Published Paper Details:

Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to service availability by overwhelming network and host resources with malicious traffic [1][7]. While machine learning based intrusion detection systems have demonstrated high classification accuracy on benchmark datasets, their direct deployment in operational environments is often limited by false positives, delayed reaction times, and the lack of explainable enforcement mechanisms [4][5]. This paper presents a hybrid DDoS detection and mitigation system that integrates machine learning based flow classification with active Linux firewall enforcement, supported by independent detection signals from an FPGA-based monitoring module. Network traffic is captured and aggregated into flows, from which engineered features are extracted and classified using a Random Forest model trained on CIC-DDoS2019 data. Instead of relying on a fixed decision threshold, confidence calibration is performed using precision recall analysis to optimize detection reliability under class imbalance [4]. To enhance robustness, ML outputs are combined with heuristic overrides based on packet volume and burst behavior, enabling rapid mitigation through dynamic iptables rule insertion. An FPGA-based SYN flood detector operates in parallel to provide deterministic, low-latency alerts that corroborate software-based detections and motivate hardware-assisted scalability [9][10]. The system further integrates Suricata as an IDS/IPS layer and Splunk for centralized logging and visualization, enabling cross-layer validation of attack events. Experimental results demonstrate consistent detection behavior across software and hardware signals, reduced false alarms, and timely mitigation, highlighting the effectiveness of hybrid, multi-layer DDoS defenses.