<![CDATA[The aim of this study is to detect Distributed Denial of Service (DDoS) attacks in Software Defined Networking (SDN) environments using the XGBoost algorithm and the RAMOBoost balancing technique to address the issue of data imbalance. SDN offers flexibility in network management but remains vulnerable to DDoS attacks. The dataset used in this research consists of two classes (normal and attack) with an imbalanced distribution. XGBoost was chosen for its ability to deliver accurate predictions, while RAMOBoost was employed to enhance data representation for the minority class. The results show that before balancing, the model achieved 100% precision for the majority class and 96% precision for the minority class, with recall values of 97% and 100%, respectively. After applying RAMOBoost, precision and recall became more balanced, ranging between 97%–99%, while maintaining a high overall accuracy of 98%. Grouped Feature Importance analysis revealed that randomizing important features reduced accuracy from 97.88% to 49.78%, whereas randomizing unimportant features only slightly decreased accuracy to 97.82%. The main contribution of this study lies in the combined application of RAMOBoost and XGBoost, which proved effective in improving classification performance on imbalanced datasets, and in emphasizing the critical role of feature selection in maintaining model stability. These findings provide valuable insights for network administrators in developing effective attack detection systems for SDN environments.]]>
