SpreadSentinel: A Forward-Chaining Approach to Early and Adaptive DDoS Mitigation
- Lecture Notes of the Institute for Computer Sciences : 1-18
Résumé
The early detection of Distributed Denial-of-Service (DDoS) attacks in dynamic and imbalanced network environments remains a critical and unresolved challenge. While temporal deep learning architectures such LSTM, GRU, TCN, and RNN have demonstrated effectiveness in capturing sequential dependencies in network traffic, their real-time utilization is often hampered by sensitivity to noise, high computational cost, and difficulty adapting to evolving attack patterns. In response, we propose SpreadSentinel, an incremental and scalable detection framework that leverages forward chaining techniques, mini-batch learning, and SMOTE-based class rebalancing to enhance early detection capabilities. Our systematic evaluation encompasses both temporal and feed-forward deep learning models applied on the CICDDoS2019 – Friday dataset. Experiments reveal consistently high performance across all architectures, highlighting the strong potential of various deep learning paradigms for early DDoS detection. These results, with detection rates exceeding 99% accuracy, demonstrate that temporal models can also achieve excellent performance in early detection. SpreadSentinel offers a reproducible and adaptive foundation for efficient sequential modeling and real-time intrusion detection, making it well-suited for heterogeneous infrastructures such as SDN and IoT.
Mots-clés
software security, Deep learning, Forward chaining, Class imbalance handling