A Systematic Literature Review of Machine Learning Techniques for DDoS Detection: Accuracy, Efficiency, and Scalability Challenges

Authors

  • Muhamad Bunan Imtias UIN Walisongo Semarang Author
  • Khothibul Umam UIN Walisongo Semarang Author
  • Hery Mustofa UIN Walisongo Semarang Author

Keywords:

DDoS Attacks, Efficiency, IoT, Machine Learning, SDN

Abstract

Distributed Denial of Service (DDoS) present a substantial peril for contemporary networks by attempting to interrupt services through the inundation of excessive cartage.  As these assaults progress, conventional detection techniques frequently fail to adapt.  This paper examines the efficacy of machine learning (ML) for DDoS detection, emphasizing the equilibrium between detection precision and computing efficiency.  The review analyzes multiple machines learning models, including deep learning methodologies that include Long Short-Term Memory (LSTM) and Convolutional Neural Networks (CNNs), and their efficacy in diverse network contexts including Software Defined Networks (SDN), and Internet of Things (IoT).  Although these models exhibit excellent precision in identifying intricate assault patterns, issues about scalability and real-time detection efficacy persist.  The paper emphasizes effective machine learning algorithms on DDoS detection and examines associated trade-offs, offering insights for research and practical applications in the future.

Author Biographies

  • Khothibul Umam, UIN Walisongo Semarang

    Received the bachelor’s degree in Electrical Engineering from the Muhammadiyah University of Surakarta, Indonesia, the master’s degree from the Department of Informatics Engineering, University of Dian Nuswantoro, Semarang, Indonesia, and the Ph.D. degree from Department of Electrical Engineering of the Institut Teknologi Sepuluh Nopember. Currently, he is the staff of Department of Information Technology of the Sains and Technology Faculty of Universitas Islam Negeri (State Islamic University) Walisongo Semarang, Indonesia. His research interests include Serious Game, Virtual Class Learning, Ubiquitous Computing, IOT and Intelligent System,. He can be contacted at email: khothibul_umam@walisongo.ac.id

  • Hery Mustofa, UIN Walisongo Semarang

    Experienced Technical Support Analyst with a demonstrated history of working in the Banking industry. Skilled Routing Protocols, and Networking. Strong information technology professional with a Master’s Degree (M. Kom) focused in Information Technology from Universitas Dian Nuswantoro.

References

M. A. Hossain and M. S. Islam, “Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: A promising solution for robust cybersecurity,” Meas. Sensors, vol. 32, p. 101037, Apr. 2024, doi: 10.1016/j.measen.2024.101037.

M. Shafi, A. H. Lashkari, V. Rodriguez, and R. Nevo, “Toward Generating a New Cloud-Based Distributed Denial of Service (DDoS) Dataset and Cloud Intrusion Traffic Characterization,” Information, vol. 15, no. 4, p. 195, Mar. 2024, doi: 10.3390/info15040195.

G. S. Rao and P. K. Subbarao, “A Novel Approach for Detection of DoS / DDoS Attack in Network Environment using Ensemble Machine Learning Model,” Int. J. Recent Innov. Trends Comput. Commun., vol. 11, no. 9, pp. 244–253, 2023, doi: 10.17762/ijritcc.v11i9.8340.

Y. Su, D. Xiong, K. Qian, and Y. Wang, “A Comprehensive Survey of Distributed Denial of Service Detection and Mitigation Technologies in Software-Defined Network,” Electronics, vol. 13, no. 4, p. 807, Feb. 2024, doi: 10.3390/electronics13040807.

S. Haider et al., “A Deep CNN Ensemble Framework for Efficient DDoS Attack Detection in Software Defined Networks,” IEEE Access, vol. 8, pp. 53972–53983, 2020, doi: 10.1109/ACCESS.2020.2976908.

P. Kumar et al., “Machine Learning Enabled Techniques for Protecting Wireless Sensor Networks by Estimating Attack Prevalence and Device Deployment Strategy for 5G Networks,” Wirel. Commun. Mob. Comput., vol. 2022, pp. 1–15, Apr. 2022, doi: 10.1155/2022/5713092.

B. A. Khalaf, S. A. Mostafa, A. Mustapha, M. A. Mohammed, and W. M. Abduallah, “Comprehensive Review of Artificial Intelligence and Statistical Approaches in Distributed Denial of Service Attack and Defense Methods,” IEEE Access, vol. 7, pp. 51691–51713, 2019, doi: 10.1109/ACCESS.2019.2908998.

E. Triandini, S. Jayanatha, A. Indrawan, G. Werla Putra, and B. Iswara, “Metode Systematic Literature Review untuk Identifikasi Platform dan Metode Pengembangan Sistem Informasi di Indonesia,” Indones. J. Inf. Syst., vol. 1, no. 2, p. 63, 2019, doi: 10.24002/ijis.v1i2.1916.

S. Holge et al., “The Impact of Age-Related Sensory Impairments (Hearing, Vision, and Taste) On Cognitive Function, Social Interaction, and Quality of Life in Older Adults,” Int. J. Geriatr. Gerontol., vol. 6, no. 1, Apr. 2023, doi: 10.29011/2577-0748.100055.

Y. Suarghana, “Systematic Review of Machine Learning-Based DDoS Detection in SDN Networks : A PRISMA Approach,” in ABEC 4thInternational Annual Conference, 2024, pp. 166–174.

W. I. Khedr, A. E. Gouda, and E. R. Mohamed, “P4-HLDMC: A Novel Framework for DDoS and ARP Attack Detection and Mitigation in SD-IoT Networks Using Machine Learning, Stateful P4, and Distributed Multi-Controller Architecture,” Mathematics, vol. 11, no. 16, p. 3552, 2023, doi: 10.3390/math11163552.

R. Ahmad, R. Wazirali, Q. Bsoul, T. Abu-Ain, and W. Abu-Ain, “Feature-selection and mutual-clustering approaches to improve dos detection and maintain wsns’ lifetime,” Sensors, vol. 21, no. 14, 2021, doi: 10.3390/s21144821.

C. S. Shieh, F. A. Ho, M. F. Horng, T. T. Nguyen, and P. Chakrabarti, “Open-Set Recognition in Unknown DDoS Attacks Detection With Reciprocal Points Learning,” IEEE Access, vol. 12, no. March, pp. 56461–56476, 2024, doi: 10.1109/ACCESS.2024.3388149.

D. Said, M. Bagaa, A. Oukaira, and A. Lakhssassi, “Quantum Entropy and Reinforcement Learning for Distributed Denial of Service Attack Detection in Smart Grid,” IEEE Access, vol. 12, no. July, pp. 129858–129869, 2024, doi: 10.1109/ACCESS.2024.3441931.

M. Zeeshan et al., “Protocol-Based Deep Intrusion Detection for DoS and DDoS Attacks Using UNSW-NB15 and Bot-IoT Data-Sets,” IEEE Access, vol. 10, pp. 2269–2283, 2022, doi: 10.1109/ACCESS.2021.3137201.

P. Rivas, J. Orduz, T. Das Jui, C. DeCusatis, and B. Khanal, “Quantum-Enhanced Representation Learning: A Quanvolutional Autoencoder Approach against DDoS Threats,” Mach. Learn. Knowl. Extr., vol. 6, no. 2, pp. 944–964, 2024, doi: 10.3390/make6020044.

U. O. Obonna et al., “Detection of Man-in-the-Middle (MitM) Cyber-Attacks in Oil and Gas Process Control Networks Using Machine Learning Algorithms,” Futur. Internet, vol. 15, no. 8, 2023, doi: 10.3390/fi15080280.

N. S. Musa, N. M. Mirza, S. H. Rafique, A. M. Abdallah, and T. Murugan, “Machine Learning and Deep Learning Techniques for Distributed Denial of Service Anomaly Detection in Software Defined Networks - Current Research Solutions,” IEEE Access, vol. 12, no. February, pp. 17982–18011, 2024, doi: 10.1109/ACCESS.2024.3360868.

A. Aljuhani, “Machine Learning Approaches for Combating Distributed Denial of Service Attacks in Modern Networking Environments,” IEEE Access, vol. 9, pp. 42236–42264, 2021, doi: 10.1109/ACCESS.2021.3062909.

W. I. Khedr, A. E. Gouda, and E. R. Mohamed, “FMDADM: A Multi-Layer DDoS Attack Detection and Mitigation Framework Using Machine Learning for Stateful SDN-Based IoT Networks,” IEEE Access, vol. 11, no. March, pp. 28934–28954, 2023, doi: 10.1109/ACCESS.2023.3260256.

S. A. D. AlSharman, O. Al-Khaleel, and M. Al-Ayyoub, “A Detailed Inspection of Machine Learning Based Intrusion Detection Systems for Software Defined Networks,” Internet of Things, vol. 5, no. 4, pp. 756–784, 2024, doi: 10.3390/iot5040034.

A. A. Alashhab et al., “Enhancing DDoS Attack Detection and Mitigation in SDN Using an Ensemble Online Machine Learning Model,” IEEE Access, vol. 12, no. April, pp. 51630–51649, 2024, doi: 10.1109/ACCESS.2024.3384398.

A. A. Alahmadi et al., “DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions,” Electron., vol. 12, no. 14, pp. 1–24, 2023, doi: 10.3390/electronics12143103.

F. B. Saghezchi, G. Mantas, M. A. Violas, A. M. de Oliveira Duarte, and J. Rodriguez, “Machine Learning for DDoS Attack Detection in Industry 4.0 CPPSs,” Electron., vol. 11, no. 4, pp. 1–14, 2022, doi: 10.3390/electronics11040602.

S. Ahmed et al., “Effective and Efficient DDoS Attack Detection Using Deep Learning Algorithm, Multi-Layer Perceptron,” Futur. Internet, vol. 15, no. 2, pp. 1–24, 2023, doi: 10.3390/fi15020076.

Z. Liu, X. Yin, and Y. Hu, “CPSS LR-DDoS Detection and Defense in Edge Computing Utilizing DCNN Q-Learning,” IEEE Access, vol. 8, no. 3, pp. 42120–42130, 2020, doi: 10.1109/ACCESS.2020.2976706.

A. Ahmim, F. Maazouzi, M. Ahmim, S. Namane, and I. Ben Dhaou, “Distributed Denial of Service Attack Detection for the Internet of Things Using Hybrid Deep Learning Model,” IEEE Access, vol. 11, no. October, pp. 119862–119875, 2023, doi: 10.1109/ACCESS.2023.3327620.

J. Halladay et al., “Detection and Characterization of DDoS Attacks Using Time-Based Features,” IEEE Access, vol. 10, pp. 49794–49807, 2022, doi: 10.1109/ACCESS.2022.3173319.

M. A. O. Rabah, H. Drid, Y. Medjadba, and M. Rahouti, “Detection and Mitigation of Distributed Denial of Service Attacks Using Ensemble Learning and Honeypots in a Novel SDN-UAV Network Architecture,” IEEE Access, vol. 12, no. July, pp. 128929–128940, 2024, doi: 10.1109/ACCESS.2024.3443142.

T. E. Ali, Y. W. Chong, and S. Manickam, “Machine Learning Techniques to Detect a DDoS Attack in SDN: A Systematic Review,” Appl. Sci., vol. 13, no. 5, 2023, doi: 10.3390/app13053183.

N. N. Tuan, P. H. Hung, N. D. Nghia, N. Van Tho, T. Van Phan, and N. H. Thanh, “A DDoS attack mitigation scheme in ISP networks using machine learning based on SDN,” Electron., vol. 9, no. 3, pp. 1–19, 2020, doi: 10.3390/electronics9030413.

Y. Wei, J. Jang-Jaccard, F. Sabrina, A. Singh, W. Xu, and S. Camtepe, “AE-MLP: A Hybrid Deep Learning Approach for DDoS Detection and Classification,” IEEE Access, vol. 9, pp. 146810–146821, 2021, doi: 10.1109/ACCESS.2021.3123791.

M. B. Bankó et al., “Advancements in Machine Learning-Based Intrusion Detection in IoT: Research Trends and Challenges,” Algorithms, vol. 18, no. 4, 2025, doi: 10.3390/a18040209.

L. H. de Melo, G. de C. Bertoli, M. Nogueira, A. L. dos Santos, and L. A. P. Junior, “Anomaly-Flow: A Multi-domain Federated Generative Adversarial Network for Distributed Denial-of-Service Detection,” IEEE Access, pp. 1–9, 2025, doi: 10.1109/MNET.2025.3567251.

S. Shanmuga Priya, M. Sivaram, D. Yuvaraj, and A. Jayanthiladevi, “Machine Learning based DDOS Detection,” 2020 Int. Conf. Emerg. Smart Comput. Informatics, ESCI 2020, pp. 234–237, 2020, doi: 10.1109/ESCI48226.2020.9167642.

U. Tariq, “Optimized Feature Selection for DDoS Attack Recognition and Mitigation in SD-VANETs,” World Electr. Veh. J., vol. 15, no. 9, p. 395, 2024, doi: 10.3390/wevj15090395.

F. Alasmary, S. Alraddadi, S. Al-Ahmadi, and J. Al-Muhtadi, “ShieldRNN: A Distributed Flow-Based DDoS Detection Solution for IoT Using Sequence Majority Voting,” IEEE Access, vol. 10, no. June, pp. 88263–88275, 2022, doi: 10.1109/ACCESS.2022.3200477.

R. T. A. Al-Dulaimi and A. K. Türkben, “A Hybrid Tree Convolutional Neural Network with Leader-Guided Spiral Optimization for Detecting Symmetric Patterns in Network Anomalies,” Symmetry (Basel)., vol. 17, no. 3, 2025, doi: 10.3390/sym17030421.

D. Akinleye and O. Godwin, “Optimizing SDN-Based DDoS Mitigation Using Machine Learning,” 2024.

A. A. Bahashwan, M. Anbar, S. Manickam, T. A. Al-Amiedy, M. A. Aladaileh, and I. H. Hasbullah, “A Systematic Literature Review on Machine Learning and Deep Learning Approaches for Detecting DDoS Attacks in Software-Defined Networking,” Sensors, vol. 23, no. 9, 2023, doi: 10.3390/s23094441.

Downloads

Published

30-09-2025