Proceedings of International Conference on Applied Innovation in IT
2025/12/22, Volume 13, Issue 5, pp.737-746

Anomaly-Aware Deep Learning for DDos Detection with Optimization and Knowledge Distillation


Riyadh Rahef Nuiaa Alogaili, Saif Ali Abdulhussein, Ali Abdukadhim Taher, Dhiah Al-Shammary, Ayman Ibaida and Selvakumar Manickam


Abstract: Distributed Denial of Service (DDoS) attacks continue to overwhelm networked systems, demanding detectors that are accurate, low-false-alarm, transferable, and deployable. We propose OSES-DL, an Optimization-guided Statistical Ensemble Synergistic Deep Learning framework that advances all four fronts. The method introduces: (i) an Optimization-driven Feature Evolution Layer (OFEL) that co-trains feature sparsity with accuracy, stability, and entropy preservation; (ii) a Statistical Deep Synergy Module (SDSM) that injects Mahalanobis anomaly priors directly into BiLSTM hidden states, yielding anomaly-aware representations; (iii) Ensemble Knowledge Distillation with class-conditional temperature and feature–logit coupling (EKD-CCT) for calibrated, lightweight deployment; and (iv) a Cross-Domain Generalization Regularizer (CDGR) that combines prior-weighted MMD and CORAL for layer wise domain alignment. On CICDDoS2019, OSES-DL attains 99.45% accuracy, F1 0.994, AUC 0.998, and FAR 0.62%, with ECE 0.9%. Trained on CICDDoS2019 and tested on UNSW-NB15 and CAIDA, it improves F1 by +1.0% and reduces FAR by 0.5%–0.6% over the strongest baseline, while maintaining near-BiLSTM latency. Leave-one-attack-type-out tests confirm robustness to unseen vectors. Ablations attribute FAR reduction to SDSM, calibration to OFEL/EKD, and transferability to CDGR. OSES-DL delivers a principled, operationally grounded detector that is both state-of-the-art and deployment-ready.

Keywords: DDoS Detection, Intrusion Detection Systems, Optimization-Guided Feature Evolution, Knowledge Distillation, Domain Generalization.

DOI: Under indexing

Download: PDF

References:

  1. K. B. Adedeji, A. M. Abu-Mahfouz, and A. M. Kurien, “DDoS attack and detection methods in internet-enabled networks: Concept, research perspectives, and challenges,” J. Sens. Actuator Netw., vol. 12, no. 4, p. 51, 2023.
  2. R. R. Nuiaa, S. Manickam, A. H. Alsaeedi, and E. S. Alomari, “Enhancing the performance of detect DRDoS DNS attacks based on the machine learning and proactive feature selection (PFS) model,” IAENG Int. J. Comput. Sci., vol. 49, no. 2, 2022.
  3. V. Merlino and D. Allegra, “Energy-based approach for attack detection in IoT devices: A survey,” Internet Things, vol. 27, p. 101306, 2024.
  4. A. Iftikhar, K. N. Qureshi, M. Shiraz, and S. Albahli, “Security, trust and privacy risks, responses, and solutions for high-speed smart cities networks: A systematic literature review,” J. King Saud Univ. Inf. Sci., vol. 35, no. 9, p. 101788, 2023.
  5. A. H. B. Aighuraibawi et al., “Hybridizing flower pollination algorithm with particle swarm optimization for enhancing the performance of IPv6 intrusion detection system,” Alexandria Eng. J., vol. 104, pp. 504-514, 2024.
  6. E. C. P. Neto, S. Iqbal, S. Buffett, M. Sultana, and A. Taylor, “Deep learning for intrusion detection in emerging technologies: A comprehensive survey and new perspectives,” Artif. Intell. Rev., vol. 58, no. 11, p. 340, 2025, doi: 10.1007/s10462-025-11346-z.
  7. L. Diana, P. Dini, and D. Paolini, “Overview on intrusion detection systems for computers networking security,” Computers, vol. 14, no. 3, p. 87, 2025.
  8. E. U. H. Qazi, M. H. Faheem, and T. Zia, “HDLNIDS: Hybrid deep-learning-based network intrusion detection system,” Appl. Sci., vol. 13, no. 8, p. 4921, 2023.
  9. R. R. Nuiaa, S. Manickam, and A. H. Alsaeedi, “A comprehensive review of DNS-based distributed reflection denial of service (DRDoS) attacks: State-of-the-art,” Int. J. Adv. Sci. Eng. Inf. Technol., vol. 12, no. 6, pp. 2452-2461, 2022.
  10. M. Umer, M. Tahir, M. Sardaraz, M. Sharif, H. Elmannai, and A. D. Algarni, “Network intrusion detection model using wrapper based feature selection and multi head attention transformers,” Sci. Rep., vol. 15, no. 1, p. 28718, 2025.
  11. S. Lee, D. Roh, J. Yu, D. Moon, J. Lee, and J.-H. Bae, “Deep feature fusion via transfer learning for multi-class network intrusion detection,” Appl. Sci., vol. 15, no. 9, p. 4851, 2025.
  12. J. Gawlikowski et al., “A survey of uncertainty in deep neural networks,” Artif. Intell. Rev., vol. 56, no. Suppl. 1, pp. 1513-1589, 2023.
  13. Y. Meir, O. Tevet, E. Koresh, Y. Tzach, and I. Kanter, “Advanced confidence methods in deep learning,” Phys. A Stat. Mech. Appl., vol. 641, p. 129758, 2024.
  14. S. K. Lind, Z. Xiong, P.-E. Forssen, and V. Krüger, “Uncertainty quantification metrics for deep regression,” Pattern Recognit. Lett., vol. 186, pp. 91-97, 2024.
  15. A. A. Alshdadi, A. A. Almazroi, N. Ayub, M. D. Lytras, E. Alsolami, and F. S. Alsubaei, “Big data-driven deep learning ensembler for DDoS attack detection,” Future Internet, vol. 16, no. 12, p. 458, 2024.
  16. C. Zhang, J. Li, N. Wang, and D. Zhang, “Research on intrusion detection method based on transformer and CNN-BiLSTM in Internet of Things,” Sensors, vol. 25, no. 9, p. 2725, 2025.
  17. M. Cantone, C. Marrocco, and A. Bria, “Machine learning in network intrusion detection: A cross-dataset generalization study,” IEEE Access, 2024.
  18. S. Bhardwaj, A. S. Li, M. Dave, and E. Bertino, “Overcoming the lack of labeled data: Training malware detection models using adversarial domain adaptation,” Comput. Secur., p. 103769, 2024.
  19. M. Verkerken et al., “A novel multi-stage approach for hierarchical intrusion detection,” IEEE Trans. Netw. Serv. Manag., vol. 20, no. 3, pp. 3915-3929, 2023.
  20. G. de Carvalho Bertoli, L. A. P. Junior, O. Saotome, and A. L. Dos Santos, “Generalizing intrusion detection for heterogeneous networks: A stacked-unsupervised federated learning approach,” Comput. Secur., vol. 127, p. 103106, 2023.
  21. H. Zhang, Z. Zhang, H. Huang, and H. Yang, “Wasserstein distance guided feature tokenizer transformer domain adaptation for network intrusion detection,” Comput. Secur., p. 104562, 2025.
  22. S. Layeghy, M. Baktashmotlagh, and M. Portmann, “DI-NIDS: Domain invariant network intrusion detection system,” Knowl.-Based Syst., vol. 273, p. 110626, 2023.
  23. K. Li, W. Ma, H. Duan, and H. Xie, “Multi-source refined adversarial domain adaptation with transfer complementarity infusion for IoT intrusion detection under limited samples,” Expert Syst. Appl., vol. 254, p. 124352, 2024.
  24. K. Jiang, F. Zou, H. Huang, L. Zheng, and H. Zhai, “Open DGML: Intrusion detection based on open-domain generation meta-learning,” Appl. Sci., vol. 14, no. 13, p. 5426, 2024.
  25. S. A. Wahab, S. Sultana, N. Tariq, M. Mujahid, J. A. Khan, and A. Mylonas, “A multi-class intrusion detection system for DDoS attacks in IoT networks using deep learning and transformers,” Sensors, vol. 25, no. 15, p. 4845, 2025.
  26. P. V. Dantas, W. Sabino da Silva Jr, L. C. Cordeiro, and C. B. Carvalho, “A comprehensive review of model compression techniques in machine learning,” Appl. Intell., vol. 54, no. 22, pp. 11804-11844, 2024.
  27. A. H. Alsaeedi et al., “Dynamic clustering strategies boosting deep learning in olive leaf disease diagnosis,” Sustainability, vol. 15, no. 18, p. 13723, 2023.
  28. Y. Kim, G. Park, and H. K. Kim, “Domain knowledge free cloud-IDS with lightweight embedding method,” J. Cloud Comput., vol. 13, no. 1, p. 143, 2024.
  29. H. G. A. Umar et al., “Energy-efficient deep learning-based intrusion detection system for edge computing: A novel DNN-KDQ model,” J. Cloud Comput., vol. 14, no. 1, p. 32, 2025.
  30. I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, “Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy,” in 2019 Int. Carnahan Conf. Secur. Technol. (ICCST), Piscataway, NJ, USA: IEEE, 2019, pp. 1-8, [Online]. Available: https://doi.org/10.1109/CCST.2019.8888419.
  31. D. Kumar, R. K. Pateriya, R. K. Gupta, V. Dehalwar, and A. Sharma, “DDoS detection using deep learning,” Procedia Comput. Sci., vol. 218, pp. 2420-2429, 2023.
  32. A. A. Najar and S. Manohar Naik, “DDoS attack detection using CNN-BiLSTM with attention mechanism,” Telemat. Inform. Rep., vol. 18, p. 100211, 2025, [Online]. Available: https://doi.org/10.1016/j.teler.2025.100211.
  33. M. Alazab, R. Abu Khurma, P. A. Castillo, B. Abu-Salih, A. Martín, and D. Camacho, “An effective networks intrusion detection approach based on hybrid Harris Hawks and multi-layer perceptron,” Egypt. Inform. J., vol. 25, p. 100423, 2024, [Online]. Available: https://doi.org/10.1016/j.eij.2023.100423.
  34. T. A. Al-Qablan, M. H. Mohd Noor, M. A. Al-Betar, and A. T. Khader, “Improved gray wolf harris hawk algorithm based feature selection for sentiment analysis,” Results Control Optim., vol. 20, p. 100604, 2025, [Online]. Available: https://doi.org/10.1016/j.rico.2025.100604.
  35. M. M. Abualhaj, S. N. Al-Khatib, M. Al Zyoud, I. Qaddara, and M. Anbar, “Enhancing intrusion detection system performance using a hybrid of Harris Hawks and whale optimization algorithms,” Eng. Technol. Appl. Sci. Res., vol. 15, no. 4, pp. 24354-24361, 2025.
  36. L. Xi, Y. Liang, X. Huang, H. Liu, and A. Li, “Unsupervised multimodal domain adversarial network for time series classification,” Inf. Sci., vol. 624, pp. 147-164, 2023.
  37. H. Peng, C. Wu, and Y. Xiao, “FD-IDS: Federated learning with knowledge distillation for intrusion detection in non-IID IoT environments,” Sensors, vol. 25, no. 14, p. 4309, 2025.
  38. A. Singla, E. Bertino, and D. Verma, “Preparing network intrusion detection deep learning models with minimal data using adversarial domain adaptation,” in Proc. 15th ACM Asia Conf. Comput. Commun. Secur., 2020, pp. 127-140.
  39. A.-D. Doan, B. L. Nguyen, S. Gupta, I. Reid, M. Wagner, and T.-J. Chin, “Assessing domain gap for continual domain adaptation in object detection,” Comput. Vis. Image Underst., vol. 238, p. 103885, 2024.

    HOME

       - Conference
       - Journal
       - Paper Submission to Conference
       - Paper Submission to Journal
       - Fee Payment
       - For Authors
       - For Reviewers
       - Important Dates
       - Conference Committee
       - Editorial Board
       - Reviewers
       - Last Proceeding


    PROCEEDINGS

       - Volume 13, Issue 5 (ICAIIT 2025)
       - Volume 13, Issue 4 (ICAIIT 2025)
       - Volume 13, Issue 3 (ICAIIT 2025)
       - Volume 13, Issue 2 (ICAIIT 2025)
       - Volume 13, Issue 1 (ICAIIT 2025)
       - Volume 12, Issue 2 (ICAIIT 2024)
       - Volume 12, Issue 1 (ICAIIT 2024)
       - Volume 11, Issue 2 (ICAIIT 2023)
       - Volume 11, Issue 1 (ICAIIT 2023)
       - Volume 10, Issue 1 (ICAIIT 2022)
       - Volume 9, Issue 1 (ICAIIT 2021)
       - Volume 8, Issue 1 (ICAIIT 2020)
       - Volume 7, Issue 1 (ICAIIT 2019)
       - Volume 7, Issue 2 (ICAIIT 2019)
       - Volume 6, Issue 1 (ICAIIT 2018)
       - Volume 5, Issue 1 (ICAIIT 2017)
       - Volume 4, Issue 1 (ICAIIT 2016)
       - Volume 3, Issue 1 (ICAIIT 2015)
       - Volume 2, Issue 1 (ICAIIT 2014)
       - Volume 1, Issue 1 (ICAIIT 2013)


    LAST CONFERENCE

       ICAIIT 2026
         - Photos
         - Reports

    PAST CONFERENCES

    ETHICS IN PUBLICATIONS

    ACCOMODATION

    CONTACT US

 

        

         Proceedings of the International Conference on Applied Innovations in IT by Anhalt University of Applied Sciences is licensed under CC BY-SA 4.0


                                                   This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License


           ISSN 2199-8876
           Publisher: Edition Hochschule Anhalt
           Location: Anhalt University of Applied Sciences
           Email: leiterin.hsb@hs-anhalt.de
           Phone: +49 (0) 3496 67 5611
           Address: Building 01 - Red Building, Top floor, Room 425, Bernburger Str. 55, D-06366 Köthen, Germany

        site traffic counter

Creative Commons License
Except where otherwise noted, all works and proceedings on this site is licensed under Creative Commons Attribution-ShareAlike 4.0 International License.