TY  - BOOK
AU  - Amal Mohammed Saleh Abdo Al-Eryani, 
AU  - Fatma A. Omara
AU  - Eman Hossny
TI  - Distributed denial of service attacks detection using machine learning techniques
U1  - 006.31 
PY  - 2023///
KW  - Machine Learning
KW  - ØªØ¹ÙÙÙ Ø§ÙØ£ÙÙ
KW  - Distributed Denial of Service (DDoS) attacks
KW  - Machine Learning (ML)
KW  - Deep Learning (DL)
KW  - Model
KW  -  Gradient Boosting (GB) algorithm
KW  - Gated Recurrent Unit (GRU) algorithm
KW  - Bidirectional Long Short-Term Memory (BiLSTM) algorithm
KW  - Cybersecurity
KW  - CICDDoS2019 dataset
N1  - Thesis (M.Sc)-Cairo University, 2025; Bibliography: pages 104-113.; Issues also as CD
N2  - Distributed Denial of Service (DDoS) attacks pose a major threat to organizations 
relying on online services. These attacks aim to disrupt services by overwhelming servers 
with fake traffic from multiple sources, making early and effective detection crucial for 
mitigating their impact. 
This thesis addresses the problem of DDoS attacks, which involve flooding a target 
system with packets resembling normal traffic, making them difficult to distinguish from 
legitimate requests. Traditional detection systems struggle to identify such attacks, and 
their dynamic, evolving nature poses a serious threat to the stability and functionality of 
online systems. 
Recently, the most widely used algorithms for DDoS detection are based on Machine 
Learning (ML) and Deep Learning (DL). Although these algorithms have shown 
effectiveness in detecting attacks, they remain limited in handling advanced and evolving 
threats that occur over time. Firstly, several ML algorithms were evaluated in this thesis 
using the CICDDoS2019 dataset. The Gradient Boosting (GB) algorithm achieved the 
highest overall accuracy of 99.99%, with a false positive rate (FPR) of 0.004% and a 
testing time of 0.26 seconds, followed closely by XGBoost with 99.98% accuracy. These 
results highlight the strong predictive power of ensemble ML methods. However, 
traditional ML tends to excel at identifying similarities among known attacks rather than 
detecting anomalous activities associated with unknown malicious attacks. Given the 
ability of deep learning algorithms to learn from data and patterns, it is possible to 
increase the detection rate of real malicious activities. Secondly, to overcome ML 
limitations, this study explored DL-based approaches, focusing on recurrent neural 
network architectures. The proposed GRU-BiLSTM hybrid model demonstrated 
outstanding performance, achieving an accuracy of 99.9954% with 30 epochs, while 
maintaining a low FPR of 0.01. However, the increased performance came with higher 
computational cost, as the testing time rose to 57.935 seconds. 
Finally, a novel hybrid model (GB-GRU) was introduced, combining the efficiency 
of ML with the learning capabilities of DL. The model achieved 99.96% accuracy, with 
a significantly reduced testing time of 5.729 seconds. This demonstrates its superior 
balance between detection accuracy and computational efficiency, making it highly 
suitable for real-time DDoS detection in modern network environments. 
iv
Overall, this thesis contributes to strengthening cybersecurity against evolving 
DDoS threats by providing a comprehensive evaluation of ML and DL algorithms and 
proposing hybrid models that enhance detection performance, minimize false positives, 
and optimize processing efficiency.; ØªÙØ´ÙÙÙ ÙØ¬ÙØ§Øª Ø±ÙØ¶ Ø§ÙØ®Ø¯ÙØ© Ø§ÙÙÙØ²Ø¹Ø©  ØªÙØ¯ÙØ¯ÙØ§ ÙØ¨ÙØ±ÙØ§ ÙÙÙØ¤Ø³Ø³Ø§Øª Ø§ÙØªÙ ØªØ¹ØªÙØ¯ Ø¹ÙÙ Ø§ÙØ®Ø¯ÙØ§Øª Ø¹Ø¨Ø± Ø§ÙØ¥ÙØªØ±ÙØªØ Ø¥Ø° ØªÙØ¯Ù ÙØ°Ù Ø§ÙÙØ¬ÙØ§Øª Ø¥ÙÙ ØªØ¹Ø·ÙÙ Ø§ÙØ®Ø¯ÙØ§Øª ÙÙ Ø®ÙØ§Ù Ø¥ØºØ±Ø§Ù Ø§ÙØ®ÙØ§Ø¯Ù Ø¨Ø­Ø±ÙØ© ÙØ±ÙØ± ÙÙÙÙØ© ÙÙ ÙØµØ§Ø¯Ø± ÙØªØ¹Ø¯Ø¯Ø©Ø ÙÙØ§ ÙØ¬Ø¹Ù Ø§ÙÙØ´Ù Ø§ÙÙØ¨ÙØ± ÙØ§ÙÙØ¹ÙØ§Ù Ø£ÙØ±ÙØ§ Ø¨Ø§ÙØº Ø§ÙØ£ÙÙÙØ© ÙÙØªÙÙÙÙ ÙÙ Ø¢Ø«Ø§Ø±ÙØ§.
ØªØªÙØ§ÙÙ ÙØ°Ù Ø§ÙØ£Ø·Ø±ÙØ­Ø© ÙØ´ÙÙØ© ÙØ¬ÙØ§Øª Ø±ÙØ¶ Ø§ÙØ®Ø¯ÙØ© Ø§ÙÙÙØ²Ø¹Ø©Ø Ø§ÙØªÙ ØªÙØºØ±Ù Ø§ÙÙØ¸Ø§Ù Ø§ÙÙØ³ØªÙØ¯Ù Ø¨Ø­Ø²Ù Ø¨ÙØ§ÙØ§Øª ØªÙØ´Ø¨Ù Ø­Ø±ÙØ© Ø§ÙÙØ±ÙØ± Ø§ÙØ¹Ø§Ø¯ÙØ©Ø ÙÙØ§ ÙØ¬Ø¹Ù ÙÙ Ø§ÙØµØ¹Ø¨ Ø§ÙØªÙÙÙØ² Ø¨ÙÙÙØ§ ÙØ¨ÙÙ Ø§ÙØ·ÙØ¨Ø§Øª Ø§ÙÙØ´Ø±ÙØ¹Ø©. ØªÙØ§Ø¬Ù Ø£ÙØ¸ÙØ© Ø§ÙÙØ´Ù Ø§ÙØªÙÙÙØ¯ÙØ© ØµØ¹ÙØ¨Ø© ÙÙ Ø§ÙØªØ¹Ø±ÙÙ Ø¹ÙÙ ÙØ«Ù ÙØ°Ù Ø§ÙÙØ¬ÙØ§ØªØ ÙÙØ§ Ø£Ù Ø§ÙØ·Ø¨ÙØ¹Ø© Ø§ÙØ¯ÙÙØ§ÙÙÙÙØ© ÙØ§ÙÙØªØ·ÙØ±Ø© ÙÙØ°Ù Ø§ÙÙØ¬ÙØ§Øª ØªÙØ´ÙÙÙ ØªÙØ¯ÙØ¯ÙØ§ Ø®Ø·ÙØ±ÙØ§ ÙØ§Ø³ØªÙØ±Ø§Ø± Ø§ÙØ£ÙØ¸ÙØ© Ø§ÙØ¥ÙÙØªØ±ÙÙÙØ© ÙÙØ¸Ø§Ø¦ÙÙØ§.
ÙÙ Ø§ÙØ³ÙÙØ§Øª Ø§ÙØ£Ø®ÙØ±Ø©Ø Ø£ØµØ¨Ø­Øª Ø§ÙØ®ÙØ§Ø±Ø²ÙÙØ§Øª Ø§ÙÙØ§Ø¦ÙØ© Ø¹ÙÙ Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ ÙØ§ÙØªØ¹ÙÙ Ø§ÙØ¹ÙÙÙ ÙÙ Ø£ÙØ«Ø± Ø§ÙØ£Ø³Ø§ÙÙØ¨ Ø§Ø³ØªØ®Ø¯Ø§ÙÙØ§ ÙÙ Ø§ÙÙØ´Ù Ø¹Ù ÙØ¬ÙØ§Øª Ø±ÙØ¶ Ø§ÙØ®Ø¯ÙØ© Ø§ÙÙÙØ²Ø¹Ø©. ÙØ¹ÙÙ Ø§ÙØ±ØºÙ ÙÙ Ø£Ù ÙØ°Ù Ø§ÙØ®ÙØ§Ø±Ø²ÙÙØ§Øª Ø£Ø«Ø¨ØªØª ÙØ¹Ø§ÙÙØªÙØ§ ÙÙ Ø§ÙÙØ´Ù Ø¹Ù Ø§ÙÙØ¬ÙØ§ØªØ Ø¥ÙØ§ Ø£Ù ÙØ¯Ø±ØªÙØ§ ÙØ§ ØªØ²Ø§Ù ÙØ­Ø¯ÙØ¯Ø© ÙÙ Ø§ÙØªØ¹Ø§ÙÙ ÙØ¹ Ø§ÙØªÙØ¯ÙØ¯Ø§Øª Ø§ÙÙØªÙØ¯ÙØ© ÙØ§ÙÙØªØºÙØ±Ø© Ø¨ÙØ±ÙØ± Ø§ÙÙÙØª.
Ø£ÙÙÙØ§Ø ØªÙ ÙÙ ÙØ°Ù Ø§ÙØ£Ø·Ø±ÙØ­Ø© ØªÙÙÙÙ Ø¹Ø¯Ø© Ø®ÙØ§Ø±Ø²ÙÙØ§Øª ØªØ¹ÙÙ Ø¢ÙÙ Ø¨Ø§Ø³ØªØ®Ø¯Ø§Ù ÙØ¬ÙÙØ¹Ø© Ø¨ÙØ§ÙØ§Øª CICDDoS2019. ÙØ­ÙÙØª Ø®ÙØ§Ø±Ø²ÙÙØ© Gradient Boosting (GB) Ø£Ø¹ÙÙ Ø¯ÙØ© Ø¨ÙØºØª %99.99Ø ÙØ¹ ÙØ¹Ø¯Ù Ø¥ÙØ°Ø§Ø± ÙØ§Ø°Ø¨ ÙÙØ®ÙØ¶ Ø¨ÙØº %0.004Ø ÙÙÙØª Ø§Ø®ØªØ¨Ø§Ø± 0.26 Ø«Ø§ÙÙØ©Ø ØªÙØªÙØ§ Ø®ÙØ§Ø±Ø²ÙÙØ© XGBoost Ø¨Ø¯ÙØ© %99.98. ØªÙØ¨Ø±Ø² ÙØ°Ù Ø§ÙÙØªØ§Ø¦Ø¬ Ø§ÙÙÙØ© Ø§ÙØªÙØ¨Ø¤ÙØ© Ø§ÙØ¹Ø§ÙÙØ© ÙØ£Ø³Ø§ÙÙØ¨ Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ Ø§ÙÙØ§Ø¦ÙØ© Ø¹ÙÙ Ø§ÙØªØ¬ÙÙØ¹.
ÙÙØ¹ Ø°ÙÙØ ÙØ¥Ù Ø®ÙØ§Ø±Ø²ÙÙØ§Øª Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ Ø§ÙØªÙÙÙØ¯ÙØ© ØªÙÙÙ Ø¥ÙÙ Ø§ÙØªÙÙÙ ÙÙ Ø§ÙØªØ¹Ø±ÙÙ Ø¹ÙÙ Ø£ÙØ¬Ù Ø§ÙØªØ´Ø§Ø¨Ù Ø¨ÙÙ Ø§ÙÙØ¬ÙØ§Øª Ø§ÙÙØ¹Ø±ÙÙØ© Ø£ÙØ«Ø± ÙÙ ÙØ¯Ø±ØªÙØ§ Ø¹ÙÙ Ø§ÙØªØ´Ø§Ù Ø§ÙØ£ÙØ´Ø·Ø© Ø§ÙØ´Ø§Ø°Ø© Ø§ÙÙØ±ØªØ¨Ø·Ø© Ø¨Ø§ÙÙØ¬ÙØ§Øª Ø§ÙØ¬Ø¯ÙØ¯Ø© ØºÙØ± Ø§ÙÙØ¹Ø±ÙÙØ©. ÙØ¨Ø§ÙÙØ¸Ø± Ø¥ÙÙ ÙØ¯Ø±Ø© Ø®ÙØ§Ø±Ø²ÙÙØ§Øª Ø§ÙØªØ¹ÙÙ Ø§ÙØ¹ÙÙÙ Ø¹ÙÙ Ø§ÙØªØ¹ÙÙ ÙÙ Ø§ÙØ¨ÙØ§ÙØ§Øª ÙØ§ÙØ£ÙÙØ§Ø· Ø§ÙØ²ÙÙÙØ©Ø ÙÙÙÙ ØªØ­Ø³ÙÙ ÙØ¹Ø¯Ù Ø§ÙØªØ´Ø§Ù Ø§ÙØ£ÙØ´Ø·Ø© Ø§ÙØ®Ø¨ÙØ«Ø© Ø§ÙÙØ¹ÙÙØ©. ÙØ°ÙÙØ ÙÙÙØªØºÙØ¨ Ø¹ÙÙ ÙÙÙØ¯ Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ Ø ØªÙ ÙÙ ÙØ°Ù Ø§ÙØ¯Ø±Ø§Ø³Ø© Ø§Ø³ØªÙØ´Ø§Ù Ø£Ø³Ø§ÙÙØ¨ Ø§ÙØªØ¹ÙÙ Ø§ÙØ¹ÙÙÙ Ø§ÙÙØ¹ØªÙØ¯Ø© Ø¹ÙÙ Ø§ÙØ´Ø¨ÙØ§Øª Ø§ÙØ¹ØµØ¨ÙØ© Ø§ÙÙØªÙØ±Ø±Ø©. ÙÙØ¯ Ø£Ø¸ÙØ± Ø§ÙÙÙÙØ°Ø¬ Ø§ÙÙØ¬ÙÙ Ø§ÙÙÙØªØ±Ø­ GRU-BiLSTM Ø£Ø¯Ø§Ø¡Ù ÙØªÙÙØ²ÙØ§Ø Ø­ÙØ« Ø­ÙÙ Ø¯ÙØ© %99.9954 Ø¨Ø¹Ø¯ 30 ØªÙØ±Ø§Ø±ÙØ§ (Ø­ÙØ¨Ø©)Ø ÙØ¹ ÙØ¹Ø¯Ù Ø¥ÙØ°Ø§Ø± ÙØ§Ø°Ø¨ 0.01. ÙÙØ¹ Ø°ÙÙØ Ø§Ø±ØªØ¨Ø· ÙØ°Ø§ Ø§ÙØ£Ø¯Ø§Ø¡ Ø§ÙØ¹Ø§ÙÙ Ø¨Ø²ÙØ§Ø¯Ø© ÙÙ Ø§ÙØªÙÙÙØ© Ø§ÙØ­Ø³Ø§Ø¨ÙØ©Ø Ø­ÙØ« Ø¨ÙØº ÙÙØª Ø§ÙØ§Ø®ØªØ¨Ø§Ø± 57.935 Ø«Ø§ÙÙØ©.
ÙØ£Ø®ÙØ±ÙØ§Ø ØªÙ Ø§ÙØªØ±Ø§Ø­ ÙÙÙØ°Ø¬ ÙØ¬ÙÙ Ø¬Ø¯ÙØ¯ (GB-GRU) ÙØ¬ÙØ¹ Ø¨ÙÙ ÙÙØ§Ø¡Ø© Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ  ÙÙØ¯Ø±Ø§Øª Ø§ÙØªØ¹ÙÙ ÙÙ Ø§ÙØªØ¹ÙÙ Ø§ÙØ¹ÙÙÙ. Ø­ÙÙ ÙØ°Ø§ Ø§ÙÙÙÙØ°Ø¬ Ø¯ÙØ© %99.96Ø ÙØ¹ ØªÙÙÙÙ ÙØ¨ÙØ± ÙÙ ÙÙØª Ø§ÙØ§Ø®ØªØ¨Ø§Ø± Ø¥ÙÙ 5.729 Ø«Ø§ÙÙØ©Ø ÙÙØ§ ÙÙØ¸ÙØ± ØªÙØ§Ø²ÙÙØ§ ÙØªÙÙÙÙØ§ Ø¨ÙÙ Ø¯ÙØ© Ø§ÙÙØ´Ù ÙØ§ÙÙÙØ§Ø¡Ø© Ø§ÙØ­Ø³Ø§Ø¨ÙØ©Ø ÙÙØ¬Ø¹ÙÙ ÙÙØ§Ø³Ø¨ÙØ§ Ø¬Ø¯ÙØ§ ÙÙÙØ´Ù ÙÙ Ø§ÙØ²ÙÙ Ø§ÙØ­ÙÙÙÙ Ø¹Ù ÙØ¬ÙØ§Øª Ø±ÙØ¶ Ø§ÙØ®Ø¯ÙØ© Ø§ÙÙÙØ²Ø¹Ø© ÙÙ Ø¨ÙØ¦Ø§Øª Ø§ÙØ´Ø¨ÙØ§Øª Ø§ÙØ­Ø¯ÙØ«Ø©.
Ø¨Ø´ÙÙ Ø¹Ø§ÙØ ØªÙØ³Ø§ÙÙ ÙØ°Ù Ø§ÙØ£Ø·Ø±ÙØ­Ø© ÙÙ ØªØ¹Ø²ÙØ² Ø§ÙØ£ÙÙ Ø§ÙØ³ÙØ¨Ø±Ø§ÙÙ Ø¶Ø¯ ØªÙØ¯ÙØ¯Ø§Øª Ø±ÙØ¶ Ø§ÙØ®Ø¯ÙØ© Ø§ÙÙÙØ²Ø¹Ø© Ø§ÙÙØªØ·ÙØ±Ø© ÙÙ Ø®ÙØ§Ù ØªÙØ¯ÙÙ ØªÙÙÙÙ Ø´Ø§ÙÙ ÙØ®ÙØ§Ø±Ø²ÙÙØ§Øª Ø§ÙØªØ¹ÙÙ Ø§ÙØ¢ÙÙ  ÙØ§ÙØªØ¹ÙÙ Ø§ÙØ¹ÙÙÙØ ÙØ§ÙØªØ±Ø§Ø­ ÙÙØ§Ø°Ø¬ ÙØ¬ÙÙØ© ØªÙØ­Ø³ÙÙ Ø£Ø¯Ø§Ø¡ Ø§ÙÙØ´ÙØ ÙØªÙÙÙÙÙ ÙØ¹Ø¯ÙØ§Øª Ø§ÙØ¥ÙØ°Ø§Ø± Ø§ÙÙØ§Ø°Ø¨Ø ÙØªÙØ¹Ø²ÙØ² ÙÙØ§Ø¡Ø© Ø§ÙÙØ¹Ø§ÙØ¬Ø©
ER  -