Background: Distributed Denial-of-Service (DDoS) attacks, particularly HTTP Flood Attacks, pose a severe threat to the availability and performance of web-based services. These attacks exploit HTTP methods to flood servers, often producing traffic patterns that differ from normal user behavior. As attack patterns evolve, there is an increasing need for intelligent and adaptable detection techniques that not only identify threats accurately but also provide explainable insights into their decision-making processes.

Objectives: This thesis investigates the effectiveness of machine learning and deep learning models for detecting HTTP Flood Attacks. It also explores how explainable AI techniques can improve model interpretability and guide the selection of the most suitable models for real-time deployment.

Methods: The study evaluates seven supervised models: Logistic Regression, Support Vector Machine, Random Forest, k-Nearest Neighbors, LightGBM, Convolutional Neural Network, and Long Short-Term Memory. The CICIDS 2017 dataset was used to train and test the models. Performance was assessed using accuracy, precision, recall, and F1-score. SHAP (SHapley Additive Explanations) was applied to analyze the importance of input features and understand the models' prediction behavior.

Results: The k-Nearest Neighbors (KNN) model achieved the best overall performance with an F1-score of 0.977 and balanced precision and recall, demonstrating strong generalization and minimal misclassifications. LightGBM also performed competitively with high accuracy and computational efficiency. In contrast, deep learning models such as CNN and LSTM exhibited higher false positive rates due to over-reliance on a single feature. SHAP analysis highlighted that models with balanced feature importance distributions, such as KNN and LightGBM, were more interpretable and reliable.

Conclusions: Machine learning models, particularly KNN and LightGBM, offer effective solutions for detecting HTTP Flood Attacks, outperforming deep learning models in accuracy, explainability, and real-time feasibility. Explainable AI plays a vital role in building trust, reducing false positives, and enhancing the transparency of detection systems. Future work should focus on live deployment, adaptive learning mechanisms, and the development of automated response strategies.