DDoS ATTACK DETECTION SYSTEM

Olga Vasylenko; Andrii Korotun

doi:10.28925/2663-4023.2026.33.1155

Authors

Olga Vasylenko Zaporizhzhia Polytechnic National University https://orcid.org/0000-0001-6535-3462
Andrii Korotun aporizhzhia Polytechnic National University, G.V. Kurdyumov Institute for Metal Physics of the NAS of Ukraine https://orcid.org/0000-0003-4165-2788

DOI:

https://doi.org/10.28925/2663-4023.2026.33.1155

Keywords:

Artificial intelligence; Internet traffic analysis; Machine and Deep Learning algorithms; IDS/IPS; DDoS; Random Forest; Key metrics for evaluating algorithms

Abstract

The subject matter of this research is the comprehensive analysis and development of an automated network traffic classification system for Distributed Denial of Service (DDoS) attack detection. The study focuses on the transition from traditional signature-based protection paradigms, which are increasingly ineffective against modern, polymorphic, and high-intensity cyber threats –to anomaly-based detection systems powered by artificial intelligence (AI). The goal of the work is to identify effective artificial intelligence algorithms for network traffic analysis and to develop an applied software solution capable of detecting and automatically responding to DDoS attacks to ensure the security of modern information systems. The following tasks were solved in the article: an analysis of modern cyber threats and the limitations of traditional IDS/IPS systems was conducted, highlighting the necessity for adaptive AI-based solutions; a comparative study was performed based on quality metrics for machine learning and deep learning algorithms, specifically: Decision Trees, Random Forest, Support Vector Machines (SVM), and Multilayer Perceptrons (MLP); a program for DDoS attack detection was developed using Python libraries; practical recommendations were provided for the implementation, maintenance, and further improvement of the system within a real-world network infrastructure. The following methods used are: based on intelligent traffic analysis, including data preprocessing, feature engineering, and supervised learning. The methodology involves utilizing the modern CICIDS2017 dataset to establish behavioral baselines and evaluate model performance using key metrics such as Accuracy, Precision, Recall, and the F1-score. The following results were obtained: It was proven that despite the high accuracy of deep learning algorithms, particularly the MLP, their computational complexity and training time make them less suitable for responding to rapid and intense attacks. Instead, the Random Forest algorithm was identified as the optimal solution. The software developed based on this algorithm performs real-time binary traffic classification, visualizes and analyzes the obtained data, and allows for the integration of detection results into dynamic firewall rules. Conclusions: The results indicate that ensemble methods are promising for cybersecurity applications where high accuracy and response speed are critical; specifically, the Random Forest algorithm provides an ideal balance of speed and precision for DDoS detection. The integration of these results in the form of a methodology into the "F5 Cybersecurity and Information Protection" educational program at the Department of Information Security and Nanoelectronics of the National University "Zaporizhzhia Polytechnic" confirms the practical and academic relevance of the research.

Downloads

Download data is not yet available.

References

Mpekoa, N. (2024). An analysis of cybersecurity architectures. International Conference on Cyber Warfare and Security, 19(1), 200-207. https://doi.org/10.34190/iccws.19.1.2115

Kanimozhi, V., & Uppala, T. P. (2022). A comprehensive study of various machine learning algorithms for network intrusion detection using the CICIDS2017 dataset. International Journal of Computer Science and Network Security, 22(3), 115-122. https://doi.org/10.22937/IJCSNS.2022.22.3.15

Buczak, A. L., & Guven, E. (2016). A survey of data mining and machine learning methods for cybersecurity. IEEE Communications Surveys & Tutorials, 18(2), 1153-1176. https://doi.org/10.1109/COMST.2015.2494502

Ahmadi, M., Urunuela, G., Giacinto, G., Munoz-Gonzalez, L., & Lupu, E. C. (2020). Malware classification using binary image representations and deep learning. Journal of Information Security and Applications, 55, 102628. https://doi.org/10.1016/j.jisa.2020.102628

Deng, J. (2023). Email spam filtering methods: Comparison and analysis. Highlights in Science, Engineering and Technology, 38, 187-198. https://doi.org/10.54097/hset.v38i.5805

Clark, J. (n.d.). Researchers explore contrastive learning for malware detection. CrowdStrike. https://www.crowdstrike.com/en-us/blog/contrastive-learning-enhance-malware-threat-detection/

Darktrace. (n.d.). How does Darktrace detect threats? AI threat detection. https://www.darktrace.com/cyber-ai-glossary/darktrace-threat-detection

Zekri, M., El Sabagh, S., & Badawy, A. (2024). Evaluation of support vector machines and decision trees in classifying high-volume network traffic. Journal of Network and Computer Applications, 221, 89-104.

Hussain, F., Abbas, S. G., Shah, G. A., & Piran, M. J. (2025). Deep learning-based intrusion detection systems: A study on LSTM and GRU architectures for DDoS mitigation. IEEE Access, 13, 10234-10251. https://doi.org/10.1109/ACCESS.2020.3027937

Radoglou-Grammatikis, P. I., & Sarigiannidis, P. G. (2019). Securing the smart grid: A comprehensive compilation of intrusion detection and prevention systems. IEEE Access, 7, 46595-46620. https://doi.org/10.1109/access.2019.2909807

Chapman, C. (2016). Using Wireshark and TCP dump to visualize traffic in network performance and security (pp. 195-225). Elsevier. https://doi.org/10.1016/b978-0-12-803584-9.00007-x

Pras, R., Sadre, A., Sperotto, A., Fioreze, D., Hausheer, D., & Schönwälder, J. (2009). Using NetFlow/IPFIX for network management. Journal of Network and Systems Management, 17(4), 482-487. https://doi.org/10.1007/s10922-009-9138-0

Miryala, N. K. (2024). Cloud performance: A comparative study of AWS vs. Azure. International Journal of Computer Engineering and Technology, 15(2), 208-223.

Henderi. (2021). Comparison of min-max normalization and z-score normalization in the k-nearest neighbor (k-NN) algorithm. International Journal of Informatics and Information Systems, 4(1), 13-20. https://doi.org/10.47738/ijiis.v4i1.73

Meng, F., Fu, Y., Lou, F., & Chen, Z. (2017). An effective network attack detection method based on kernel PCA and LSTM-RNN. In 2017 International Conference on Computing Systems and Electronics and Control (ICCSEC) (pp. 396-400). IEEE. https://doi.org/10.1109/iccsec.2017.8447022

Kinasih, N. S., Handayani, A. N., Ardiansah, J. T., & Damanhuri, N. S. (2024). Comparative analysis of decision tree and random forest classifiers for structured data classification. Scientific Information Technology Letters, 5(2), 13-24. https://doi.org/10.31763/sitech.v5i2.1746

Osowski, S., Siwek, K., & Markiewicz, T. (2004). MLP and SVM networks: A comparative study. In Proceedings of the 6th Nordic Signal Processing Symposium (NORSIG 2004) (pp. 153-156).

Ferdiansyah, F. R., Nugraha, R. W., Sofian, R., Purwanto, H., Saepudin, D., & Andriansyah, E. (2024). Implementation of K-means and DBSCAN algorithms: A bibliometric review. In Advances in Engineering Research (pp. 192-202). Atlantis Press. https://doi.org/10.2991/978-94-6463-618-5_21

Shiri, F. M., Perumal, T., Mustapha, N., & Mohamed, R. (2024). A comprehensive overview and comparative analysis on deep learning models. Journal of Artificial Intelligence, 6(1), 301–360. https://doi.org/10.32604/jai.2024.054314

Rahman, M. S. (2024). Understanding accuracy metrics in machine learning models [Preprint]. ResearchGate. https://doi.org/10.13140/RG.2.2.16140.83841

Ward, D. M. (2015). Evaluation: From precision, recall and F-measure to ROC, informedness, markedness & correlation [Preprint]. ResearchGate.

Li, J. (2024). Area under the ROC curve has the most consistent evaluation for binary classification. PLOS ONE, 19(12), Article e0316019. https://doi.org/10.1371/journal.pone.0316019

Panigrahi, R., & Borah, S. (2018). A detailed analysis of CICIDS2017 dataset for designing intrusion detection systems [Preprint]. ResearchGate.

Pandas Development Team. (2024). Pandas documentation (Version 2.3.3). https://pandas.pydata.org/docs

Chollet, F. (2015). Keras: Deep learning for humans. https://keras.io

Schölkopf, B., Sung, K. K., Burges, C. J., Girosi, F., Niyogi, P., Poggio, T., & Vapnik, V. (1997). Comparing support vector machines with Gaussian kernels to radial basis function classifiers. IEEE Transactions on Signal Processing, 45(11), 2758-2765. https://doi.org/10.1109/78.650102

Youn, Y. R., & Hong, J. (2024). Optimization of model based on ReLU activation function in MLP neural network model. International Journal of Advanced Smart Convergence, 13(2), 80-87. https://doi.org/10.7236/IJASC.2024.13.2.80

Abbas, S. H., Naser, W. A. K., & Kadhim, A. A. (2023). Subject review: Intrusion detection system (IDS) and intrusion prevention system (IPS). Global Journal of Engineering and Technology Advances, 14(2), 155–158. https://doi.org/10.30574/gjeta.2023.14.2.0031

Al-Mousa, A., & Ahmed, M. (2025). Autonomous response systems: Bridging the gap between detection and mitigation in SDN. Journal of Cyber Security and Mobility, 14(1), 45-68. https://doi.org/10.13052/jcsm2245-1439.1413

Sharafaldin, I., Lashkari, A. H., Hakak, S., & Ghorbani, A. A. (2024). Developing a realistic dataset for AI-based DDoS detection: Challenges and methodologies. Computers & Security, 136, 103542.

DDoS ATTACK DETECTION SYSTEM

Authors

DOI:

Keywords:

Abstract

Downloads

References

Downloads

Published

How to Cite

Issue

Section

License

index

Language

Make a Submission

counter

Information

Developed By

Current Issue