A Hybrid GNN-Transformer Framework for Enhanced Detection of Distributed Denial-of-Service (DDoS) Attacks in Network Traffic
DOI:
https://doi.org/10.65204/djes.v3i2.583Keywords:
network security , DDoS attack detection , Graph Neural Networks (GNN)Abstract
One of the most important threats of security in new networks refers to Distributed Denial-of-Service (DDoS) attacks, as their wide data amount and complexity make their diagnosis difficult. Present research offers multiple architecture given the Graph Neural Networks (GNNs) and Transformer models for DDoS attack diagnosis. Firstly, data of network is schemed as a graph, nodes and edges’ attributes are extracted applying GNN. After that, model of Transformer is developed for analyzing temporal dependencies as well as extracting models associated with shared attacks. Such architecture leverages GNN to learn complicated structures of graph and Transformer to analyze long-term relations in temporal data. Outcomes of experiments on UNSW-NB15 dataset show that presented architecture excels in diagnosing DDoS attack decreasing attributes’ amount when developing accuracy of diagnosis. Model obtains an F1 score of 98.3%, accuracy of 98.7%, a recall of 97.9% illustrating high ability for network intrusion detection systems (IDS) usage.
References
H. Gebrye, Y. Wang, and F. Li, “Computer vision based distributed denial of service attack detection for resource-limited devices,” Comput. Electr. Eng., vol. 120, no. 109716, p. 109716, 2024.
K. Sharma and S. K. Shivandu, “Integrating artificial intelligence and Internet of Things (IoT) for enhanced crop monitoring and management in precision agriculture,” Sens. Int., vol. 5, no. 100292, p. 100292, 2024.
A. B. de Neira, B. Kantarci, and M. Nogueira, “Distributed denial of service attack prediction: Challenges, open issues and opportunities,” Comput. Netw., vol. 222, no. 109553, p. 109553, 2023.
M. Ouhssini, K. Afdel, M. Akouhar, E. Agherrabi, and A. Abarda, “Advancements in detecting, preventing, and mitigating DDoS attacks in cloud environments: A comprehensive systematic review of state-of-the-art approaches,” Egypt. Inform. J., vol. 27, no. 100517, p. 100517, 2024.
J. K. Chahal, A. Bhandari, and S. Behal, “DDoS attacks & defense mechanisms in SDN-enabled cloud: Taxonomy, review and research challenges,” Comput. Sci. Rev., vol. 53, no. 100644, p. 100644, 2024.
M. Sajid et al., “Enhancing intrusion detection: a hybrid machine and deep learning approach,” J. Cloud Comput. Adv. Syst. Appl., vol. 13, no. 1, 2024.
E. Owusu et al., “Online network DoS/DDoS detection: Sampling, change point detection, and machine learning methods,” IEEE Commun. Surv. Tutor., vol. 27, no. 4, pp. 2543–2580, 2025.
R. Gao, Z. Chen, X. Wu, Y. Yu, and L. Zhang, “Dynamic deep graph convolution with enhanced transformer networks for time series anomaly detection in IoT,” Cluster Comput., vol. 28, no. 1, 2025.
G. Corso, H. Stark, S. Jegelka, T. Jaakkola, and R. Barzilay, “Graph neural networks,” Nat. Rev. Methods Primers, vol. 4, no. 1, 2024.
S. Madan, M. Lentzen, J. Brandt, D. Rueckert, M. Hofmann-Apitius, and H. Fröhlich, “Transformer models in biomedicine,” BMC Med. Inform. Decis. Mak., vol. 24, no. 1, p. 214, 2024.
S. P. Priyadharshini and P. Balamurugan, “An efficient DDoS attack detection and prevention model using fusion heuristic enhancement of deep learning approach in FANET sector,” Appl. Soft Comput., vol. 167, no. 112438, p. 112438, 2024.
R. F. Fouladi, L. Karaçay, U. Gülen, and E. U. Soykan, “A novel Distributed Denial of Service attack defense scheme for Software-Defined Networking using Packet-In message and frequency domain analysis,” Comput. Electr. Eng., vol. 120, no. 109827, p. 109827, 2024.
R. Bocu and M. Iavich, “Enhanced detection of low-rate DDoS attack patterns using machine learning models,” J. Netw. Comput. Appl., vol. 227, no. 103903, p. 103903, 2024.
J. Ramprasath, N. Krishnaraj, and V. Seethalakshmi, “Mitigation services on SDN for distributed denial of service and denial of service attacks using machine learning techniques,” IETE J. Res., vol. 70, no. 1, pp. 70–81, 2024.
Q. Fan et al., “IDAD: An improved tensor train based distributed DDoS attack detection framework and its application in complex networks,” Future Gener. Comput. Syst., vol. 162, no. 107471, p. 107471, 2025.
T. Aljohani and A. Almutairi, “Modeling time-varying wide-scale distributed denial of service attacks on electric vehicle charging Stations,” Ain Shams Eng. J., vol. 15, no. 7, p. 102860, 2024.
L. Xie et al., “MRFM: A timely detection method for DDoS attacks in IoT with multidimensional reconstruction and function mapping,” Comput. Stand. Interfaces, vol. 89, no. 103829, p. 103829, 2024.
N. Yoon and H. Kim, “Detecting DDoS based on attention mechanism for Software-Defined Networks,” J. Netw. Comput. Appl., vol. 230, no. 103928, p. 103928, 2024.
S. K. Dash et al., “Enhancing DDoS attack detection in IoT using PCA,” Egypt. Inform. J., vol. 25, no. 100450, p. 100450, 2024.
H. A. Sakr, M. M. Fouda, A. F. Ashour, A. Abdelhafeez, M. I. El-Afifi, and M. Refaat Abdellah, “Machine learning-based detection of DDoS attacks on IoT devices in multi-energy systems,” Egypt. Inform. J., vol. 28, no. 100540, p. 100540, 2024.
H. Qian and L. Cai, “Improved K-means-based solution for detecting DDoS attacks in SDN,” Phys. Commun., vol. 64, no. 102318, p. 102318, 2024.
G. Srinivasa Rao, P. Santosh Kumar Patra, V. A. Narayana, A. Raji Reddy, G. N. V. Vibhav Reddy, and D. Eshwar, “DDoSNet: Detection and prediction of DDoS attacks from realistic multidimensional dataset in IoT network environment,” Egypt. Inform. J., vol. 27, no. 100526, p. 100526, 2024.
M. A. Hossain and M. S. Islam, “Enhancing DDoS attack detection with hybrid feature selection and ensemble-based classifier: A promising solution for robust cybersecurity,” Measur. Sens., vol. 32, no. 101037, p. 101037, 2024.
M. Alotaibi et al., “Hybrid GWQBBA model for optimized classification of attacks in Intrusion Detection System,” Alex. Eng. J., vol. 116, pp. 9–19, 2025.
B. Al-Omar and Z. Trabelsi, “Intrusion detection using attention-based CNN-LSTM model,” in IFIP Advances in Information and Communication Technology, Cham: Springer Nature Switzerland, 2023, pp. 515–526.
S. Das, M. Ashrafuzzaman, F. T. Sheldon, and S. Shiva, “Ensembling supervised and unsupervised machine learning algorithms for detecting distributed denial of service attacks,” Algorithms, vol. 17, no. 3, p. 99, 2024.
A. G. Vrahatis, K. Lazaros, and S. Kotsiantis, “Graph attention networks: A comprehensive review of methods and applications,” Future Internet, vol. 16, no. 9, p. 318, 2024.
K. Mao, X. Xiao, T. Xu, Y. Rong, J. Huang, and P. Zhao, “Molecular graph enhanced transformer for retrosynthesis prediction,” Neurocomputing, vol. 457, pp. 193–202, 2021.
N. Moustafa and J. Slay, “UNSW-NB15: a comprehensive data set for network intrusion detection systems (UNSW-NB15 network data set),” in 2015 Military Communications and Information Systems Conference (MilCIS), 2015.
U. A. Bhatti et al., “MFFCG – Multi feature fusion for hyperspectral image classification using graph attention network,” Expert Syst. Appl., vol. 229, no. 120496, p. 120496, 2023.
