Robust DDoS Detection in Software-Defined Networks: A Comparative Analysis of RBF-SVM and Gaussian Naïve Bayes with Feature Management Strategies

Abstract

Distributed Denial of Service (DDoS) attacks pose a serious risk to network reliability, particularly within Software-Defined Networking (SDN) architectures that rely on centralized control. This research analyzes the effectiveness of Gaussian Naïve Bayes (GNB) and Support Vector Machine (SVM) with a Radial Basis Function (RBF) kernel for identifying DDoS attacks using an SDN traffic dataset consisting of 104,345 flow records. Three different feature-handling strategies are explored: using the complete feature set without reduction, applying feature selection through SelectKBest, and performing dimensionality reduction with Principal Component Analysis (PCA). Model validation is carried out using Stratified K-Fold Cross-Validation with K values of 2, 5, and 10. Predictions obtained from each fold are merged into a single aggregated confusion matrix to compute evaluation metrics, including accuracy, precision, recall, and F1-score. Experimental results demonstrate that RBF-SVM without feature reduction delivers the highest detection performance, reaching an accuracy of up to 96.9%, while GNB provides lower accuracy but operates with greater computational efficiency. These findings indicate that an evaluation framework based on aggregated confusion matrices can provide more dependable performance estimates for DDoS detection systems deployed in SDN environments.