Distributed Denial of Service Attack Detection Model for Peer to Peer (P2P) Networks

Abstract

Distributed Denial of Service (DDoS) attacks are among the most prevalent and disruptive forms of cyberattacks, aiming to make a machine or network resource unavailable to its intended users. Traditional rule-based detection systems often fail to adapt to evolving attack strategies. This paper presents a machine learning-based hybrid framework for DDoS detection using Support Vector Machines (SVM), Bidirectional Long Short-Term Memory networks (BiLSTM), and Density-Based Spatial Clustering of Applications with Noise (DBSCAN). The system uses NetFlow-inspired features extracted from live traffic captured in a virtualized Mininet environment. SVM is employed for supervised classification, BiLSTM for time-series based sequence learning, and DBSCAN for unsupervised anomaly detection. The results demonstrate that this hybrid approach provides robust detection accuracy, reduced false positives, and adaptability to unknown attacks.

Introduction

In today’s digital landscape, Distributed Denial of Service (DDoS) attacks pose significant threats to online services. Traditional detection methods relying on fixed signatures struggle against new or complex attacks. This paper proposes a hybrid machine learning framework combining Support Vector Machine (SVM), Bidirectional Long Short-Term Memory (BiLSTM), and Density-Based Spatial Clustering (DBSCAN) to detect both known and novel DDoS attacks effectively.

The approach uses over 80 extracted network flow features from simulated and real-world datasets. SVM excels at classifying clear attack patterns quickly, BiLSTM captures temporal dependencies for complex attacks, and DBSCAN identifies unknown anomalies without prior labels. An ensemble voting strategy prioritizes BiLSTM and DBSCAN results to reduce false alarms.

Evaluation on simulated Mininet networks and real datasets showed high accuracy (SVM: 99.89%, BiLSTM: 98.42%, DBSCAN: 96.95%), with perfect recall across models, indicating reliable detection of all attacks. The hybrid system outperforms previous methods in accuracy and robustness, especially in handling imbalanced data and real-time detection scenarios.

Conclusion

This research highlights the effectiveness of a multi-model framework for DDoS detection. By leveraging the strengths of supervised (SVM), deep learning (LSTM), and unsupervised (DBSCAN) models, we achieve a balance between accuracy and adaptability. The extracted flow-based features capture essential traffic behavior and enable real-time detection. Future work includes deploying the system in a live Software Defined Network (SDN) environment and integrating an automated mitigation module to block malicious IPs dynamically. Enhancing feature extraction for encrypted traffic and exploring federated learning models are also potential directions.

References

[1] Efendi, R., Wahyono, T., &Widiasari, I. R. (2024). \"DBSCAN SMOTE LSTM: Effective Strategies for Distributed Denial of Service Detection in Imbalanced Network Environments\", Big Data and Cognitive Computing, 8(9), 118. https://doi.org/10.3390/bdcc8090118 [2] Hirsi, A., Audah, L., Salh, A., Alhartomi, M. A., & Ahmed, S. (2024).Detecting DDoS Threats using Supervised Machine Learning for Traffic Classification in Software Defined Networking. IEEE Access, 12, 166675–166702. https://doi.org/10.1109/access.2024.3486034 [3] Alfatemi, A., Rahouti, M., Amin, R., ALJamal, S., Xiong, K., &Xin, Y. (2024). \"Advancing DDoS Attack Detection: A Synergistic Approach Using Deep Residual Neural Networks and Synthetic Oversampling\", arXiv preprint arXiv:2401.03116. https://arxiv.org/abs/2401.03116 [4] Qing, Y., Liu, X., & Du, Y. (2024).\"Mitigating Data Imbalance to Improve the Generalizability in IoTDDoS Detection Tasks\", The Journal of Supercomputing, 80, pp. 9935–9960. https://doi.org/10.1007/s11227-023-05829-5 [5] Joloudari, J. H., Marefat, A., Nematollahi, M. A., Oyelere, S. S., & Hussain, S. (2023).\"Effective Class-Imbalance Learning Based on SMOTE and Convolutional Neural Networks.\" Applied Sciences, 13(6), 4006. https://doi.org/10.3390/app13064006 [6] Silivery, A. K., Rao, K. R. M., & Suresh Kumar, L. K. (2023). \"An Effective Deep Learning Based Multi-Class Classification of DoS and DDoS Attack Detection.\" arXiv preprint arXiv:2308.08803. https://arxiv.org/abs/2308.08803 [7] Abdelkhalek, A., &Mashaly, M. (2023). \"Addressing the Class Imbalance Problem in Network Intrusion Detection Systems Using Data Resampling and Deep Learning.\" The Journal of Supercomputing, 79, 10611–10644. https://doi.org/10.1007/s11227-023-05073-x [8] Alasmary, F., Alraddadi, S., Al-Ahmadi, S., & Al-Muhtadi, J. (2022).ShieldRNN: a distributed Flow-Based DDOS detection solution for IoT using sequence majority voting. IEEE Access, 10, 88263–88275. https://doi.org/10.1109/access.2022.3200477 [9] Shafin, S. S., Prottoy, S. A., Abbas, S., Hakim, S. B., Chowdhury, A., & Rashid, M. M. (2021). \"Distributed Denial of Service Attack Detection Using Machine Learning and Class Oversampling.\" In Applied Intelligence and Informatics (pp. 247–259). Springer, Cham. https://doi.org/10.1007/978-3-030-82269-9_19 [10] Calvert, C. L., & Khoshgoftaar, T. M. (2019).\"Impact of Class Distribution on the Detection of Slow HTTP DoS Attacks Using Big Data.\" Journal of Big Data, 6, Article 67. https://doi.org/10.1186/s40537-019-0230-3 [11] Ye, J., Cheng, X., Zhu, J., Feng, L., & Song, L. (2018). A DDOS attack detection method based on SVM in software defined network. Security and Communication Networks, 2018, 1–8. https://doi.org/10.1155/2018/9804061

Copyright

Copyright © 2025 Madhesh S, Mukunthan S, MohanKumar R, JayaPrakash G S, Maragathavalli P. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.