A New Framework Enhancing, Evaluation, and Benchmarking for Cybersecurity DDoS Attack Detection Models Through the Integration of BWM and VIKOR Methods

The proposed work aims to develop a DDoS attack detection model that targets web servers by selecting the appropriate classifier based on several criteria and enhancing the accuracy. The detection system has been constructed using machine-learning algorithms to train and test the CIC-DDoS2019 dataset, and it is integrated with a stacked classifier to enhance accuracy. The classifiers depend on multiple criteria. For that, we employed the BWM to calculate the criteria weights and VIKOR to rank the classifiers, which are part of the MCDM methods. We consulted three experts to establish weights for the categories. Also, we utilized two methods to verify the results: objective validation and sensitivity analysis. BWM and VIKOR have effectively selected the most suitable classifier based on multiple criteria, making them one of the most appropriate choices. The BWM method achieved the highest weight of 0.2436 for the time criterion and 0.2302 for the accuracy criterion. VIKOR methods demonstrated that the SVM classifier proved more efficient and superior to other classifiers. It achieved 99.32% accuracy and a processing time of 9 seconds, making it suitable for use on high-priority websites, such as e-commerce platforms or state security websites. The stacked classifier can be applied to other projects where the time criterion is less critical, achieving a 99.57% accuracy enhancement in 143 seconds. Objective validation and sensitivity analysis confirmed the validity of the results, demonstrating that all scenarios consistently ranked the SVM as the highest among all classifiers, highlighting this classifier's remarkable ability to balance the criteria.