Machine Learning-based Detection Strategies for DDoS Attacks

Abstract

With the rapid development of information technology, Distributed Denial-of-Service (DDoS) attacks have become a major threat to network security, posing severe challenges to the online services of enterprises and individuals. Traditional defense methods are often inefficient against complex, evolving attack patterns and fail to provide better detection and response. To address these limitations, this study focuses on developing and evaluating machine learning-based models for detecting Distributed Denial-of-Service (DDoS) attacks. A hybrid model combining lightweight Convolutional Neural Networks (CNNs) and Bidirectional Long Short-Term Memory (BiLSTM) networks is developed to leverage CNN’s spatial feature extraction and BiLSTM’s temporal dependency modeling. The CIDDS-001 dataset is used after rigorous preprocessing, including cleaning, feature selection, normalization, and sliding-window segmentation. Several architectures are trained and compared, including the proposed CNN-BiLSTM and an enhanced Self-Attention BiLSTM variant that dynamically emphasizes critical traffic patterns. Experimental evaluation using metrics such as accuracy, precision, recall, and F1-score demonstrates that the hybrid and attention-based models achieve superior performance and effectively reduce false alarm rates. Overall, the study provides a practical and adaptable approach for DDoS attack detection, enhancing the responsiveness and reliability of network defense systems. Future work will focus on extending this framework to larger and more diverse datasets to further improve its generalization in real-world scenarios.