Forecasting Future DDoS Attacks Using Long Short Term Memory (LSTM) Model

This paper forecasts future Distributed Denial - of - Service (DDoS) attacks us ing deep learning models. Although several studies address forecasting DDoS attacks, they remain relatively limited compared to detection - focused research . By studying the current trends and forecasting based on newer and updated datasets, mitigation plans against the attacks can be planned and formulated. The methodology used in this research work conforms to the Cross Industry Standard Process for Data Mining (CRISP - DM) model. Leveraging cyberattack data from the COVID - 19 period (2019 - 2020), sourced from Digital Attack Map and compiled by Arbor Networks, the study aims to identify recent attack trends and forecast future activity to support proactive mitigation strategies. The dataset was examined using statistical analysis techniques to identify prevailing patterns, with emphasis on the frequency of attac ks, the duration of attack instances, and the maximum throughput recorded during each incident . Compared to other deep learning models, the LSTM model is proposed for its ability to learn long - term temporal patterns in evolving DDoS traffic. The performanc e of LSTM model was evaluated using Mean Squared Error (MSE) under varying neuron counts and window sizes. While the model demonstrated limited predictive accuracy in terms of absolute values, the visual comparison between the predicted and actual data usi ng line charts revealed close alignment in trend patterns . This suggests that the model captures the underlying temporal dynamics of the data, thereby providing a promising foundation for future model optimization and performance enhancement. Many cyberattack methods are well known, including but not limited to phishing, spoofing, malware infections, ransomware, and Denial - of - Service (DoS) attacks. A DoS attack occurs when an attacker attempts to disable a service, server, or network . Attackers attempt to make services inaccessible by overwhelming the available resources on the hosting server, infrastructure and/or systems. However, DoS can be eas ily track ed, as it could contai n information about the attacker that can be obtained from network traces and attack logs.