Analysis of the potential of recurrent neural networks for identification of DDoS attacks

Abstract

Abstract. In the world of cybersecurity, DDoS attacks are like a mass disease that keeps mutating. Traditional defense systems, which only look for sudden traffic spikes, are increasingly powerless against new, cunning attacks. The latest of these can behave almost like real users, “poisoning” the system slowly and unnoticed. This is why researchers are seeking more innovative solutions that can not only track the number of requests but also their underlying logic over time. The goal of this work is to verify that specialized neural networks capable of analyzing sequences (specifically, LSTM and GRU models) are indeed a promising line of defense. The idea is that network traffic is not a set of isolated events, but a continuous “conversation”. By observing this “conversation,” these neural networks can learn their usual rhythm and hear the first uncertain notes when someone tries to disrupt it. Previous research has repeatedly confirmed that such models are often more accurate than old methods. Their superpower is memory. They don't just see what's happening now, but they also remember what happened before. This makes them crucial for detecting slow, “smoldering” attacks that last for hours and go unnoticed by conventional security systems. Our theoretical work confirms that these neural networks are a powerful tool against all kinds of DDoS attacks, from brute-force to sophisticated ones. They are flexible and can learn from new threats. Of course, they aren't perfect: training them requires powerful computers, massive datasets, and careful tuning. In conclusion, recurrent neural networks are a serious step towards a future where security systems become not just guards with an instruction manual, but attentive and intelligent guardians. They analyze behavior over time, which gives them a significant advantage. The next step should be the creation of hybrid systems that combine the strengths of different technologies to build a truly living and resilient defender for our networks.