| Protection against Denial of Service Attacks:Attack Detection Using a Hybrid Statistical and Machine Learning Framework | |
|
MSRDG International Journal of Computer Scientific Technology & Electronics Engineering
© 2025 by MSRDG IJCSTEE Journal Volume 1 Issue 2
Year of Publication: 2025 |
Paper Download Article ID MSRDG-IJCSTEE-V1I2P105 |
|
Abstract: Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks continue to represent one of the most disruptive and financially damaging threat vectors in modern networked infrastructure. By exhausting computational, bandwidth, or protocol-state resources, such attacks render services unavailable to legitimate users, with enterprise recovery costs escalating into millions of dollars per incident. This paper proposes a novel three-tier hybrid detection framework that fuses Shannon entropy-based statistical anomaly detection, ensemble Random Forest classification, and Long Short-Term Memory (LSTM) deep sequential modelling into a unified decision fusion engine. The framework operates on a rich 42-dimensional feature vector derived in real time from raw packet streams, covering flow-level statistics, protocol distributions, inter-arrival time moments, and IP diversity metrics. Evaluated against the benchmark KDD Cup 1999, NSL-KDD, and CICIDS-2017 datasets augmented with a purpose-built live-capture corpus, the proposed system achieves an overall detection accuracy of 99.41%, false positive rate of 0.41%, and mean detection latency of 4.2 ms at 238 kilo-packets per second throughput. These results represent statistically significant improvements over standalone Random Forest (accuracy 97.9%), SVM (96.5%), and threshold-based methods (91.6%). The framework correctly classifies six distinct attack categories — SYN flood, UDP flood, HTTP flood, ICMP flood, DNS amplification, and Slowloris — with per-class F1 scores exceeding 0.981. The lightweight design enables deployment on commodity hardware and programmable data-plane environments (P4 switches), making it suitable for integration into real-time network security operations centres. |
|
| Keywords: Denial of Service detection · DDoS mitigation · Intrusion detection system · Random Forest · LSTM · Shannon entropy · Network anomaly detection · Machine learning · Traffic classification | |
