{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,5,27]],"date-time":"2026-05-27T18:31:52Z","timestamp":1779906712349,"version":"3.53.1"},"reference-count":36,"publisher":"MDPI AG","issue":"12","license":[{"start":{"date-parts":[[2024,12,5]],"date-time":"2024-12-05T00:00:00Z","timestamp":1733356800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/501100015624","name":"University of Jeddah","doi-asserted-by":"publisher","award":["UJ-23-SRP-13"],"award-info":[{"award-number":["UJ-23-SRP-13"]}],"id":[{"id":"10.13039\/501100015624","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>The increasing threat of Distributed DDoS attacks necessitates robust, big data-driven methods to detect and mitigate complex Network and Transport Layer (NTL) attacks. This paper proposes EffiGRU-GhostNet, a deep-learning ensemble model for high-accuracy DDoS detection with minimal resource consumption. EffiGRU-GhostNet integrates Gated Recurrent Units (GRU) with the GhostNet architecture, optimized through Principal Component Analysis with Locality Preserving Projections (PCA-LLP) to handle large-scale data effectively. Our ensemble was tested on IoT-23, APA-DDoS, and additional datasets created from popular DDoS attack tools. Simulations demonstrate a recognition rate of 98.99% on IoT-23 with a 0.11% false positive rate and 99.05% accuracy with a 0.01% error on APA-DDoS, outperforming SVM, ANN-GWO, GRU-RNN, CNN, LSTM, and DBN baselines. Statistical validation through Wilcoxon and Spearman\u2019s tests further verifies EffiGRU-GhostNet\u2019s effectiveness across datasets, with a Wilcoxon F-statistic of 7.632 (p = 0.022) and a Spearman correlation of 0.822 (p = 0.005). This study demonstrates that EffiGRU-GhostNet is a reliable, scalable solution for dynamic DDoS detection, advancing the field of big data-driven cybersecurity.<\/jats:p>","DOI":"10.3390\/fi16120458","type":"journal-article","created":{"date-parts":[[2024,12,5]],"date-time":"2024-12-05T04:13:03Z","timestamp":1733371983000},"page":"458","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":17,"title":["Big Data-Driven Deep Learning Ensembler for DDoS Attack Detection"],"prefix":"10.3390","volume":"16","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-9815-0319","authenticated-orcid":false,"given":"Abdulrahman A.","family":"Alshdadi","sequence":"first","affiliation":[{"name":"Department of Information Systems and Technology, College of Computer Science and Engineering, University of Jeddah, Jeddah 21959, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7181-2100","authenticated-orcid":false,"given":"Abdulwahab Ali","family":"Almazroi","sequence":"additional","affiliation":[{"name":"College of Computing and Information Technology at Khulais, Department of Information Technology, University of Jeddah, Jeddah 21959, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-1153-5401","authenticated-orcid":false,"given":"Nasir","family":"Ayub","sequence":"additional","affiliation":[{"name":"Department of Creative Technologeis, Air University Islamabad, Islamabad 44000, Pakistan"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-7281-5458","authenticated-orcid":false,"given":"Miltiadis D.","family":"Lytras","sequence":"additional","affiliation":[{"name":"Management of Information Systems Department, Deree College, The American College of Greece, 15342 Athens, Greece"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"given":"Eesa","family":"Alsolami","sequence":"additional","affiliation":[{"name":"Department of Cybersecurity, College of Computer Science and Engineering, University of Jeddah, Jeddah 21959, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-7332-3773","authenticated-orcid":false,"given":"Faisal S.","family":"Alsubaei","sequence":"additional","affiliation":[{"name":"Department of Cybersecurity, College of Computer Science and Engineering, University of Jeddah, Jeddah 21959, Saudi Arabia"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"1968","published-online":{"date-parts":[[2024,12,5]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"133","DOI":"10.1007\/s10209-021-00825-z","article-title":"Accessibility of university websites worldwide: A systematic literature review","volume":"22","author":"Valverde","year":"2023","journal-title":"Univers. Access Inf. Soc."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"39","DOI":"10.1145\/997150.997156","article-title":"A taxonomy of DDoS attack and DDoS defense mechanisms","volume":"34","author":"Mirkovic","year":"2004","journal-title":"ACM SIGCOMM Comput. Commun. Rev."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Ibrahim, R.F., Abu Al-Haija, Q., and Ahmad, A. (2022). DDoS attack prevention for Internet of Thing devices using Ethereum blockchain technology. Sensors, 22.","DOI":"10.3390\/s22186806"},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"100661","DOI":"10.1016\/j.cosrev.2024.100661","article-title":"A comprehensive review of vulnerabilities and AI-enabled defense against DDoS attacks for securing cloud services","volume":"53","author":"Kumar","year":"2024","journal-title":"Comput. Sci. Rev."},{"key":"ref_5","first-page":"601","article-title":"A secure communication protocol for unmanned aerial vehicles","volume":"70","author":"Khan","year":"2022","journal-title":"CMC-Comput. Mater. Contin."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"137188","DOI":"10.1109\/ACCESS.2023.3339226","article-title":"Online Payment Fraud Detection Model Using Machine Learning Techniques","volume":"11","author":"Almazroi","year":"2023","journal-title":"IEEE Access"},{"key":"ref_7","first-page":"589","article-title":"Deep reinforcement learning in the advanced cybersecurity threat detection and protection","volume":"25","author":"Sewak","year":"2023","journal-title":"Inf. Syst. Front."},{"key":"ref_8","doi-asserted-by":"crossref","first-page":"30","DOI":"10.2478\/kbo-2023-0072","article-title":"A review of enhancing intrusion detection systems for cybersecurity using artificial intelligence (AI)","volume":"29","author":"Markevych","year":"2023","journal-title":"Int. Conf. Knowl.-Based Organ."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Aslan, O., Aktug, S.S., Ozkan-Okay, M., Yilmaz, A.A., and Akin, E. (2023). A comprehensive review of cyber security vulnerabilities, threats, attacks, and solutions. Electronics, 12.","DOI":"10.3390\/electronics12061333"},{"key":"ref_10","first-page":"1","article-title":"Information Security Framework Targeting DDoS attacks in Financial Institutes","volume":"1","author":"Irfan","year":"2023","journal-title":"IJLAI Trans. Sci. Eng."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Feng, Y., Li, J., and Nguyen, T. (2020, January 15\u201317). Application-layer DDoS defense with reinforcement learning. Proceedings of the 2020 IEEE\/ACM 28th International Symposium on Quality of Service (IWQoS), Hangzhou, China.","DOI":"10.1109\/IWQoS49365.2020.9213026"},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"2211","DOI":"10.1109\/TDSC.2023.3301293","article-title":"On Explainable and Adaptable Detection of Distributed Denial-of-Service Traffic","volume":"21","author":"Feng","year":"2023","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Li, J., Sisodia, D., Feng, Y., Shi, L., Zhang, M., Early, C., and Reiher, P. (2023, January 2\u20135). Toward Adaptive DDoS-Filtering Rule Generation. Proceedings of the 2023 IEEE Conference on Communications and Network Security (CNS), Orlando, FL, USA.","DOI":"10.1109\/CNS59707.2023.10288699"},{"key":"ref_14","first-page":"3064","article-title":"Deep Learning for Improving Attack Detection System Using CSE-CICIDS2018","volume":"20","author":"Hagar","year":"2022","journal-title":"NeuroQuantology"},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"103511","DOI":"10.1016\/j.cose.2023.103511","article-title":"Detection of application-layer DDoS attacks using machine learning and genetic algorithms","volume":"135","author":"Sharif","year":"2023","journal-title":"Comput. Secur."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Elubeyd, H., and Yiltas-Kaplan, D. (2023). Hybrid deep learning approach for automatic Dos\/DDoS attacks detection in software-defined networks. Appl. Sci., 13.","DOI":"10.3390\/app13063828"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Yaras, S., and Dener, M. (2024). IoT-Based Intrusion Detection System Using New Hybrid Deep Learning Algorithm. Electronics, 13.","DOI":"10.3390\/electronics13061053"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"100851","DOI":"10.1016\/j.iot.2023.100851","article-title":"Robust detection of unknown DoS\/DDoS attacks in IoT networks using a hybrid learning model","volume":"23","author":"Nguyen","year":"2023","journal-title":"Internet Things"},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"106733","DOI":"10.1109\/ACCESS.2023.3319214","article-title":"Optimized Artificial Intelligence Model for DDoS Detection in SDN Environment","volume":"11","year":"2023","journal-title":"IEEE Access"},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"53","DOI":"10.25195\/ijci.v49i2.446","article-title":"Ddos attack detection using hybrid (CCN and LSTM) mL model","volume":"49","author":"Khaleel","year":"2023","journal-title":"Iraqi J. Comput. Inform."},{"key":"ref_21","first-page":"3921","article-title":"Hybrid Algorithm-Driven Smart Logistics Optimization in IoT-Based Cyber-Physical Systems","volume":"77","author":"Almazroi","year":"2023","journal-title":"Comput. Mater. Contin."},{"key":"ref_22","doi-asserted-by":"crossref","first-page":"62722","DOI":"10.1109\/ACCESS.2022.3176317","article-title":"Design and development of RNN anomaly detection model for IoT networks","volume":"10","author":"Ullah","year":"2022","journal-title":"IEEE Access"},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1007\/s43926-023-00034-5","article-title":"Anomaly-based intrusion detection system for IoT application","volume":"3","author":"Bhavsar","year":"2023","journal-title":"Discov. Internet Things"},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Cao, B., Li, C., Song, Y., Qin, Y., and Chen, C. (2022). Network intrusion detection model based on CNN and GRU. Appl. Sci., 12.","DOI":"10.3390\/app12094184"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Alghazzawi, D., Bamasag, O., Ullah, H., and Asghar, M.Z. (2021). Efficient detection of DDoS attacks using a hybrid deep learning model with improved feature selection. Appl. Sci., 11.","DOI":"10.3390\/app112411634"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"2420","DOI":"10.1016\/j.procs.2023.01.217","article-title":"DDoS detection using deep learning","volume":"218","author":"Kumar","year":"2023","journal-title":"Procedia Comput. Sci."},{"key":"ref_27","unstructured":"Garcia, S., Parmisano, A., and Erquiaga, M.J. (2020). IoT-23: A labeled dataset with malicious and benign IoT network traffic (Version 1.0.0) [Data set]. Zenodo."},{"key":"ref_28","unstructured":"Yashwanth, A.P.A. (2024, May 26). APA-DDOS Dataset. Kaggle. Available online: https:\/\/www.kaggle.com\/datasets\/yashwanthkumbam\/APADDoS-dataset."},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"9","DOI":"10.1186\/s41044-016-0014-0","article-title":"Big data preprocessing: Methods and prospects","volume":"1","author":"Luengo","year":"2016","journal-title":"Big Data Anal."},{"key":"ref_30","first-page":"7","article-title":"A comparative study of categorical variable encoding techniques for neural network classifiers","volume":"175","author":"Potdar","year":"2017","journal-title":"Int. J. Comput. Appl."},{"key":"ref_31","doi-asserted-by":"crossref","unstructured":"Albu, A.-I., Bocicor, M.-I., and Czibula, G. (2023). MM-StackEns: A new deep multimodal stacked generalization approach for protein\u2013protein interaction prediction. Comput. Biol. Med., 153.","DOI":"10.1016\/j.compbiomed.2022.106526"},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Alzahrani, R.J., and Alzahrani, A. (2021). Security analysis of DDoS attacks using machine learning algorithms in networks traffic. Electronics, 10.","DOI":"10.3390\/electronics10232919"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"8373","DOI":"10.1109\/ACCESS.2024.3351946","article-title":"Enhancing phishing detection: A novel hybrid deep learning framework for cybercrime forensics","volume":"12","author":"Alsubaei","year":"2024","journal-title":"IEEE Access"},{"key":"ref_34","doi-asserted-by":"crossref","first-page":"114765","DOI":"10.1016\/j.eswa.2021.114765","article-title":"Feature selection for classification using principal component analysis and information gain","volume":"174","author":"Omuya","year":"2021","journal-title":"Expert Syst. Appl."},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"2249","DOI":"10.32604\/csse.2023.032231","article-title":"EfficientNetV2 Model for Plant Disease Classification and Pest Recognition","volume":"45","author":"Devi","year":"2023","journal-title":"Comput. Syst. Sci. Eng."},{"key":"ref_36","doi-asserted-by":"crossref","unstructured":"Althnian, A., AlSaeed, D., Al-Baity, H., Samha, A., Dris, A.B., Alzakari, N., Elwafa, A.A., and Kurdi, H. (2021). Impact of dataset size on classification performance: An empirical evaluation in the medical domain. Appl. Sci., 11.","DOI":"10.3390\/app11020796"}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/12\/458\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,10]],"date-time":"2025-10-10T16:47:11Z","timestamp":1760114831000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/16\/12\/458"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024,12,5]]},"references-count":36,"journal-issue":{"issue":"12","published-online":{"date-parts":[[2024,12]]}},"alternative-id":["fi16120458"],"URL":"https:\/\/doi.org\/10.3390\/fi16120458","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2024,12,5]]}}}