432, Aug. 2023.
G. Karatas, O. Demir, and O. K. Sahingoz, “Increasing the Performance of Machine Learning-Based IDSs on an Imbalanced and Up-to-Date Dataset,†IEEE Access, vol. 8, pp. 32150–32162, 2020.
S. Bagui and K. Li, “Resampling imbalanced data for network intrusion detection datasets,†J Big Data, vol. 8, no. 1, p. 6, Dec. 2021.
J. Tanha, Y. Abdi, N. Samadi, N. Razzaghi, and M. Asadpour, “Boosting methods for multi-class imbalanced data classification: an experimental review,†J Big Data, vol. 7, no. 1, p. 70, Dec. 2020.
A. R. Gad, A. A. Nashat, and T. M. Barkat, “Intrusion Detection System Using Machine Learning for Vehicular Ad Hoc Networks Based on ToN-IoT Dataset,†IEEE Access, vol. 9, pp. 142206–142217, 2021.
H. Alqwifli, “Hybrid Intrusion Detection Model for Enhancing the Security and Reducing the Computational Cost,†IJCNIS, vol. 15, no. 2, p. 15, May 2023.
M. K. Dahouda and I. Joe, “A Deep-Learned Embedding Technique for Categorical Features Encoding,†IEEE Access, vol. 9, pp. 114381–114391, 2021.
C. Nkikabahizi, W. Cheruiyot, and A. Kibe, “Chaining Zscore and feature scaling methods to improve neural networks for classification,†Applied Soft Computing, vol. 123, p. 108908, Jul. 2022.
D. Protić et al., “Numerical Feature Selection and Hyperbolic Tangent Feature Scaling in Machine Learning-Based Detection of Anomalies in the Computer Network Behavior,†Electronics, vol. 12, no. 19, p. 4158, Oct. 2023.
D. Elreedy, A. F. Atiya, and F. Kamalov, “A theoretical distribution analysis of synthetic minority oversampling technique (SMOTE) for imbalanced learning,†Mach Learn, vol. 113, no. 7, pp. 4903–4923, Jul. 2024.
R. Mohammed, J. Rawashdeh, and M. Abdullah, “Machine Learning with Oversampling and Undersampling Techniques: Overview Study and Experimental Results,†in 2020 11th International Conference on Information and Communication Systems (ICICS), 2020, pp. 243–248.
L. Xavier and R. Thirunavukarasu, “A Distributed Tree-based Ensemble Learning Approach for Efficient Structure Prediction of Protein,†IJIES, vol. 10, no. 3, pp. 226–234, Jun. 2017.
R. Firmansyah, E. Utami, and E. Pramono, “Evaluation of Naive Bayes, Random Forest and Stochastic Gradient Boosting Algorithm on DDoS Attack Detection,†ICoSTEC, vol. 1, no. 1, pp. 92–97, Feb. 2022.
G. Stein, B. Chen, A. S. Wu, and K. A. Hua, “Decision tree classifier for network intrusion detection with GA-based feature selection,†in Proceedings of the 43rd Annual ACM Southeast Conference - Volume 2, in ACMSE ’05 vol 2. New York, NY, USA: Association for Computing Machinery, 2005, pp. 136–141.
I. S. Damanik, A. P. Windarto, A. Wanto, Poningsih, S. R. Andani, and W. Saputra, “Decision Tree Optimization in C4.5 Algorithm Using Genetic Algorithm,†J. Phys.: Conf. Ser., vol. 1255, no. 1, p. 012012, Aug. 2019.
B. Charbuty and A. Abdulazeez, “Classification Based on Decision Tree Algorithm for Machine Learning,†JASTT, vol. 2, no. 01, pp. 20–28, Mar. 2021.
M. Kumar, S. Singhal, S. Shekhar, B. Sharma, and G. Srivastava, “Optimized Stacking Ensemble Learning Model for Breast Cancer Detection and Classification Using Machine Learning,†Sustainability, vol. 14, no. 21, p. 13998, Oct. 2022.
M. Y. Khan, A. Qayoom, M. S. Nizami, M. S. Siddiqui, S. Wasi, and S. M. K.-R. Raazi, “Automated Prediction of Good Dictionary EXamples (GDEX): A Comprehensive Experiment with Distant Supervision, Machine Learning, and Word Embeddingâ€Based Deep Learning Techniques,†Complexity, vol. 2021, no. 1, p. 2553199, Jan. 2021.
J. Zheng, M. Wang, T. Yao, Y. Tang, and H. Liu, “Dynamic Mechanical Strength Prediction of BFRC Based on Stacking Ensemble Learning and Genetic Algorithm Optimization,†Buildings, vol. 13, no. 5, p. 1155, Apr. 2023.
F. A. Rafrastara et al., “Integrating Information Gain and Chi-Square for Enhanced Malware Detection Performance,†JICT, vol. 24, no. 1, pp. 80–104, Jan. 2025.
Downloads
Additional Files
Published
Issue
Section
License
Copyright (c) 2025 ELKHA : Jurnal Teknik Elektro

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.
1. Proposed Policy for Journals That Offer Open Access
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).
2. Proposed Policy for Journals That Offer Delayed Open Access
Authors who publish with this journal agree to the following terms:
- Authors retain copyright and grant the journal right of first publication, with the work [SPECIFY PERIOD OF TIME] after publication simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).