“Proposed Framework for DDoS Attack Detection Using Enhanced XGBoost”
was discussed on Sunday, August 31, 2025, at the postgraduate hall in the College of Computer Science and Information Technology.
Containers are a fundamental technology in cloud computing and microservices architectures, providing a lightweight and fast runtime environment compared to virtual machines (VMs). The increasing adoption of container technologies in cloud computing and enterprise applications has led to significant operational advantages, such as ease of deployment, scalability, and resource efficiency. However, this growing reliance on containers has also increased system exposure to sophisticated cyber threats, particularly Distributed Denial of Service (DDoS) attacks. These attacks can cause substantial financial losses, as well as long-term negative impacts on organizational reputation and customer trust.
Traditional intrusion detection systems face difficulties operating effectively in containerized environments due to their dynamic and ephemeral nature. Rapid changes in container operations, service communication patterns, and the use of a shared kernel pose significant challenges to detecting advanced and stealthy attacks.
To address these challenges, this thesis proposes an intelligent and efficient framework specifically designed for detecting DDoS attacks in containerized environments. The proposed model employs the XGBoost algorithm to achieve accurate classification of normal and malicious behavior, while enhancing its performance with the Harris Hawks Optimization (HHO) algorithm for effective feature selection and dimensionality reduction. This integration improves detection accuracy while reducing computational overhead.
A realistic test platform was developed using Docker, where data representing both normal operations and DDoS attacks was collected using advanced tools such as eBPF and hping3 to accurately simulate attack scenarios. eBPF plays a pivotal role in this context, enabling detailed and in-depth monitoring of container behavior at the kernel level, including process tracking, system calls, and network traffic, without impacting system performance. This approach ensures that training data is both accurate and reflective of real-world threats in containerized environments, thereby increasing the reliability of the model and supporting the development of practical and effective detection solutions.
The proposed model demonstrated an accuracy of 97.08% on the collected dataset and was further evaluated on the public NSL-KDD dataset to validate its generalization capability, achieving 98% accuracy. These results confirm the effectiveness of the proposed HHO-XGBoost framework in delivering fast, accurate, and scalable detection of DDoS attacks, thereby significantly strengthening the security of containerized environments.
The thesis was awarded a grade of Excellent, with best wishes for continued success to the student and her supervisor.
لا تعليق