Main Catalog Informatics, Computer Engineering and Control Methods and Systems of Information Protection, Information Security

Method of protecting server infrastructure from distributed denial of service attack using a recurrent neural network

Authors: Semina A.A.
Published in issue: #5(100)/2025
DOI:
Category: Informatics, Computer Engineering and Control \| Chapter: Methods and Systems of Information Protection, Information Security
Keywords: DDoS attacks, cybersecurity, recurrent neural networks, machine learning, server protection, NSL-KDD, automatic attack detection
Published: 04.07.2025

Modern statistics from leading cybersecurity companies (Kaspersky Lab, Cloudflare, Statista) indicate a 63 % increase in the number of DDoS attacks in 2023–2024. This article discusses an innovative method for countering these threats based on the use of recurrent neural networks (RNN). The developed solution provides automated detection of attacks in real time with the ability to respond instantly, demonstrating classification accuracy at the level of 99.14 % and analysis time of only 70.12 ms on a test sample from the NSL-KDD set. A special feature of the proposed approach is adaptability to new types of threats due to the mechanism of additional training of the model. The system can be integrated into the existing client infrastructure without disrupting the operation of services. The conducted studies of various RNN configurations (including analysis of the influence of the sequence length, the number of neurons and training epochs) made it possible to achieve an optimal balance between accuracy and performance.

References

[1] Chichkov S.N. Methods of protection against DDOS attacks. Digital Economy: problems and prospects of development, 2022, pp. 571-574. (In Russ.).

[2] Musienko S.S. The use of neural networks to predict threats to information security using the example of DDoS attacks. Innovative Scientific Research: Online Journal, 2021, No. 2-3 (4), pp. 178–185. (In Russ.). https://doi.org/10.5281/zenodo.4604863

[3] Kaspersky Lab. How the landscape of DDoS attacks in Russia is changing. URL: https://www.kaspersky.ru/about/press-releases/laboratoriya-kasperskogo-kak-menyaetsya-landshaft-ddos-atak-v-rossii (accessed 07.11.2024).

[4] Cloudflare. Quarterly DDoS Attack Trends for Q1 2024. URL: https://blog.cloudflare.com/ddos-threat-report-for-2024-q1/ (accessed 19.11. 2024).

[5] 2023: StormWall Annual DDoS Attacks Report. URL: https://stormwall.pro/resources/blog/ddos-ataki-2023-otchet-za-god (accessed 19.11. 2024).

[6] Bachmanov D.A., Queue A.R., Putyato M.M., Makaryan A.S. Investigation of issues of improving DDOS protection systems based on a comprehensive analysis of modern counteraction mechanisms. Caspian Journal: Management and High Technologies, 2021, No. 1 (53), pp. 63-74. (In Russ.).

[7] Medvedev M., Reva I. Analysis of approaches to traffic filtering and the effectiveness of using black and white lists. Bulletin of SibGUTI, 2023, vol. 17, No. 1, pp. 107-116. (In Russ.).

[8] Kaspersky DDoS Protection. URL: https://www.kaspersky.ru/enterprise-security/ddos-protection (accessed 19.01.2025).

[9] NDENIX. URL: https://ngenix.net/ecp/ddos-protection/ (accessed 01/25/2025).

[10] Yandex DDoS Protection in the Virtual Private Cloud. URL: https://yandex.cloud/ru/docs/vpc/ddos-protection / (accessed 18.01.2025).

[11] DDoS-GUARD. URL: https://ddos-guard.ru / (accessed 19.01.2025).

[12] StormWall. URL: https://stormwall.pro / (accessed 01/21/2025).

[13] Bunny.net . URL: https://bunny.net / (accessed 01/21/2025).

[14] Cloud4Y. URL: https://www.cloud4y.ru / (accessed 24.01.2025).

[15] NSL-KDD. Network Security, Information Security, Cyber Security. URL: https://www.kaggle.com/datasets/hassan06/nslkdd (accessed 02/16/2025).

[16] Kalugin Yu.A., Rudakov I.V. Sound source extraction using convolutional neural networks with fully connected layers. Modern Science, 2021, No. 4-3, pp. 535-539. (In Russ.).