Hybrid Deep Learning Approach for DDoS Attack Detection Based on Multidimensional Network Traffic Analysis
DOI:
https://doi.org/10.26740/vubeta.v3i2.39992Keywords:
DDoS Detection, Deep Learning, CNN, LSTM, TransformerAbstract
DDoS attacks have become a significant threat to the Internet of Things (IoT) and contemporary network environments due to their large traffic volume, dynamic nature, and class imbalance. Conventional intrusion detection systems may not be able to provide reliable detection in such circumstances. The proposed study is a hybrid deep learning framework that combines Convolutional Neural Networks (CNNs) and Long Short-Term Memory (LSTM) networks to identify DDoS attacks through multidimensional network traffic analysis. The CNN part is employed to derive spatial properties from traffic information, whereas the LSTM part captures temporal relationships among traffic flows. Our experimental analysis of the proposed model used an elaborate experimental setup and conventional performance measures, including accuracy, precision, recall, F1-score, and AUC. The findings of the present research indicate that the hybrid CNNLSTM model outperforms the individual CNN and LSTM models, achieving an accuracy of 99.35% and an AUC of 0.995. The strength of the proposed method in the presence of class imbalance is further confirmed by analysis using ROC and Precision-Recall curves. The results show that the suggested hybrid framework can offer a powerful and viable solution towards DDoS attack identification in IoT and next-generation networks.
References
[1] A. A. Salih and M. B. Abdulrazaq, “Cybernet Model: A New Deep Learning Model for Cyber DDoS Attacks Detection and Recognition,” Computers Materials & Continua, vol. 78, no. 1, pp. 1621–1636, 2024. https://doi.org/10.32604/cmc.2023.046101.
[2] R. Ma, Q. Wang, X. Bu, and X. Chen, “Real-Time Detection of DDoS Attacks Based on Random Forest in SDN,” Applied Sciences, vol. 13, no. 13, pp. 7872, 2023. https://doi.org/10.3390/app13137872.
[3] Z. Jun-jie, Y. Liu, Q. Zhang, and X. Zheng, “CNN-AttBiLSTM Mechanism: A DDoS Attack Detection Method Based on Attention Mechanism and CNN-BiLSTM,” IEEE Access, vol. 11, pp. 136308–136317, 2023. https://doi.org/10.1109/ACCESS.2023.3334916.
[4] C. Shieh, T.-T. Nguyen, and M. Horng, “Detection of Unknown DDoS Attack Using Convolutional Neural Networks Featuring Geometrical Metric,” Mathematics, vol. 11, no. 9, pp. 2145, 2023. https://doi.org/10.3390/math11092145.
[5] A. A. Hammad, M. A. Falih, S. Ali, and aadaldeen R. Ahmed, “Detecting Cyber Threats in IoT Networks: A Machine Learning Approach,” International Journal of Computing and Digital Systems, vol. 17, no. 1, pp. 1–25, 2025. https://doi.org/10.12785/ijcds/1571020041.
[6] W. G. Negera, F. Schwenker, D. W. Feyisa, T. G. Debelee, and H. M. Melaku, “Hierarchical Classification of Botnet Using Lightweight CNN,” Applied Sciences, vol. 14, no. 10, pp. 3966, 2024, https://doi.org/10.3390/app14103966.
[7] M. S. I. Alsumaidaie, R. Abdullah, and N. Sabri, “An Assessment of Ensemble Voting Approaches, Random Forest, and Decision Tree Techniques in Detecting DDoS Attacks,” Int. J. Adv. Comput. Sci. Appl., vol. 15, pp. 429–436, 2024. https://doi.org/10.37917/ijeee.20.1.2.
[8] V. Ramanathan, K. Mahadevan, and S. Dua, “A Supervised Deep Learning Solution to Detect DDoS attacks on Edge Systems using CNN,” arXiv preprint, 2023. https://doi.org/10.48550/arXiv.2309.05646.
[9] A. A. Najar, F. R. Lone, and A. Nazir, “A Novel CNN‐based Approach for Detection and Classification of DDoS Attacks,” Concurrency and Computation Practice and Experience, vol. 36, no. 19, 2024. https://doi.org/10.1002/cpe.8157.
[10] D. M. Rajan and D. J. Aravindhar, “Detection and Mitigation of DDOS Attack in SDN Environment Using Hybrid CNN-LSTM,” Migration Letters, vol. 20, no. S13, pp. 407–419, 2023. https://doi.org/10.59670/ml.v20iS13.6472.
[11] A. S. A. Issa and Z. Albayrak, “DDoS Attack Intrusion Detection System Based on Hybridization of CNN and LSTM,” Acta Polytechnica Hungarica, vol. 20, pp. 89–108, 2023. https://doi.org/10.12700/APH.20.2.2023.2.6.
[12] J. Zhao, Y. Zhang, Y. Li, Z. Cai, and L. Yang, “CNN-AttBiLSTM Mechanism: A DDoS Attack Detection Method Based on Attention Mechanism and CNN-BiLSTM,” IEEE Access, vol. 11, pp. 136308–136318, 2023. https://doi.org/10.1109/ACCESS.2023.3334916.
[13] C.-S. Shieh, H. Morales-Sandoval, S. E. Alavi, and M. A. Ferrag, “Open-Set Recognition in Unknown DDoS Attacks Detection with Reciprocal Points Learning,” IEEE Access, vol. 12, pp. 30002–30013, 2024. https://doi.org/10.1109/ACCESS.2024.3388149.
[14] J. Mateus, G.-A. L. Zodi, and A. Bagula, “Federated Learning-Based Solution for DDoS Detection in SDN,” 2024 International Conference on Computing, Networking and Communications (ICNC), pp. 875–880, 2024. https://doi.org/10.1109/ICNC59896.2024.10556115.
[15] B. A. Alabsi, M. A. Al-Garadi, A. I. Al-Mutairi, R. Nazir, and A. Mohamed, “Conditional Tabular GAN-Based Intrusion Detection System for Detecting DDoS and DoS Attacks on IoT Networks,” Sensors, vol. 23, 5644, 2023. https://doi.org/10.3390/s23125644.
[16] A. Sanmorino, L. Marnisah, and H. D. Kesuma, “Detection of DDoS Attacks using Fine-Tuned Multi-Layer Perceptron Models,” Engineering Technology & Applied Science Research, vol. 14, no. 5, pp. 16444–16449, 2024. https://doi.org/10.48084/etasr.8362.
[17] S. S. Qureshi, M. A. Halim, M. A. Qureshi, Z. A. Shaikh, and S. M. Quadri, “A New Deep Learning Paradigm for IoT Security,” International Journal of Network Security, vol. 26, pp. 212–221, 2024. https://doi.org/10.6633/IJNS.202405.
[18] E. C. P. Neto, S. Dadkhah, R. Ferreira, A. Zohourian, R. Lu, and A. A. Ghorbani, “CICIoT2023: A Real-Time Dataset and Benchmark for Large-Scale Attacks in IoT Environment,” Sensors, vol. 23, no. 13, pp. 5941, 2023. https://doi.org/10.3390/s23135941
[19] A. Balla, B. Al-Rimy, M. A. Al-Haboobi, O. Alfandi, and M. A. A. Al-Qurishi, “Enhanced CNN-LSTM Deep Learning for SCADA IDS,” IEEE Access, vol. 12, pp. 121450–121462, 2024. https://doi.org/10.1109/ACCESS.2024.3350978.
[20] A. A. Sadi, M. Savi, D. Berardi, A. Melis, M. Prandini, and F. Callegati, “Real-time Pipeline Reconfiguration of P4 Programmable Switches to Efficiently Detect and Mitigate DDoS Attacks,” 2023 26th Conference on Innovation in Clouds, Internet and Networks and Workshops (ICIN), 2023, https://doi.org/10.1109/icin56760.2023.10073501
[21] H. Whitworth, J. Le-Khac, and K. McDonnell, “5G Aviation Networks Using Novel AI Approach for DDoS Detection,” IEEE Access, vol. 11, pp. 77518–77531, 2023. https://doi.org/10.1109/ACCESS.2023.3296311.
[22] B. A. Alabsi, M. A. Al-Garadi, I. A. Aljohani, R. Nazir, and A. Mohamed, “CNN-GRU-Attention: Dual Deep Network for IoT Intrusion Detection,” Sensors, vol. 23, no. 6507, 2023. https://doi.org/10.3390/s23146507.
[23] C. M. Nalayini and J. Katiravan, “A New IDS for Detecting DDoS Attacks in Wireless Networks using Spotted Hyena Optimization and Fuzzy Temporal CNN,” Journal of Internet Technology, vol. 24, no. 1, pp. 1–11, 2023. https://doi.org/10.53106/160792642023012401003.
[24] O. Polat, E. Karabulut, G. Tuna, and H. G. Bilgin, “Multi-Stage Learning Framework Using CNN and Decision Tree-Based Classification for DDoS Detection in SCADA SDN,” Sensors, vol. 24, no. 1040, 2024. https://doi.org/10.3390/s24031040.
[25] A. M. Mahmood and İ. Avci, “Cybersecurity Defense Mechanism Against DDoS Attack with Explainability,” Preprints.org, 2024. https://doi.org/10.20944/preprints202404.1253.v1.
[26] N. Ain, M. Sardaraz, M. Tahir, M. W. A. El-Soud, and A. Alourani, “Securing IoT Networks Against DDoS Attacks: A Hybrid Deep Learning Approach,” Sensors, vol. 25, no. 5, pp. 1346, 2025. https://doi.org/10.3390/s25051346.
[27] P. Sathaporn, W. Krungseanmuang, V. Chaowalittawin, C. Benjangkaprasert, and B. Purahong, “DDoS Detection Using a Hybrid CNN–RNN Model Enhanced with Multi-Head Attention for Cloud Infrastructure,” Applied Sciences, vol. 15, no. 21, pp. 11567, 2025. https://doi.org/10.3390/app152111567.
[28] K. Wang, Y. Fu, X. Duan, and C. Liu, “Detection and mitigation of DDoS attacks based on multi-dimensional characteristics in SDN,” Scientific Reports, vol. 14, no. 1, 2024. https://doi.org/10.1038/s41598-024-66907-z.
[29] P. Sinha, D. K. Sahu, S. Prakash, T. Yang, R. S. Rathore, and V. Pandey, “A High-Performance Hybrid LSTM CNN Secure Architecture for IoT Environments using Deep Learning,” Scientific Reports, vol. 15, no. 1, 2025. https://doi.org/10.1038/s41598-025-94500-5.
[30] A. I. Hassan, E. A. E. Reheem, and S. K. Guirguis, “An Entropy and Machine Learning based Approach for DDoS Attacks Detection in Software Defined Networks,” Scientific Reports, vol. 14, no. 1, 2024. https://doi.org/10.1038/s41598-024-67984-w.
[31] S. Kumar and S. Gupta, “SDN TCP-SYN Dataset: A Dataset for TCP-SYN Flood DDoS Attack Detection in Software-Defined Networks,” Data in Brief, vol. 59, pp. 111314, 2025. https://doi.org/10.1016/j.dib.2025.111314.
[32] Md. A. Hossain, “Deep Learning-based Intrusion Detection for IoT Networks: A Scalable and Efficient Approach,” Eurasip Journal on Information Security, vol. 2025, no. 1, 2025. https://doi.org/10.1186/s13635-025-00202-w.
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Atheer Hammad
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Abstract views: 12
,
PDF Downloads: 10
