A Model Selection Methodology for Simultaneous Rapid Reset-Slow Rate DoS Attacks Detection in 5G-IIoT: Balancing Performance and Fitting | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article A Model Selection Methodology for Simultaneous Rapid Reset-Slow Rate DoS Attacks Detection in 5G-IIoT: Balancing Performance and Fitting Georg Thamer Francis, Mohammed Al-Hubaishi This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-7785683/v1 This work is licensed under a CC BY 4.0 License Status: Under Review Version 1 posted 7 You are reading this latest preprint version Abstract Ever-evolving cyber attacks require ever-evolving cyber attack detection systems, and these attacks are diversifying into deeper and more specific types. Thus, the cyber attack detection systems need to follow this trend. 5G-based industrial Internet of Things (IIoT) networks have become a primary target of these specific attacks, underscoring the need for 5G-IIoT-based intrusion detection systems (IDS). This research paper presents a comprehensive IDS against denial of service (DoS) attacks, specifically targeting rapid reset attacks and their counterpart, slow rate attacks, when attacking individually and simultaneously, with a focus on accuracy and overfitting mitigation. We utilize the 5G-Flow dataset from the IEEE dataport, and propose optimized variations of K-Nearest Neighbors (KNN), Naive Bayes (NB), and Deep Neural Networks (DNN) as best performers based on attack category, detection purpose, and metric optimization. This research presents simultaneous RR-SR attacks as a new global problem and proposes naive Bayes as the current best algorithm to detect them. It presents a novel purpose-based selection framework for selecting the best-performing and fitting models from our experiment, as well as an enhanced security-first architecture for SR-RR detection in 5G-IIoT networks. The proposed system demonstrates efficient results in detecting coordinated multi-vector attacks in 5G-IIoT environments, providing a robust foundation for next-generation industrial cybersecurity. 5G networks Rapid Reset attacks Slow rate attacks DoS Industrial IoT Intrusion Detection Deep Learning Overfitting Prevention Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Under Review Version 1 posted Editorial decision: Revision requested 25 Feb, 2026 Reviews received at journal 25 Feb, 2026 Reviewers agreed at journal 25 Feb, 2026 Reviewers invited by journal 25 Feb, 2026 Editor assigned by journal 31 Oct, 2025 Submission checks completed at journal 08 Oct, 2025 First submitted to journal 05 Oct, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-7785683","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":597062246,"identity":"0c7517ba-7610-47f6-a88c-a15f99375bb5","order_by":0,"name":"Georg Thamer Francis","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA/0lEQVRIiWNgGAWjYBCDBAhZASSYmRuI0WEA0fLgDEgLIwlaGB+2gSn8WuTdm499/FLxJ49/2uFjHxLn1UbztwO1/KjYhlOL4ZljybNlzhgUS9xOS56RuO147ozDjA2MPWdu49YyI8eYWbLNILHhdo4xQ+K2Y7kNQC3MjG14tMx/A9TyzyBx/u38zwyJc47lziekRV6Cx5jxY4NB4obbOcwMiQ01uRsIaTHgSUtmZjhmnLjxdpoxQ8KxA7kbgVoO4vOLfPvhw4w/auQS591Ofgxk1OXOO3/44IMfFXhsOQCMOx4E/zCYPIBTPciWBmDU/UDw6/ApHgWjYBSMghEKAONWYN1nmN2ZAAAAAElFTkSuQmCC","orcid":"","institution":"Halic University","correspondingAuthor":true,"prefix":"","firstName":"Georg","middleName":"Thamer","lastName":"Francis","suffix":""},{"id":597062247,"identity":"156c4e72-92ce-419c-9ee2-37dd967c6573","order_by":1,"name":"Mohammed Al-Hubaishi","email":"","orcid":"","institution":"Halic University","correspondingAuthor":false,"prefix":"","firstName":"Mohammed","middleName":"","lastName":"Al-Hubaishi","suffix":""}],"badges":[],"createdAt":"2025-10-05 15:53:22","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-7785683/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-7785683/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":104400039,"identity":"c86aa79f-bab0-4a3e-b7d3-1e221ae88c32","added_by":"auto","created_at":"2026-03-11 12:08:38","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":3691321,"visible":true,"origin":"","legend":"","description":"","filename":"OverleafSpringerSimultaneousRapidResetvsSlowRateAttacksV2.pdf","url":"https://assets-eu.researchsquare.com/files/rs-7785683/v1_covered_9148d5a6-b0cf-4aec-8811-be536e49a276.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"A Model Selection Methodology for Simultaneous Rapid Reset-Slow Rate DoS Attacks Detection in 5G-IIoT: Balancing Performance and Fitting","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"journal-of-network-and-systems-management","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jons","sideBox":"Learn more about [Journal of Network and Systems Management](http://link.springer.com/journal/10922)","snPcode":"10922","submissionUrl":"https://submission.nature.com/new-submission/10922/3","title":"Journal of Network and Systems Management","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false},"keywords":"5G networks, Rapid Reset attacks, Slow rate attacks, DoS, Industrial IoT, Intrusion Detection, Deep Learning, Overfitting Prevention","lastPublishedDoi":"10.21203/rs.3.rs-7785683/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-7785683/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"Ever-evolving cyber attacks require ever-evolving cyber attack detection systems, and these attacks are diversifying into deeper and more specific types. Thus, the cyber attack detection systems need to follow this trend. 5G-based industrial Internet of Things (IIoT) networks have become a primary target of these specific attacks, underscoring the need for 5G-IIoT-based intrusion detection systems (IDS). This research paper presents a comprehensive IDS against denial of service (DoS) attacks, specifically targeting rapid reset attacks and their counterpart, slow rate attacks, when attacking individually and simultaneously, with a focus on accuracy and overfitting mitigation. We utilize the 5G-Flow dataset from the IEEE dataport, and propose optimized variations of K-Nearest Neighbors (KNN), Naive Bayes (NB), and Deep Neural Networks (DNN) as best performers based on attack category, detection purpose, and metric optimization. This research presents simultaneous RR-SR attacks as a new global problem and proposes naive Bayes as the current best algorithm to detect them. It presents a novel purpose-based selection framework for selecting the best-performing and fitting models from our experiment, as well as an enhanced security-first architecture for SR-RR detection in 5G-IIoT networks. The proposed system demonstrates efficient results in detecting coordinated multi-vector attacks in 5G-IIoT environments, providing a robust foundation for next-generation industrial cybersecurity.\n","manuscriptTitle":"A Model Selection Methodology for Simultaneous Rapid Reset-Slow Rate DoS Attacks Detection in 5G-IIoT: Balancing Performance and Fitting","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2026-03-02 06:03:39","doi":"10.21203/rs.3.rs-7785683/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2026-02-25T16:36:14+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2026-02-25T16:35:57+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"54463851763589067611055157240296061330","date":"2026-02-25T16:34:29+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2026-02-25T16:24:54+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2025-10-31T09:09:44+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2025-10-08T11:02:29+00:00","index":"","fulltext":""},{"type":"submitted","content":"Journal of Network and Systems Management","date":"2025-10-05T15:48:59+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"journal-of-network-and-systems-management","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jons","sideBox":"Learn more about [Journal of Network and Systems Management](http://link.springer.com/journal/10922)","snPcode":"10922","submissionUrl":"https://submission.nature.com/new-submission/10922/3","title":"Journal of Network and Systems Management","twitterHandle":"","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"em","reportingPortfolio":"Springer Hybrid","inReviewEnabled":true,"inReviewRevisionsEnabled":false}}],"origin":"","ownerIdentity":"b56402b6-ad14-4ee7-b6dc-834d4ac91957","owner":[],"postedDate":"March 2nd, 2026","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"under-review","subjectAreas":[],"tags":[],"updatedAt":"2026-04-23T13:38:32+00:00","versionOfRecord":[],"versionCreatedAt":"2026-03-02 06:03:39","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-7785683","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-7785683","identity":"rs-7785683","version":["v1"]},"buildId":"XKTyCvWXoU3ODBz1xrDgd","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.