{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T02:17:17Z","timestamp":1771294637438,"version":"3.50.1"},"reference-count":30,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T00:00:00Z","timestamp":1771286400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"},{"start":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T00:00:00Z","timestamp":1771286400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":["Cybersecurity"],"abstract":"<jats:title>Abstract<\/jats:title>\n                  <jats:p>Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks are among the most lethal cyber threats in this world, which make an online service unavailable to its legitimate users by overwhelming the service provider\u2019s resources. Regarding the importance of online services in a human's life, researchers have been working on techniques to detect and mitigate these kinds of attacks. Machine-learning models showed acceptable performance in DDoS detection. Hence, in this paper, we developed a machine-learning model for classifying network traffic and detecting DDoS attacks using a unique approach to pre-process the data. The most innovative aspect of our work is deploying our developed machine-learning model into an online real-time DDoS detection system and testing it under real DDoS attacks. Implementing and testing a DDoS detection system that can work outside of a dataset and can be used against real threats was the missing part of other similar works that were done in this paper. The model on offline data and the system under real attacks both showed great performance in detecting attack traffic with accuracies of 99.99% and 95.30%, respectively, and proved they can effectively be used against DDoS attacks.<\/jats:p>","DOI":"10.1186\/s42400-025-00497-9","type":"journal-article","created":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T01:02:47Z","timestamp":1771290167000},"update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["A real-time machine-learning model for detecting and mitigating DDoS attacks"],"prefix":"10.1186","volume":"9","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-6909-6974","authenticated-orcid":false,"given":"Mohammad","family":"Fathian","sequence":"first","affiliation":[]},{"given":"Alireza","family":"Seifousadati","sequence":"additional","affiliation":[]}],"member":"297","published-online":{"date-parts":[[2026,2,17]]},"reference":[{"issue":"4","key":"497_CR1","doi-asserted-by":"publisher","first-page":"51","DOI":"10.3390\/jsan12040051","volume":"12","author":"KB Adedeji","year":"2023","unstructured":"Adedeji KB, Abu-Mahfouz AM, Kurien AM (2023) Ddos attack and detection methods in internet-enabled networks: concept, research perspectives, and challenges. J Sens Actuator Networks 12(4):51","journal-title":"J Sens Actuator Networks"},{"key":"497_CR2","doi-asserted-by":"publisher","DOI":"10.1007\/s11277-021-08271-z","author":"A Agarwal","year":"2022","unstructured":"Agarwal A, Khari M, Singh R (2022) Detection of DDOS attack using deep learning model in cloud storage application. Wirel Pers Commun. https:\/\/doi.org\/10.1007\/s11277-021-08271-z","journal-title":"Wirel Pers Commun"},{"issue":"2","key":"497_CR3","doi-asserted-by":"publisher","DOI":"10.3390\/fi15020076","volume":"15","author":"S Ahmed","year":"2023","unstructured":"Ahmed S, Khan ZA, Mohsin SM, Latif S, Aslam S, Mujlid H, Adil M, Najam Z (2023) Effective and efficient DDoS attack detection using deep learning algorithm, multi-layer perceptron. Future Internet 15(2):76","journal-title":"Future Internet"},{"issue":"2","key":"497_CR4","doi-asserted-by":"publisher","first-page":"930","DOI":"10.11591\/eei.v12i2.4466","volume":"12","author":"MA Al-Shareeda","year":"2023","unstructured":"Al-Shareeda MA, Manickam S, Saare MA (2023) DDoS attacks detection using machine learning and deep learning techniques: analysis and comparison. Bull Electr Eng Inform 12(2):930\u2013939","journal-title":"Bull Electr Eng Inform"},{"issue":"4S","key":"497_CR5","first-page":"964","volume":"10","author":"R Anusuya","year":"2023","unstructured":"Anusuya R, Prabhu MR, Prathima C, Kumar JA (2023) Detection of TCP, UDP and ICMP DDOS attacks in SDN using machine learning approach. J Surv Fish Sci 10(4S):964\u2013971","journal-title":"J Surv Fish Sci"},{"issue":"1","key":"497_CR6","doi-asserted-by":"publisher","first-page":"2039217","DOI":"10.1155\/2023\/2039217","volume":"2023","author":"S Balasubramaniam","year":"2023","unstructured":"Balasubramaniam S, Vijesh Joe C, Sivakumar TA, Prasanth A, Satheesh Kumar K, Kavitha V, Dhanaraj RK (2023) Optimization enabled deep learning-based DDoS attack detection in cloud computing. Int J Intell Syst 2023(1):2039217","journal-title":"Int J Intell Syst"},{"key":"497_CR7","doi-asserted-by":"publisher","DOI":"10.1016\/j.engappai.2023.106432","volume":"123","author":"J Bhayo","year":"2023","unstructured":"Bhayo J, Shah SA, Hameed S, Ahmed A, Nasir J, Draheim D (2023) Towards a machine learning-based framework for DDOS attack detection in software-defined IoT (SD-IoT) networks. Eng Appl Artif Intell 123:106432","journal-title":"Eng Appl Artif Intell"},{"key":"497_CR8","doi-asserted-by":"publisher","DOI":"10.1016\/j.jnca.2020.102756","volume":"168","author":"SD \u00c7akmak\u00e7\u0131","year":"2020","unstructured":"\u00c7akmak\u00e7\u0131 SD, Kemmerich T, Ahmed T, Baykal N (2020) Online DDoS attack detection using Mahalanobis distance and kernel-based learning algorithm. J Netw Comput Appl 168:102756","journal-title":"J Netw Comput Appl"},{"key":"497_CR9","doi-asserted-by":"crossref","unstructured":"Das S, Mahfouz AM, Venugopal D, Shiva S (2019) DDoS intrusion detection through machine learning ensemble. In: 2019 IEEE 19th international conference on software quality, reliability and security companion (QRS-C). IEEE, pp 471\u2013477","DOI":"10.1109\/QRS-C.2019.00090"},{"key":"497_CR10","unstructured":"Dhamor T, Bhat S, Thenmalar S (2021) Dynamic approaches for detection of DDoS threats using machine learning. Ann Roman Soc Cell Biol, 13663\u201313673"},{"key":"497_CR11","doi-asserted-by":"crossref","unstructured":"Elsayed MS, Le-Khac NA, Dev S, Jurcut AD (2020) Ddosnet: a deep-learning model for detecting network attacks. In: 2020 IEEE 21st international symposium on\u201d a world of wireless, mobile and multimedia networks\u201d(WoWMoM). IEEE, pp 391\u2013396","DOI":"10.1109\/WoWMoM49955.2020.00072"},{"key":"497_CR12","doi-asserted-by":"publisher","first-page":"64351","DOI":"10.1109\/ACCESS.2019.2917532","volume":"7","author":"Y Gu","year":"2019","unstructured":"Gu Y, Li K, Guo Z, Wang Y (2019) Semi-supervised K-means DDoS detection method using hybrid feature selection algorithm. IEEE Access 7:64351\u201364365","journal-title":"IEEE Access"},{"key":"497_CR13","doi-asserted-by":"publisher","first-page":"1318","DOI":"10.1016\/j.egyr.2023.05.184","volume":"9","author":"MK Hasan","year":"2023","unstructured":"Hasan MK, Habib AA, Islam S, Safie N, Abdullah SNHS, Pandey B (2023) DDoS: distributed denial of service attack in communication standard vulnerabilities in smart grid applications and cyber security with recent developments. Energy Rep 9:1318\u20131326","journal-title":"Energy Rep"},{"issue":"2","key":"497_CR14","doi-asserted-by":"publisher","first-page":"382","DOI":"10.11591\/ijai.v10.i2.pp382-388","volume":"10","author":"T Khempetch","year":"2021","unstructured":"Khempetch T, Wuttidittachotti P (2021) Ddos attack detection using deep learning. IAES Int J Artif Intell 10(2):382","journal-title":"IAES Int J Artif Intell"},{"issue":"1","key":"497_CR15","doi-asserted-by":"publisher","first-page":"393","DOI":"10.1007\/s12652-021-02907-5","volume":"13","author":"D Kshirsagar","year":"2022","unstructured":"Kshirsagar D, Kumar S (2022) A feature reduction based reflected and exploited DDoS attacks detection system. J Ambient Intell Humaniz Comput 13(1):393\u2013405","journal-title":"J Ambient Intell Humaniz Comput"},{"key":"497_CR16","doi-asserted-by":"publisher","first-page":"2420","DOI":"10.1016\/j.procs.2023.01.217","volume":"218","author":"D Kumar","year":"2023","unstructured":"Kumar D, Pateriya RK, Gupta RK, Dehalwar V, Sharma A (2023) Ddos detection using deep learning. Proc Comput Sci 218:2420\u20132429","journal-title":"Proc Comput Sci"},{"key":"497_CR17","doi-asserted-by":"crossref","unstructured":"Lima Filho FSD, Silveira FA, de Medeiros Brito Junior A, Vargas-Solar G, Silveira LF (2019) Smart detection: an online approach for DoS\/DDoS attack detection using machine learning. Secur Commun Netw 2019(1):1574749","DOI":"10.1155\/2019\/1574749"},{"key":"497_CR18","doi-asserted-by":"publisher","first-page":"124597","DOI":"10.1109\/ACCESS.2023.3328951","volume":"11","author":"S Naiem","year":"2023","unstructured":"Naiem S, Khedr AE, Idrees AM, Marie MI (2023) Enhancing the efficiency of Gaussian na\u00efve bayes machine learning classifier in the detection of ddos in cloud computing. IEEE Access 11:124597\u2013124608","journal-title":"IEEE Access"},{"issue":"6","key":"497_CR19","doi-asserted-by":"publisher","first-page":"8106","DOI":"10.1007\/s11227-021-04253-x","volume":"78","author":"M Najafimehr","year":"2022","unstructured":"Najafimehr M, Zarifzadeh S, Mostafavi S (2022) A hybrid machine learning approach for detecting unprecedented DDoS attacks. J Supercomput 78(6):8106\u20138136","journal-title":"J Supercomput"},{"issue":"12","key":"497_CR20","doi-asserted-by":"publisher","DOI":"10.1002\/eng2.12697","volume":"5","author":"M Najafimehr","year":"2023","unstructured":"Najafimehr M, Zarifzadeh S, Mostafavi S (2023) DDoS attacks and machine-learning-based detection methods: a survey and taxonomy. Eng Rep 5(12):e12697","journal-title":"Eng Rep"},{"issue":"6","key":"497_CR21","doi-asserted-by":"publisher","first-page":"5059","DOI":"10.1007\/s11276-022-03214-3","volume":"30","author":"I Ortega-Fernandez","year":"2024","unstructured":"Ortega-Fernandez I, Sestelo M, Burguillo JC, Pi\u00f1\u00f3n-Blanco C (2024) Network intrusion detection system for DDoS attacks in ICS using deep autoencoders. Wirel Netw 30(6):5059\u20135075","journal-title":"Wirel Netw"},{"key":"497_CR22","doi-asserted-by":"crossref","unstructured":"Pande S, Khamparia A, Gupta D, Thanh DN (2021) DDOS detection using machine learning technique. In: Recent studies on computational intelligence: doctoral symposium on computational intelligence (DoSCI 2020). Springer Singapore, pp 59\u201368","DOI":"10.1007\/978-981-15-8469-5_5"},{"key":"497_CR23","doi-asserted-by":"crossref","unstructured":"Rivas P, DeCusatis C, Oakley M, Antaki A, Blaskey N, LaFalce S, Stone S (2019) Machine learning for DDoS attack classification using hive plots. In: 2019 IEEE 10th annual ubiquitous computing, electronics & mobile communication conference (UEMCON). IEEE, pp 0401\u20130407","DOI":"10.1109\/UEMCON47517.2019.8993021"},{"key":"497_CR24","doi-asserted-by":"crossref","unstructured":"Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 international carnahan conference on security technology (ICCST). IEEE, pp 1\u20138","DOI":"10.1109\/CCST.2019.8888419"},{"key":"497_CR25","doi-asserted-by":"publisher","first-page":"51810","DOI":"10.1109\/ACCESS.2023.3280122","volume":"11","author":"DM Sharif","year":"2023","unstructured":"Sharif DM, Beitollahi H, Fazeli M (2023) Detection of application-layer DDoS attacks produced by various freely accessible toolkits using machine learning. IEEE Access 11:51810\u201351819","journal-title":"IEEE Access"},{"issue":"4A","key":"497_CR26","first-page":"655","volume":"17","author":"M Shurman","year":"2020","unstructured":"Shurman M, Khrais R, Yateem A (2020) DoS and DDoS attack detection using deep learning and IDS. Int Arab J Inf Technol 17(4A):655\u2013661","journal-title":"Int Arab J Inf Technol"},{"issue":"2","key":"497_CR27","doi-asserted-by":"publisher","first-page":"283","DOI":"10.1007\/s12065-019-00310-w","volume":"13","author":"TA Tuan","year":"2020","unstructured":"Tuan TA, Long HV, Son LH, Kumar R, Priyadarshini I, Son NTK (2020) Performance evaluation of botnet DDoS attack detection using machine learning. Evol Intell 13(2):283\u2013294","journal-title":"Evol Intell"},{"key":"497_CR28","doi-asserted-by":"crossref","unstructured":"Wani AR, Rana QP, Saxena U, Pandey N (2019) Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques. In: 2019 amity international conference on artificial intelligence (AICAI). IEEE, pp 870\u2013875","DOI":"10.1109\/AICAI.2019.8701238"},{"key":"497_CR29","doi-asserted-by":"crossref","unstructured":"Zhang N, Jaafar F, Malik Y (2019) Low-rate DoS attack detection using PSD based entropy and machine learning. In: 2019 6th IEEE international conference on cyber security and cloud computing (CSCloud)\/2019 5th IEEE international conference on edge computing and scalable cloud (EdgeCom). IEEE, pp 59\u201362","DOI":"10.1109\/CSCloud\/EdgeCom.2019.00020"},{"issue":"1","key":"497_CR30","doi-asserted-by":"publisher","first-page":"163","DOI":"10.1007\/s11280-022-01040-3","volume":"26","author":"L Zhou","year":"2023","unstructured":"Zhou L, Zhu Y, Xiang Y, Zong T (2023) A novel feature-based framework enabling multi-type DDoS attacks detection. World Wide Web 26(1):163\u2013185","journal-title":"World Wide Web"}],"container-title":["Cybersecurity"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00497-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/article\/10.1186\/s42400-025-00497-9","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1186\/s42400-025-00497-9.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2026,2,17]],"date-time":"2026-02-17T01:02:49Z","timestamp":1771290169000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1186\/s42400-025-00497-9"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2026,2,17]]},"references-count":30,"journal-issue":{"issue":"1","published-online":{"date-parts":[[2026,12]]}},"alternative-id":["497"],"URL":"https:\/\/doi.org\/10.1186\/s42400-025-00497-9","relation":{},"ISSN":["2523-3246"],"issn-type":[{"value":"2523-3246","type":"electronic"}],"subject":[],"published":{"date-parts":[[2026,2,17]]},"assertion":[{"value":"23 July 2024","order":1,"name":"received","label":"Received","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"25 September 2025","order":2,"name":"accepted","label":"Accepted","group":{"name":"ArticleHistory","label":"Article History"}},{"value":"17 February 2026","order":3,"name":"first_online","label":"First Online","group":{"name":"ArticleHistory","label":"Article History"}},{"order":1,"name":"Ethics","group":{"name":"EthicsHeading","label":"Declarations"}},{"value":"The authors declare no competing interests.","order":2,"name":"Ethics","group":{"name":"EthicsHeading","label":"Competing interests"}}],"article-number":"30"}}