MAEL: Meta-Active Semi-Supervised Ensemble Learning Model for DDoS Attack Detection

preprint OA: closed
Full text JSON View at publisher

Abstract

Abstract Cyberattacks against businesses have significantly increased in recent years, causing significant financial losses as well as privacy violations. Because of their harmful consequences on network infrastructure, including the depletion of computational resources and the saturation of communication channels, Distributed Denial of Service (DDoS) attacks stand out among these threats. In order to protect big networks, it is now essential to create effective ways to identify and stop DDoS attacks. However, using supervised learning models in DDoS attacks detection seems to be no longer appropriate, taking in consideration the fast growth of DDoS attacks in style and frequency. It is advised to use online semi-supervised learning models for identifying misbehaving flows and probable DDoS attacks by extending knowledge of labeled flows across unlabeled flows using graph-based learning models. Graph Neural Networks (GNNs), a subset of Neural Networks, excel in processing graph-structured data, offering promising avenues for innovation in this domain. This paper proposes an efficient GNN-based approach to detect DDoS attacks when flows are partially labeled. It involves a sequential application of multiple GNN layers to compute flow embeddings, capturing relevant information about the hosts involved in forwarding network traffic. These flow embeddings serve as inputs to a binary classifier, which predicts the likely label of each flow. Experimental results demonstrate the effectiveness of the proposed approach, showcasing notable improvements in key performance metrics such as accuracy, precision, and F1-Score.
Full text 11,546 characters · extracted from preprint-html · click to expand
MAEL: Meta-Active Semi-Supervised Ensemble Learning Model for DDoS Attack Detection | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article MAEL: Meta-Active Semi-Supervised Ensemble Learning Model for DDoS Attack Detection Ali El Kamel, Ahmed Saidane, Habib Youssed This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-5551454/v1 This work is licensed under a CC BY 4.0 License Status: Posted Version 1 posted You are reading this latest preprint version Abstract Cyberattacks against businesses have significantly increased in recent years, causing significant financial losses as well as privacy violations. Because of their harmful consequences on network infrastructure, including the depletion of computational resources and the saturation of communication channels, Distributed Denial of Service (DDoS) attacks stand out among these threats. In order to protect big networks, it is now essential to create effective ways to identify and stop DDoS attacks. However, using supervised learning models in DDoS attacks detection seems to be no longer appropriate, taking in consideration the fast growth of DDoS attacks in style and frequency. It is advised to use online semi-supervised learning models for identifying misbehaving flows and probable DDoS attacks by extending knowledge of labeled flows across unlabeled flows using graph-based learning models. Graph Neural Networks (GNNs), a subset of Neural Networks, excel in processing graph-structured data, offering promising avenues for innovation in this domain. This paper proposes an efficient GNN-based approach to detect DDoS attacks when flows are partially labeled. It involves a sequential application of multiple GNN layers to compute flow embeddings, capturing relevant information about the hosts involved in forwarding network traffic. These flow embeddings serve as inputs to a binary classifier, which predicts the likely label of each flow. Experimental results demonstrate the effectiveness of the proposed approach, showcasing notable improvements in key performance metrics such as accuracy, precision, and F1-Score. Theoretical Computer Science Systems and Networking Cybersecurity DDoS attacks IDS Machine Learning Deep Learning Graph Neural Networks Full Text Additional Declarations The authors declare no competing interests. Cite Share Download PDF Status: Posted Version 1 posted You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-5551454","acceptedTermsAndConditions":true,"allowDirectSubmit":true,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":384433801,"identity":"18e16e6d-aaed-434a-97fd-dfb486d6dac1","order_by":0,"name":"Ali El Kamel","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAABEklEQVRIie3RsUrDQBjA8S8EvluuyXohkLxCQsBJ+iwXCk4+grQngXOxnXXwHXRxvhCwi29wgw0Bpw51kQ5FvGtFFBLs6HD/JTm4H3xfAuBy/ceIJzxhngG5FMCPIv4XQVob8svgEAE4EGavH0PCyhfezcVjglFXbdrtGDJF2o7upgmkc9VHWGMGu3/SBcalZJxPDKFFMZJNARj072bJCnUpDTG7KMhe1hiPhCoF0qxPpHvyoWcyqqvNnijyGpvBZkMks+RBao7ME+xA4CSm6HMYILkh9e1C55LaXc4mNDK75HeyySWe95JkedW21+86Dcmye9uejpPAfLHVejdNQ/+5l9jUzwP9fhv6ky6Xy+X6u0+dfFs6SMJ3NgAAAABJRU5ErkJggg==","orcid":"https://orcid.org/0000-0002-7377-1469","institution":"Research Lab PRINCE, ISITCOM, University of Sousse","correspondingAuthor":true,"prefix":"","firstName":"Ali","middleName":"El","lastName":"Kamel","suffix":""},{"id":384433802,"identity":"dbb74519-ed0b-4587-90e6-c2914dc74471","order_by":1,"name":"Ahmed Saidane","email":"","orcid":"","institution":"Research Lab PRINCE, ISITCOM, University of Sousse","correspondingAuthor":false,"prefix":"","firstName":"Ahmed","middleName":"","lastName":"Saidane","suffix":""},{"id":384433803,"identity":"f2e53467-567d-4d6d-a360-b22da3c4e397","order_by":2,"name":"Habib Youssed","email":"","orcid":"","institution":"Research Lab PRINCE, ISITCOM, University of Sousse","correspondingAuthor":false,"prefix":"","firstName":"Habib","middleName":"","lastName":"Youssed","suffix":""}],"badges":[],"createdAt":"2024-11-29 21:31:22","currentVersionCode":1,"declarations":{"humanSubjects":false,"vertebrateSubjects":true,"conflictsOfInterestStatement":false,"humanSubjectEthicalGuidelines":false,"humanSubjectConsent":false,"humanSubjectClinicalTrial":false,"humanSubjectCaseReport":false,"vertebrateSubjectEthicalGuidelines":true},"doi":"10.21203/rs.3.rs-5551454/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-5551454/v1","draftVersion":[],"editorialEvents":[],"editorialNote":"","failedWorkflow":false,"files":[{"id":70552015,"identity":"cfcacd31-d6b2-477b-9a50-353d854fdbff","added_by":"auto","created_at":"2024-12-04 10:20:40","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":492989,"visible":true,"origin":"","legend":"","description":"","filename":"clustercomputingali.pdf","url":"https://assets-eu.researchsquare.com/files/rs-5551454/v1_covered_ce729c74-5232-4978-960c-6c02e8d18888.pdf"}],"financialInterests":"The authors declare no competing interests.","formattedTitle":"\u003cp\u003eMAEL: Meta-Active Semi-Supervised Ensemble Learning Model for DDoS Attack Detection\u003c/p\u003e","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":true,"hideJournal":true,"highlight":"","institution":"University of Sousse","isAcceptedByJournal":false,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true},"keywords":"Cybersecurity, DDoS attacks, IDS, Machine Learning, Deep Learning, Graph Neural Networks","lastPublishedDoi":"10.21203/rs.3.rs-5551454/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-5551454/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eCyberattacks against businesses have significantly increased in recent years, causing significant financial losses as well as privacy violations. Because of their harmful consequences on network infrastructure, including the depletion of computational resources and the saturation of communication channels, Distributed Denial of Service (DDoS) attacks stand out among these threats. In order to protect big networks, it is now essential to create effective ways to identify and stop DDoS attacks. However, using supervised learning models in DDoS attacks detection seems to be no longer appropriate, taking in consideration the fast growth of DDoS attacks in style and frequency. It is advised to use online semi-supervised learning models for identifying misbehaving flows and probable DDoS attacks by extending knowledge of labeled flows across unlabeled flows using graph-based learning models. Graph Neural Networks (GNNs), a subset of Neural Networks, excel in processing graph-structured data, offering promising avenues for innovation in this domain.\u0026nbsp;\u003c/p\u003e\n\u003cp\u003eThis paper proposes an efficient GNN-based approach to detect DDoS attacks when flows are partially labeled. It involves a sequential application of multiple GNN layers to compute flow embeddings, capturing relevant information about the hosts involved in forwarding network traffic. These flow embeddings serve as inputs to a binary classifier, which predicts the likely label of each flow. Experimental results demonstrate the effectiveness of the proposed approach, showcasing notable improvements in key performance metrics such as accuracy, precision, and F1-Score.\u003c/p\u003e","manuscriptTitle":"MAEL: Meta-Active Semi-Supervised Ensemble Learning Model for DDoS Attack Detection","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2024-12-04 10:12:33","doi":"10.21203/rs.3.rs-5551454/v1","editorialEvents":[{"type":"communityComments","content":0}],"status":"published","journal":{"display":true,"email":"[email protected]","identity":"researchsquare","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":true,"externalIdentity":"","sideBox":"","snPcode":"","submissionUrl":"/submission","title":"Research Square","twitterHandle":"researchsquare","acdcEnabled":true,"dfaEnabled":false,"editorialSystem":"","reportingPortfolio":"","inReviewEnabled":false,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"04dab684-c4d9-4292-a352-5fd154ef547d","owner":[],"postedDate":"December 4th, 2024","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"posted","subjectAreas":[{"id":40959731,"name":"Theoretical Computer Science"},{"id":40959732,"name":"Systems and Networking"}],"tags":[],"updatedAt":"2024-12-04T10:12:33+00:00","versionOfRecord":[],"versionCreatedAt":"2024-12-04 10:12:33","video":"","vorDoi":"","vorDoiUrl":"","workflowStages":[]},"version":"v1","identity":"rs-5551454","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-5551454","identity":"rs-5551454","version":["v1"]},"buildId":"qtupq5eGEP_6zYnWcrvyt","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}

Text is read by the "Ask this paper" AI Q&A widget below. Extraction quality varies by source — PMC NXML preserves structure cleanly, OA-HTML may include some navigation residue, and OA-PDF can have broken hyphenation. The publisher copy (via DOI) is the canonical version.

My notes (saved in your browser only)

Ask this paper AI returns verbatim quotes from the full text · source: preprint-html

Answers must be backed by verbatim quotes from this paper's full text. Hallucinated quotes are dropped automatically; if no verbatim passage answers the question, we say so. How this works

Citation neighborhood (no data yet)

We don't have any in-corpus citations linked to this paper yet. This is a recent paper (2024) — citers typically take a year or two to land, and the OpenAlex reference graph may still be filling in.

Source provenance

europepmc
last seen: 2026-05-20T01:45:00.602351+00:00