Machine Learning Models for DDoS Attack Detection: A Systematic Literature Review

Authors

  • Chinyere Chioma Isiekwene Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria https://orcid.org/0009-0009-1197-8833
  • Nureni Ayofe Azeez Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria
  • Solomon A. Akinboro Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria
  • Oladipupo Sennaike Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria

DOI:

https://doi.org/10.26740/vubeta.v3i2.40146

Keywords:

Systematic Literature Review, Machine learning models, DDoS, Hybrid models, Networks

Abstract

The study aims to present a detailed analysis of different machine learning models used in the detection of distributed denial of service (DDoS) attacks. The report adopted the Preferred Reporting Items for Systematic Reviews and Meta-Analysis (PRISMA) style to determine the research domain, established a search list, and analyzed all the selected articles from scientific databases such as IEEE, Springer, Elsevier, MDPI, SSRN-JETIR, Wiley online-library, and Google Scholar to meet eligibility criteria. A total of 6560 articles were retrieved, and 75 were deemed eligible for study. The review identified seven subject categories in the literature review, and the results show that 48% of the reviewed papers were from Elsevier (Science Direct), IEEE covered 20%, Springer covered 16%, while MDPI count was 10.67%. 2023 had the highest number of paper sources, followed closely by 2022, then 2024. The study reveals the milestone achieved in the use of machine learning models in detecting distributed denial of service attacks alongside the existing gap in the application of these models.

Author Biographies

Chinyere Chioma Isiekwene, Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria

Chinyere Chioma Isiekwene obtained her B.Sc. from the University of Ibadan, Oyo State, Nigeria, in 2015, and possess double M.Sc. degrees from the Lagos State University, Ojo-Badagry, Lagos State, in 2020 and the University of Lagos, Akoka, Yaba, Lagos State, Nigeria, in 2023. She is currently pursuing a Ph.D. in Computer Science at the University of Lagos, Nigeria, with research interests encompassing cybersecurity, malware detection, data theft prevention, information security, privacy and trust, data mining techniques for scalable network traffic analysis, anomaly detection, and machine learning. She is a Lecturer in the Faculty of Computing at MIVA Open University, Nigeria, and a member of the Computer Professionals of Nigeria (CPN) and the Nigerian Computer Society (NCS).

Nureni Ayofe Azeez, Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria

Nureni Ayofe Azeez obtained his B.Tech. (Hons.) from the Federal University of Technology, Akure, Nigeria, in 2005, an MSc from the University of Ibadan, Oyo State, Nigeria, in 2008, and a Ph.D. from the University of the Western Cape, South Africa, in 2013, all in Computer Science. His areas of research include Security & Privacy, Trust Management, Access Control, and E-Health. He is a recipient of the Young Scientist Award at the 22nd International CODATA Conference, held in Cape Town, South Africa, in October 2010. He is an associate professor of computer science at the Department of Computer Sciences, University of Lagos, Nigeria.

Solomon A. Akinboro , Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria

Solomon A. Akinboro is an Associate Professor from the Department of Computer Science, University of Lagos, Akoka, Nigeria. He holds a B. Tech degree in Computer Engineering from Ladoke Akintola University of Technology, Ogbomosho; an M.Sc. in Computer Science and Engineering; and a PhD in Computer Science from Obafemi Awolowo University, Ile-Ife. Research interests include Data Communication Network, Information Security, Artificial Intelligence and ICT4D.  He is a member of the following professional bodies: Nigeria Computer Society, Nigeria Society of Engineers and the Council for the Regulation of Engineering in Nigeria (COREN).

Oladipupo Sennaike, Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria

Department of Computer Sciences, Faculty of Science, University of Lagos, Nigeria

References

[1] Ahmad, Z. Wan, and A. Ahmad, “A big data analytics for DDoS attack detection using optimized ensemble framework in Internet of Things,” Internet of Things, vol. 23, no. 100825, Oct. 2023. https://doi.org/10.1016/j.iot.2023.100825

[2] N. Ahuja, D. Mukhopadhyay, and G. Singal, “DDoS attack traffic classification in SDN using deep learning,” Personal and Ubiquitous Computing, vol. 28, pp. 417–429, 2024. https://doi.org/10.1007/s00779-023-01785-2.

[3] S. Aktar and A. Y. Nur, “Towards DDoS attack detection using a deep learning approach,” Computers & Security, vol. 129, no. 103251, 2023. https://doi.org/10.1016/j.cose.2023.103251.

[4] M. Aljebreen, H. A. Mengash, M. A. Arasi, S. S. Aljameel, A. S. Salama, and M. A. Hamza, “Enhancing DDoS attack detection using Snake Optimizer with ensemble learning on Internet of Things environment,” IEEE Access, vol. 11, pp. 104745–104753, 2023. https://doi.org/10.1109/ACCESS.2023.3318316.

[5] N. O. Aljehane, H. A. Mengash, M. M. Eltahir, F. A. Alotaibi, S. S. Aljameel, A. Yafoz, R. Alsini, and M. Assiri, “Golden jackal optimization algorithm with deep learning assisted intrusion detection system for network security,” Alexandria Engineering Journal, vol. 86, pp. 415–424, 2024. https://doi.org/10.1016/j.aej.2023.11.078.

[6] Analytics Vidhya, “10 techniques to solve imbalanced classes in machine learning,” 26, 2023.

[7] B. Anbarasu and I. S. Thaseen, “Anomaly detection using feature selection and ensemble of machine learning models,” Computational Methods and Data Engineering, Lecture Notes on Data Engineering and Communications Technologies, vol. 139, Singapore: Springer, pp. 215–229, 2023. https://doi.org/10.1007/978-981-19-3015-7_16.

[8] [8] A. Mishra, N. Gupta, and B. B. Gupta, “Defensive mechanism against DDoS attack based on feature selection and multi-classifier algorithms,” Telecommunication Systems, vol. 82, no. 2, pp. 229–244, 2023. https://doi.org/10.1007/s11235-022-00981-4

[9] AWS, “What is hyperparameter tuning?,” Dec. 1, 2023. Accessed: May 12, 2026.

[10] J. Azimjonov and T. Kim, “Designing accurate, lightweight intrusion detection systems for IoT networks using fine-tuned linear SVM and feature selectors,” Computers & Security, vol. 137, no. 103598, Feb. 2024. https://doi.org/10.1016/j.cose.2023.103598

[11] B. Babayigit and M. Abubaker, “Towards a generalized hybrid deep learning model with optimized hyperparameters for malicious traffic detection in the Industrial Internet of Things,” Engineering Applications of Artificial Intelligence, vol. 128, no. 107515, Feb. 2024. https://doi.org/10.1016/j.engappai.2023.107515

[12] M. Bakro, R. R. Kumar, A. Alabrah, Z. Ashraf, M. N. Ahmed, M. Shameem, and A. Abdelsalam, “An improved design for a cloud intrusion detection system using a hybrid feature selection approach with ML classifier,” IEEE Access, vol. 11, pp. 64228–64247, 2023. https://doi.org/10.1109/ACCESS.2023.3289405

[13] R. K. Batchu and H. Seetha, “On improving the performance of the DDoS attack detection system,” Microprocessors and Microsystems, vol. 93, no. 104571, 2022. https://doi.org/10.1016/j.micpro.2022.104571

[14] E. Benmohamed, A. Thaljaoui, S. Elkhediri, S. Aladhadh, and M. Alohali, “E-SDNN: Encoder-stacked deep neural networks for DDoS attack detection,” Neural Computing and Applications, vol. 36, no. 18, pp. 10431–10443, 2024. https://doi.org/10.1007/s00521-024-09622-0

[15] P. Chaudhary, B. Gupta, and A. K. Singh, “Implementing an attack detection system using filter-based feature selection methods for fog-enabled IoT networks,” Telecommunication Systems, vol. 81, no. 1, pp. 23–39, 2022. https://doi.org/10.1007/s11235-022-00927-w

[16] A. Chohra, P. Shirani, E. B. Karbab, and M. Debbabi, “Chameleon: Optimized feature selection using particle swarm optimization and ensemble methods for network anomaly detection,” Computers & Security, vol. 117, no. 102684, 2022. https://doi.org/10.1016/j.cose.2022.102684

[17] Cloudflare, “What is a DDoS attack?,” Jan. 9, 2024. Accessed: May 12, 2026.

[18] A. Coscia, V. Dentamaro, S. Galantucci, A. Maci, and G. Pirlo, “Automatic decision tree-based NIDPS ruleset generation for DoS/DDoS attacks,” Journal of Information Security and Applications, vol. 82, no. 103736, 2024. https://doi.org/10.1016/j.jisa.2024.103736

[19] S. Dasari and R. Kaluri, “An effective classification of DDoS attacks in a distributed network by adopting hierarchical machine learning and hyperparameters optimization techniques,” IEEE Access, vol. 12, pp. 10834–10845, 2024. https://doi.org/10.1109/ACCESS.2024.3352281

[20] D. Kumar, R. K. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, “DDoS detection using deep learning,” Procedia Computer Science, vol. 218, pp. 2420–2429, 2023. https://doi.org/10.1016/j.procs.2023.01.217

[21] A. K. Dey, G. P. Gupta, and S. P. Sahu, “Hybrid meta-heuristic based feature selection mechanism for cyber-attack detection in IoT-enabled networks,” Procedia Computer Science, vol. 218, pp. 318–327, 2023. https://doi.org/10.1016/j.procs.2023.01.014

[22] S. Y. Diaba and M. Elmusrati, “Proposed algorithm for smart grid DDoS detection based on deep learning,” Neural Networks, vol. 159, pp. 175–184, 2023. https://doi.org/10.1016/j.neunet.2022.12.011

[23] N. Farhana, A. Firdaus, M. F. Darmawan, and M. F. Ab Razak, “Evaluation of Boruta algorithm in DDoS detection,” Egyptian Informatics Journal, vol. 24, no. 1, pp. 27–42, 2023. https://doi.org/10.1016/j.eij.2022.10.005

[24] J. Halladay, D. Cullen, N. Briner, J. Warren, K. Fye, R. Basnet, J. Bergen, and T. Doleck, “Detection and characterization of DDoS attacks using time-based features,” IEEE Access, vol. 10, pp. 49794–49807, 2022. https://doi.org/10.1109/ACCESS.2022.3173319

[25] V. Hnamte, A. A. Najar, H. Nhung-Nguyen, J. Hussain, and S. M. Naik, “DDoS attack detection and mitigation using deep neural network in SDN environment,” Computers & Security, vol. 138, no. 103661, 2024. https://doi.org/10.1016/j.cose.2023.103661

[26] M. A. Hossain and M. S. Islam, “Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: A promising solution for robust cybersecurity,” Measurement: Sensors, vol. 32, no. 101037, 2024. https://doi.org/10.1016/j.measen.2024.101037

[27] I. Ioannou, P. Nagaradjane, P. Angin, P. Balasubramanian, K. J. Kavitha, P. Murugan, and V. Vassiliou, “GEMLIDS-MIOT: A green effective machine learning intrusion detection system based on federated learning for medical IoT network security hardening,” Computer Communications, vol. 218, pp. 209–239, 2024. https://doi.org/10.1016/j.comcom.2024.02.023

[28] İ. Avcı and M. Koca, “Predicting DDoS attacks using machine learning algorithms in building management systems,” Electronics, vol. 12, no. 19, no. 4142, 2023. https://doi.org/10.3390/electronics12194142

[29] Ismail, M. I. Mohmand, H. Hussain, A. A. Khan, U. Ullah, M. Zakarya, A. Ahmed, M. Raza, I. U. Rahman, and M. Haleem, “A machine learning-based classification and prediction technique for DDoS attacks,” IEEE Access, vol. 10, pp. 21443–21454, 2022. https://doi.org/10.1109/ACCESS.2022.3152577

[30] M. R. Kadri, A. Abdelli, J. B. Othman, and L. Mokdad, “Survey and classification of DoS and DDoS attack detection and validation approaches for IoT environments,” Internet of Things, vol. 25, no. 101021, 2024. https://doi.org/10.1016/j.iot.2023.101021

[31] R. Kalakoti, S. Nõmm, and H. Bahsi, “In-depth feature selection for the statistical machine learning-based botnet detection in IoT networks,” IEEE Access, vol. 10, pp. 94518–94535, 2022. https://doi.org/10.1109/ACCESS.2022.3204001

[32] C. M. Nalayini and J. Katiravan, “Detection of DDoS attack using machine learning algorithms,” Journal of Emerging Technologies and Innovative Research (JETIR), vol. 9, no. 7, pp. f223–f232, Jul. 2022.

[33] M. Vishwakarma and N. Kesswani, “DIDS: A deep neural network based real-time intrusion detection system for IoT,” Decision Analytics Journal, vol. 5, no. 100142, 2022. https://doi.org/10.1016/j.dajour.2022.100142

[34] W. I. Khedr, A. E. Gouda, and E. R. Mohamed, “FMDADM: A multi-layer DDoS attack detection and mitigation framework using machine learning for stateful SDN-based IoT networks,” IEEE Access, vol. 11, pp. 28934–28954, 2023. https://doi.org/10.1109/ACCESS.2023.3260256

[35] İ. Avcı and M. Koca, “Predicting DDoS attacks using machine learning algorithms in building management systems,” Electronics, vol. 12, no. 19, no. 4142, 2023. https://doi.org/10.3390/electronics12194142

[36] K. Kumari and M. Mrunalini, “Detecting Denial of Service attacks using machine learning algorithms,” Journal of Big Data, vol. 9, no. 56, 2022. https://doi.org/10.1186/s40537-022-00616-0

[37] X. Liu and Y. Du, “Towards effective feature selection for IoT botnet attack detection using a genetic algorithm,” Electronics, vol. 12, no. 5, no. 1260, 2023. https://doi.org/10.3390/electronics12051260

[38] S. S. Mahadik, P. M. Pawar, and R. Muthalagu, “Edge-HetIoT defense against DDoS attack using learning techniques,” Computers & Security, vol. 132, no. 103347, 2023. https://doi.org/10.1016/j.cose.2023.103347

[39] A. Maheshwari, B. Mehraj, M. S. Khan, and M. S. Idrisi, “An optimized weighted voting-based ensemble model for DDoS attack detection and mitigation in SDN environment,” Microprocessors and Microsystems, vol. 89, no. 104412, 2022. https://doi.org/10.1016/j.micpro.2021.104412

[40] M. A. Al-Shareeda, S. Manickam, and M. A. Saare, “DDoS attacks detection using machine learning and deep learning techniques: Analysis and comparison,” Bulletin of Electrical Engineering and Informatics, vol. 12, no. 2, pp. 930–939, 2023. https://doi.org/10.11591/eei.v12i2.4466

[41] S. Mazumder, “5 techniques to handle imbalanced data for a classification problem,” Analytics Vidhya, 2023.

[42] A. K. Mishra, S. Paliwal, and G. Srivastava, “Anomaly detection using deep convolutional generative adversarial networks in the internet of things,” ISA Transactions, vol. 145, pp. 493–504, 2024. https://doi.org/10.1016/j.isatra.2023.12.005

[43] D. Mishra, B. Naik, J. Nayak, A. Souri, P. B. Dash, and S. Vimal, “Light gradient boosting machine with optimized hyperparameters for identification of malicious access in IoT network,” Digital Communications and Networks, vol. 9, no. 1, pp. 125–137, 2023. https://doi.org/10.1016/j.dcan.2022.10.004

[44] M. Mittal, K. Kumar, and S. Behal, “Deep learning approaches for detecting DDoS attacks: A systematic review,” Soft Computing, vol. 27, no. 18, pp. 13039–13075, 2023. https://doi.org/10.1007/s00500-021-06608-1

[45] M. Mittal, K. Kumar, and S. Behal, “DL-2P-DDoSADF: Deep learning-based two-phase DDoS attack detection framework,” Journal of Information Security and Applications, vol. 78, no. 103609, 2023. https://doi.org/10.1016/j.jisa.2023.103609

[46] K. Kumari and M. Mrunalini, “Detecting Denial of Service attacks using machine learning algorithms,” Journal of Big Data, vol. 9, no. 56, 2022. https://doi.org/10.1186/s40537-022-00616-0

[47] M. Türkoğlu, H. Polat, C. Koçak, and O. Polat, “Recognition of DDoS attacks on SD-VANET based on combination of hyperparameter optimization and feature selection,” Expert Systems with Applications, vol. 203, no. 117500, 2022. https://doi.org/10.1016/j.eswa.2022.117500

[48] N. Soveizi, F. Turkmen, and D. Karastoyanova, “Security and privacy concerns in cloud-based scientific and business workflows: A systematic review,” Future Generation Computer Systems, vol. 148, pp. 184–200, 2023. https://doi.org/10.1016/j.future.2023.05.015

[49] A. A. Najar and S. M. Naik, “Cyber-Secure SDN: A CNN-based approach for efficient detection and mitigation of DDoS attacks,” Computers & Security, vol. 139, no. 103716, 2024. https://doi.org/10.1016/j.cose.2024.103716

[50] C. M. Nalayini and J. Katiravan, “Detection of DDoS attack using machine learning algorithms,” Journal of Emerging Technologies and Innovative Research (JETIR), vol. 9, no. 7, pp. f223–f232, 2022.

[51] C. M. Nalayini, J. Katiravan, S. Geetha, and J. I. Christy Eunaicy, “A novel dual optimized IDS to detect DDoS attack in SDN using hyper tuned RFE and deep grid network,” Cyber Security and Applications, vol. 2, no. 100042, 2024. https://doi.org/10.1016/j.csa.2024.100042

[52] M. Ouhssini, K. Afdel, E. Agherrabi, M. Akouhar, and A. Abarda, “DeepDefend: A comprehensive framework for DDoS attack detection and prevention in cloud computing,” Journal of King Saud University - Computer and Information Sciences, vol. 36, no. 2, 2024. https://doi.org/10.1016/j.jksuci.2024.101938

[53] S. Pandian, “A comprehensive guide on hyperparameter tuning and its techniques,” Analytics Vidhya, 2022.

[54] O. Pandithurai, C. Venkataiah, S. Tiwari, and N. Ramanjaneyulu, “DDoS attack prediction using a honey badger optimization algorithm-based feature selection and Bi-LSTM in cloud environment,” Expert Systems with Applications, vol. 241, no. 122544, 2024. https://doi.org/10.1016/j.eswa.2023.122544

[55] R. Panigrahi, S. Borah, M. Pramanik, A. K. Bhoi, P. Barsocchi, S. R. Nayak, and W. Alnumay, “Intrusion detection in cyber–physical environment using hybrid Naïve Bayes—Decision table and multi-objective evolutionary feature selection,” Computer Communications, vol. 188, pp. 133–144, 2022. https://doi.org/10.1016/j.comcom.2022.03.009

[56] S. J. S. Veluswami, I. Ioannou, P. Nagaradjane, C. Christophorou, V. Vassiliou, S. Charan, and A. Pitsillides, “Detection of DDoS attacks in D2D communications using machine learning approach,” Computer Communications, vol. 198, pp. 32–51, 2023. https://doi.org/10.1016/j.comcom.2022.11.013

[57] A. Raza, K. Munir, M. S. Almutairi, and R. Sehar, “Novel class probability features for optimizing network attack detection with machine learning,” IEEE Access, vol. 11, pp. 98685–98694, 2023. https://doi.org/10.1109/ACCESS.2023.3313596

[58] F. Rustam, M. F. Mushtaq, A. Hamza, M. S. Farooq, A. D. Jurcut, and I. Ashraf, “Denial of service attack classification using machine learning with multi-features,” Electronics, vol. 11, no. 22, Art. no. 3817, Nov. 2022, doi: 10.3390/electronics11223817.

[59] S. Saha, A. T. Priyoti, A. Sharma, and A. Haque, “Towards an optimized ensemble feature selection for DDoS detection using both supervised and unsupervised method,” Sensors, vol. 22, no. 23, Art. no. 9144, 2022. https://doi.org/10.3390/s22239144

[60] A. Sarıkaya, B. G. Kılıç, and M. Demirci, “RAIDS: Robust autoencoder-based intrusion detection system model against adversarial attacks,” Computers & Security, vol. 135, Art. no. 103483, 2023. https://doi.org/10.1016/j.cose.2023.103483

[61] M. S. Elsayed, N.-A. Le-Khac, M. A. Azer, and A. D. Jurcut, “A flow-based anomaly detection approach with feature selection method against DDoS attacks in SDNs,” IEEE Transactions on Cognitive Communications and Networking, vol. 8, no. 4, pp. 1862–1880, 2022. https://doi.org/10.1109/TCCN.2022.3186331

[62] M. A. Setitra, M. Fan, B. L. Y. Agbley, and Z. E. A. Bensalem, “Optimized MLP-CNN model to enhance detecting DDoS attacks in SDN environment,” Network, vol. 3, no. 4, pp. 538–562, 2023. https://doi.org/10.3390/network3040024

[63] D. M. Sharif and H. Beitollahi, “Detection of application-layer DDoS attacks using machine learning and genetic algorithms,” Computers & Security, vol. 135, Art. no. 103511, 2023. https://doi.org/10.1016/j.cose.2023.103511

[64] M. Snehi, A. Bhandari, and J. Verma, “Foggier skies, clearer clouds: A real-time IoT-DDoS attack mitigation framework in fog-assisted software-defined cyber-physical systems,” Computers & Security, vol. 139, Art. no. 103702, 2024. https://doi.org/10.1016/j.cose.2024.103702

[65] S. Sokkalingam and R. Ramakrishnan, “An intelligent intrusion detection system for distributed denial of service attacks: A support vector machine with hybrid optimization algorithm-based approach,” Concurrency and Computation: Practice and Experience, vol. 34, no. 27, Art. no. e7334, 2022. https://doi.org/10.1002/cpe.7334

[66] G. N. Tikhe and P. S. Patheja, “A wrapper feature selection based hybrid deep learning model for DDoS detection in a network with NFV behaviors,” Wireless Personal Communications, vol. 133, no. 1, pp. 481–506, 2023. https://doi.org/10.1007/s11277-023-10775-9

[67] G. Tripathi, V. K. Singh, V. Sharma, and M. V. Vinodbhai, “Weighted feature selection for machine learning based accurate intrusion detection in communication networks,” IEEE Access, vol. 12, pp. 20973–20982, 2024. https://doi.org/10.1109/ACCESS.2024.3362794

[68] A. V. Turukmane and R. Devendiran, “M-MultiSVM: An efficient feature selection assisted network intrusion detection system using machine learning,” Computers & Security, vol. 137, Art. no. 103587, 2024. https://doi.org/10.1016/j.cose.2023.103587

[69] Z. Zhao, Z. Li, Z. Zhou, J. Yu, Z. Song, X. Xie, and R. Zhang, “DDoS family: A novel perspective for massive types of DDoS attacks,” Computers & Security, vol. 138, Art. no. 103663, 2024. https://doi.org/10.1016/j.cose.2023.103663

[70] Z. Liu, Y. Wang, F. Feng, Y. Liu, Z. Li, and Y. Shan, “A DDoS detection method based on feature engineering and machine learning in software-defined networks,” Sensors, vol. 23, no. 13, Art. no. 6176, 2023. https://doi.org/10.3390/s23136176

Downloads

Published

2026-06-11

How to Cite

[1]
C. Chioma Isiekwene, N. A. Azeez, S. A. Akinboro, and O. Sennaike, “Machine Learning Models for DDoS Attack Detection: A Systematic Literature Review”, Vokasi UNESA Bull. Eng. Technol. Appl. Sci., vol. 3, no. 2, pp. 389–411, Jun. 2026.

Issue

Vol. 3 No. 2 (2026): (In Progress)

Section

Article

License

Copyright (c) 2026 Chinyere Chioma Isiekwene, Nureni Ayofe Azeez; Solomon A. Akinboro , Oladipupo Sennaike

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Abstract views: 13 , PDF Downloads: 5

Similar Articles

1 2 3 4 5 6 > >> 

You may also start an advanced similarity search for this article.