Authors : S. Kanmani; Mohan A.; Adesh S.; Ronit Metson

Volume/Issue : Volume 11 - 2026, Issue 4 - April

Google Scholar : https://tinyurl.com/2vvwt95x

Scribd : https://tinyurl.com/yx3e8f2r

DOI : https://doi.org/10.38124/ijisrt/26apr1640

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Abstract : Distributed Denial of Service (DDoS) attacks remain among the most severe threats to modern network infrastructure, inflicting significant service disruptions and financial losses. Traditional rule-based or signature-matching defenses prove increasingly ineffective against sophisticated multi-vector DDoS campaigns that evolve faster than human administrators can respond. This paper presents DeepShield, a real-time, fully autonomous DDoS detection and mitigation platform structured around four tightly integrated modules. The Hybrid Detection Engine combines a CNN-LSTM deep learning encoder with a LightGBM gradient-boosted classifier to achieve sub-12-millisecond end-to-end inference on the CIC-DDoS2019 benchmark, classifying network traffic into 13 distinct attack categories plus benign traffic. Neural encoder export to ONNX Runtime reduces inference latency from 92 ms to 6–12 ms, supporting throughput of 100,000 packets per second. The Autonomous Mitigation Engine employs a Double Deep Q-Network (Double DQN) reinforcement learning agent orchestrated through a LangGraph state machine, selecting among five network enforcement actions without manual intervention. The Threat Intelligence Engine enriches confirmed DDoS events with contextual analysis drawn from a self-evolving Markdown Knowledge Base operating across three graceful degradation modes. A Dockerized testbed with 13 attacker containers enables reproducible evaluation, while a React-based Security Operations Centre (SOC) dashboard delivers live visualisation via WebSocket streaming. Experimental evaluation on CIC-DDoS2019 yields a weighted F1-score of 0.9957, confirming DeepShield's suitability for deployment in operational SOC environments without any cloud dependency.

Keywords : DDoS Detection; Deep Learning; Reinforcement Learning; Threat Intelligence; ONNX Runtime; LightGBM; CNNLSTM; Double DQN; LangGraph; Network Security.

References :

1. A. Apostu, S. Gheorghe, A. Hîji, N. Cleju, A. Pătraș, C. Rusu, R. T. Ionescu, and P. Irofti, "Detecting and mitigating DDoS attacks with AI: A survey," ACM Computing Surveys, vol. 37, no. 4, Art. no. 111, Aug. 2018.
2. I. Issa and S. Albayrak, "DDoS attack intrusion detection using CNN-LSTM hybridization," Journal of Cybersecurity, 2023.
3. S. Kar, "Efficient real-time DDoS detection using machine learning," International Journal of Computer Networks, 2024.
4. X. Ma et al., "Real-time DDoS detection using random forest in SDN edge computing," IEEE Internet of Things Journal, 2024.
5. M. Shohan et al., "Hybrid approach for DDoS detection and mitigation using 1D CNN and random forest," IEEE Access, 2023.
6. Y. Wang et al., "ShieldGPT: An LLM-based framework for DDoS mitigation with explainable analysis," in Proc. ACM CCS, 2024.
7. I. Sharafaldin, A. H. Lashkari, S. Hakak, and A. A. Ghorbani, "Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy," in Proc. IEEE ICCST, 2019.
8. X. Yuan, C. Li, and X. Li, "DeepDefense: Identifying DDoS attack via deep learning," in Proc. IEEE ICDM Workshop, 2017.
9. N. Agrawal and S. Tapaswi, "Defense mechanisms against DDoS attacks in a cloud computing environment," IEEE Communications Surveys & Tutorials, vol. 21, no. 4, 2019.
10. G. Ke, Q. Meng, T. Finley, T. Wang, W. Chen, W. Ma, and T. Y. Liu, "LightGBM: A highly efficient gradient boosting decision tree," in Proc. NeurIPS, 2017.
11. Microsoft, "ONNX Runtime: Cross-platform, high performance ML inferencing and training accelerator," 2019. [Online]. Available: https://onnxruntime.ai
12. H. van Hasselt, A. Guez, and D. Silver, "Deep reinforcement learning with double Q-learning," in Proc. AAAI, 2016.
13. T. Schaul, J. Quan, I. Antonoglou, and D. Silver, "Prioritized experience replay," in Proc. ICLR, 2016.
14. LangChain Inc., "LangGraph: Building stateful, multi-actor applications with LLMs," 2024. [Online]. Available: https://langchain-ai.github.io/langgraph
15. Z. Xu, F. Liu, Z. Zhao, and S. Meng, "Adaptive firewall policy management via reinforcement learning," IEEE Transactions on Network and Service Management, 2020.
16. S. M. Milajerdi, R. Gjomemo, B. Eshete, R. Sekar, and V. N. Venkatakrishnan, "HOLMES: Real-time APT detection through correlation of suspicious information flows," in Proc. IEEE S&P, 2019.
17. P. Lewis, E. Perez, A. Piktus, F. Petroni, V. Karpukhin, N. Goyal, and D. Kiela, "Retrieval-augmented generation for knowledge-intensive NLP tasks," in Proc. NeurIPS, 2020.
18. Ollama, "Run large language models locally," 2023. [Online]. Available: https://ollama.ai
19. T. R. Gruber, "A translation approach to portable ontology specifications," Knowledge Acquisition, vol. 5, no. 2, pp. 199–220, 1993.
20. J. Mirkovic and P. Reiher, "A taxonomy of DDoS attack and DDoS defense mechanisms," ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, 2004.
21. AppNeta, "tcpreplay: Replay network traffic," 2020. [Online]. Available: https://tcpreplay.appneta.com
22. Recharts Team, "Recharts — A composable charting library built on React components," 2023. [Online]. Available: https://recharts.org