Application of Adaptive Neuro-Fuzzy Inference System for DDoS Attack Detection Based on CIC-DDoS-2019 Dataset

The relevance. Distributed Denial of Service (DDoS) attacks remain a significant threat to the availability of online services. Traditional intrusion detection systems based on signatures or anomaly analysis face limitations in detecting new and complex attacks, while machine learning-based approaches, while showing high potential, often lack interpretability. Hybrid systems, such as the Adaptive Neuro-Fuzzy Inference System (ANFIS), combine the advantages of neural networks and fuzzy logic, offering both accuracy and interpretability. However, their effectiveness with respect to modern datasets with diverse attack vectors, such as CIC-DDoS-2019, needs to be investigated.

Objective. The study aims to evaluate the performance and applicability of ANFIS for the task of DDoS attack detection using the current and challenging CIC-DDoS-2019 dataset. The ANFIS model was used in this work. The study was conducted on a representative subsample of the CIC-DDoS-2019 dataset. The methodology included careful data preprocessing, selection of the most relevant features and expert knowledge, and feature normalisation. The ANFIS model with Gaussian membership functions was trained using a hybrid optimisation algorithm (gradient descent and least squares method) on 80 % of the data. Performance was evaluated on the remaining 20 % of the test data using standard classification metrics: Accuracy, Precision, Recall, F1-Score, and error matrix analysis.

Results. The experiments showed high performance of the ANFIS model. The following metrics were achieved: proportion of correctly classified objects (Accuracy) ‒ 97.82 %, accuracy (Precision) ‒ 99.52 %, completeness (Recall) ‒ 85.95 % and F1-measure ‒ 92.24 %. The results indicate a very low false positive rate, with some number of missed attacks.

Novelty. The work demonstrates the application and performance evaluation of ANFIS on a modern and complex CIC-DDoS-2019 dataset containing relevant attack types.

The study confirms the theoretical applicability of hybrid neuro-fuzzy models to solve current cybersecurity problems. The practical significance consists in demonstrating that ANFIS can serve as a basis for the development of effective DDoS attack detection systems, providing a high level of accuracy and acceptable detection completeness. The ability to analyze membership functions and rules implements interpretability, which is important for understanding system performance and threat analysis. The results provide benchmarks for ANFIS on this dataset.

1. Arikova K.G. Analysis of statistical data on the implementation of cyberattacks and their consequences. Proceedings of the All-Russian Student Scientific and Practical Conference on Digital Economy and Security, 21–22 March 2024, Moscow, Russian Federation). Moscow: RTU MIREA Publ.; 2024. p.10–14. (in Russ.) EDN:DHNDAL

2. Baranov I.A., Kucherenko M.A., Karasev P.I. DDoS attacks and methods of protection against them. Proceedings of the Ist National Scientific and Practical Conference on Cybersecurity: Technical and Legal Aspects of Information Protection, 24–26 May 2023, Moscow, Russian Federation. Moscow: RTU MIREA Publ.; 2023. p.133–136. (in Russ.) EDN:BQZKRL

3. Kozlova N.Sh., Dovgal V.A. Analysis of the Use of Artificial Intelligence and Machine Learning In Cybersecurity. Bulletin of the Adyghe State University. Series: Natural, Mathematical and Technical Sciences. 2023;3(326):65–72. (in Russ.) DOI:10.53598/2410-3225-2023-3-326-65-72. EDN:CYUKLH

4. Lizneva Yu.S., Rostova E.V. On the application of machine learning for network anomaly classification. Proceedings of the All-Russian Scientific and Technical Conference with International Participation on Information Processing and Mathematical Modeling, 19–20 April 2023, Novosibirsk, Russian Federation. Novosibirsk: SibSUTI Publ.; 2023. p.58–61. (in Russ.) EDN:DILYWD

5. Popov A.S., Konstantinova A.A. Application of artificial intelligence in information security systems. Proceedings of the All-Russian Student Scientific and Practical Conference on Mathematical Models of Technology, Techniques, and Economics, 15 May 2024, St. Petersburg, Russian Federation. St. Petersburg: SPbGLTU Publ.; 2024. P. 363–367. (in Russ.) EDN:FNVXCM

6. Rostovtsev V.S. Artificial Neural Networks. St. Petersburg: Lan Publ.; 2025. 216 p. (in Russ.)

7. University of New Brunswick. DDoS evaluation dataset (CIC-DDoS2019). URL: https://www.unb.ca/cic/datasets/ddos-2019.html [Accessed 29.03.2025]

8. Rahman M.A. Detection of distributed denial of service attacks based on machine learning algorithms. International Journal of Smart Home. 2020;14(2):15–24. DOI:10.21742/ijsh.2020.14.2.02. EDN:MMRDIG

9. Le D.C., Dao M.H., Nguyen K.L.T. Comparison of Machine Learning Algorithms for DDOS Attack Detection in SDN. Information and Control Systems. 2020;3(106):59–70. DOI:10.31799/1684-8853-2020-3-59-70. EDN:GLVTEL

10. Shakya S., Abbas R. Comparative Evaluation of Machine Learning Models for DDoS Detection in IoT Networks. 2024. DOI:10.48550/arXiv.2411.05890

11. Mohamed Y.A., Salih D.A., Khanan A. An Approach to Improving Intrusion Detection System Performance Against Low Frequent Attacks. Journal of Advances in Information Technology. 2023;14(3):472‒478. DOI:10.12720/jait.14.3.472-478

12. Toosi A.N., Kahani M. A new approach to intrusion detection based on an evolutionary soft computing model using neuro-fuzzy classifiers. Computer Communications. 2007;30(10):2201–2212. DOI:10.1016/j.comcom.2007.05.002

13. Nwasra N., Daoud M., Qaisar Z.H. ANFIS-AMAL: Android Malware Threat Assessment Using Ensemble of ANFIS and GWO. Cybernetics and Information Technologies. 2024;24(3):39–58. DOI:10.2478/cait-2024-0024. EDN:EIOXIL

14. Molotnikova A.A. System Analysis. Short Course. St. Petersburg: Lan Publ.; 2021. 212 p. (in Russ.)

15. Ahmed A.S., Kurnaz S., Khaleel A.M. Evaluation DDoS Attack Detection Through the Application of Machine Learning Techniques on the CICIDS2017 Dataset in the Field of Information Security. Mathematical Modelling of Engineering Problems. 2023;10(4):1125‒1134. DOI:10.18280/mmep.100404

16. Kopashenko M.A., Pozdnyak I.S. Neural networks in DDoS attack protection. Proceedings of the XXX Russian Scientific and Technical Conference on Current Problems of Informatics, Radio Engineering and Communications, 28 February – 3 March 2023, Samara, Russian Federation. Samara: PSUTI Publ.; 2023. P. 85–87. (in Russ.) EDN: ZWYLIB

17. Kovalev E.A. Application of Artificial Neural Networks in Information Security Systems. Bezopasnost'. Upravlenie. Iskusstvennyj intellekt. 2022;4(4):26–35. (in Russ.) EDN:THNLOH

18. Gruzdev A.V. Data Preprocessing in Python. Vol. 2. Plan, Examples, and Quality Metrics. Moscow: DMK Press Publ.; 2023. 814 p. (in Russ.)

19. Alekseychuk A.S. Introduction to Neural Networks: Models, Methods, and Software Tools. Moscow: MAI Publ.; 2023. 105 p. (in Russ.)

20. Vasin N.N., Kakabian K.S. Comparative Analysis of Machine Learning Methods for Network Traffic Binary Classification. Infocommunication Technologies. 2025;22(2):20–25. (in Russ.) DOI:10.18469/ikt.2024.22.2.03. EDN:VZCOSB

21. Nazarkin O.A., Saraev P.V. Improving the Efficiency of Parallel Training of Approximator Ensembles Based on the Unnormalized Version of ANFIS Models. Proceedings of the 4th All-Russian Scientific and Technical Conference on Supercom-puter Technologies, SCT-2016, 19–24 September 2016, Divnomorskoye, Russian Federation. Rostov-on-Don: Southern Federal University Publ.; 2016. p.184–188. (in Russ.) EDN:YQTHCB