Machine Learning-Driven Cybersecurity Solutions for Enhanced Smart Grids and Critical Infrastructure: A Review

Abstract

Distributed Denial of Service (DDoS) attacks have emerged as one of the most pervasive and damaging threats to network security, disrupting services and incurring substantial financial costs. Machine learning (ML) has been widely explored as a potential solution to enhance DDoS detection and mitigation. This systematic review evaluates the effectiveness of ML techniques in detecting DDoS attacks, synthesizing findings from studies published between 2004 and 2024. The review analyzes models such as Random Forest, Support Vector Machines (SVM), and K-Nearest Neighbors (K-NN) based on key performance metrics like accuracy, precision, recall, and F1-score. A comprehensive search of multiple databases, including Web of Science, IEEE, Scopus, ScienceDirect, and Google Scholar, resulted in 19 studies that met inclusion criteria. The findings show that ensemble methods, particularly Random Forest, consistently outperformed other models in terms of detection rates, mainly due to their ability to handle large feature sets and reduce overfitting. Support Vector Machines also performed well in specific scenarios. However, their effectiveness was sometimes limited by computational complexity and the dataset size. K-Nearest Neighbors showed mixed results, depending on the nature of the attack patterns. This review emphasizes the potential of ensemble learning approaches for DDoS detection, demonstrating their robustness in dynamic environments. The review identifies key gaps in the existing research, including the need for better feature selection and exploring deep learning techniques to enhance DDoS detection accuracy and adaptability further. This study contributes valuable insights into the strengths and limitations of ML-based DDoS detection models, offering a foundation for future advancements in the field. It underscores the importance of continued research into hybrid and deep learning models to address the evolving and increasingly sophisticated nature of DDoS attacks in real-world applications.