Skip to main content

Advertisement

Springer Nature Link
Log in

Detection and mitigation of TCP-based DDoS attacks in cloud environments using a self-attention and intersample attention transformer model

  • Published:
The Journal of Supercomputing Aims and scope Submit manuscript

Abstract

TCP-based Distributed Denial of Service (DDoS) attacks pose a significant danger to cloud infrastructures because they can imitate genuine traffic patterns, making them difficult to detect using standard approaches. This study introduces the Self-Attention and Intersample Attention Transformer (SAINT) model, a unique deep learning architecture that incorporates Sparse Logistic Regression to address these issues. The SAINT framework uses dual attention mechanisms-self-attention for capturing complicated intraflow dependencies and intersample attention for assessing interflow relationships-to provide enhanced detection of malicious traffic. SAINT, unlike existing methodologies, prioritizes scalability, interpretability, and computational efficiency, distinguishing it from traditional models such as CNNs, RNNs, and ensemble techniques. The model’s efficacy was evaluated using the BCCC-cPacket-Cloud-DDoS-2024 dataset, which included 700,000 traffic flows across 17 advanced attack scenarios, with state-of-the-art metrics: 95% precision, 95% recall, 96% F1 score, and 97% accuracy. Furthermore, studies on the CICDDoS2019 dataset confirmed SAINT’s resilience and flexibility to a variety of network conditions. SAINT addresses real-world issues in cloud-based DDoS detection, such as temporal and spatial traffic complexities, to provide a viable, high performance solution for protecting current cloud infrastructures. This work establishes the groundwork for scalable, adaptable, and efficient cloud-native security frameworks, paving the path for enhanced countermeasures to changing cyber threats.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Algorithm 1
Algorithm 2
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

Data availibility

No datasets were generated or analyzed during the current study.

References

  1. Ritrovato P, Xhafa F, Giordano A (2018) Edge and cluster computing as enabling infrastructure for internet of medical things, In: 2018 IEEE 32nd International Conference on Advanced Information Networking and Applications (AINA), IEEE, pp 717–723

  2. Kirubavathi G, Anne WR, Sridevi UK (2024) A recent review of ransomware attacks on healthcare industries, Int J Syst Assur Eng Manage, 1–9

  3. Kirubavathi G, Anne WR (2024) Behavioral based detection of android ransomware using machine learning techniques, Int J Syst Assur Eng Manage, 15(9)

  4. Amato F, Moscato F, Xhafa F, Vivenzio E (2019) Smart intrusion detection with expert systems. In: Advances on P2P, Parallel, Grid, Cloud and Internet Computing: Proceedings of the 13th International Conference on P2P, Parallel, Grid, Cloud and Internet Computing (3PGCIC-2018), Springer, pp 148–159

  5. Chen J, Zhang Y (2020) Advanced Detection Techniques for TCP-bypassV1 Attacks. J Netw Comput Appl 155:102409

    MATH  Google Scholar 

  6. Li Y, He J, Zhang X (2017) Cross-protocol exploits: understanding and mitigating TCP-IGMP attacks. ACM SIGCOMM Comput Commun Rev 47(2):25–36

    MATH  Google Scholar 

  7. Johnson D, Patel K (2018) Advanced detection methods for TCP-CONTROL attacks. IEEE Trans Netw Serv Manage 15(4):1202–1213

    MATH  Google Scholar 

  8. Kim S, Lee H (2020) Mitigation strategies for TCP-Flag-SYN attacks. IEEE Trans Inf Forensics Secur 15(5):1273–1284

    MathSciNet  MATH  Google Scholar 

  9. Gao X, Li Y (2017) Detecting TCP-flag-SYNACK attacks: a machine learning approach. IEEE Trans Netw Serv Manage 14(2):475–485

    MATH  Google Scholar 

  10. Park H, Kim H, Kim H (2019) Analysis of TCP flag-based DDoS attack and detection algorithm design. J Info Security Appl 46:123–134. https://doi.org/10.1016/j.jisa.2019.02.003

    Article  MATH  Google Scholar 

  11. Singh A, Jain M (2020) Advanced detection techniques for TCP-flag-RSTACK attacks. J Netw Comput Appl 156:102433

    MATH  Google Scholar 

  12. Wang X, Liu Y (2017) Real-time detection of TCP-based DDoS attacks with time series analysis. Comput Security 70:186–199. https://doi.org/10.1016/j.cose.2017.05.005

    Article  MATH  Google Scholar 

  13. Zhang X, Wang Y (2018) Detecting and mitigating TCP-Flag-SYNTFO attacks. J Netw Comput Appl 132:62–73

    MATH  Google Scholar 

  14. Huang J, Zhou X (2019) Advanced detection methods for TCP-flag-OSYN attacks. IEEE Trans Inf Forensics Secur 14(8):2212–2221

    MATH  Google Scholar 

  15. Li Y, He J (2018) Detecting and mitigating TCP-flag-OSYNP attacks. J Netw Comput Appl 123:54–66

    MATH  Google Scholar 

  16. Peng T, Leckie C, Ramamohanarao K (2016) Survey of network-based defense mechanisms countering the DoS and DDoS problems. ACM Comput Surv 39(1):3–6

    Article  MATH  Google Scholar 

  17. Agrawal N, Tapaswi S (2019) Defense mechanisms against DDoS attacks in a cloud computing environment: state-of-the-art and research challenges. IEEE Commun Surv Tutor 21(4):3769–3795

    Article  MATH  Google Scholar 

  18. Phan TV, Park M (2019) Efficient distributed denial-of-service attack defense in SDN-based cloud. IEEE Access 7:18701–18714

    Article  MATH  Google Scholar 

  19. Al-Mimi H, Hamad NA, Abualhaj MM, Daoud MS, Al-Dahoud A, Rasmi M (2023) An enhanced intrusion detection system for protecting HTTP services from attacks. Int J Adv Soft Comput Appl, 15(3)

  20. Al-Mimi H, Hamad NA, Abualhaj MM (2023) A model for the disclosure of probe attacks based on the utilization of machine learning algorithms. In: 2023 10th International Conference on Electrical and Electronics Engineering (ICEEE), pp 241–247, IEEE

  21. Abualhaj M, Al-Zyoud M, Hiari M, Alrabanah Y, Anbar M, Amer A, Al-Allawee A (2024) A fine-tuning of decision tree classifier for ransomware detection based on memory data. Int J Data Netw Sci 8(2):733–742

    Article  Google Scholar 

  22. Abualhaj MM, Al-Khatib SN (2024) Using decision tree classifier to detect Trojan Horse based on memory data. TELKOMNIKA (Telecommun Comput Electron Control) 22(2):393–400

    Article  Google Scholar 

  23. Al-Amiedy TA, Anbar M, Belaton B, Bahashwan AA, Abualhaj MM (2024) Towards a lightweight detection system leveraging ranking techniques with wrapper feature selection algorithm for selective forwarding attacks in low power and lossy networks of IoTs. In: 2024 4th International Conference on Emerging Smart Technologies and Applications (eSmarTA), pp 1–17, IEEE

  24. Maz YA, Anbar M, Manickam S, Abualhaj MM (2024) Transfer learning approach for detecting keylogging attack on the internet of things. In: 2024 4th International Conference on Emerging Smart Technologies and Applications (eSmarTA), pp 1–8, IEEE

  25. Abualhaj MM, Al-Shamayleh AS, Munther A, Alkhatib SN, Hiari MO, Anbar M (2024) Enhancing spyware detection by utilizing decision trees with hyperparameter optimization. Bull Electr Eng Inform 13(5):3653–3662

    Article  Google Scholar 

  26. Abualhaj MM, Al-Khatib SN, Al-Allawee A, Munther A, Anbar M (2024) Enhancing network intrusion detection systems through dimensionality reduction. In: International Conference on Soft Computing and Data Mining, pp 244–253, Springer Nature Switzerland, Cham

  27. Munther A, Abualhaj MM, Alalousi A, Fadhil HA (2024) A significant features vector for internet traffic classification based on multi-features selection techniques and ranker, voting filters. Int J Electr Comput Eng (2088-8708), 14(6)

  28. Yanamala AKY (2024) Emerging challenges in cloud computing security: a comprehensive review. Int J Adv Eng Technol Innov 1(4):448–479

    MATH  Google Scholar 

  29. Pei J, Chen Y, Ji W (2019) A DDoS attack detection method based on machine learning. In: International Journal of Computer Applications

  30. Saini PS, Behal S, Bhatia S (2020) Detection of DDoS attacks using machine learning algorithms. In: International Conference on Computing, Communication, and Intelligent Systems (ICCCIS)

  31. Sharafaldin I, Lashkari AH, Hakak S, Ghorbani AA (2019) Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In: 2019 International Carnahan Conference on Security Technology (ICCST), IEEE, pp 1–8

  32. Kirubavathi G, Amithesh Y (2024) Detection and characterization of darknet traffic using attention LSTM with XAI. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS)

  33. Kirubavathi G, Nithish S (2024) Dynamic ensemble learning framework enhanced with XAI to detect Android malware. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS)

  34. Kirubavathi G, Aarsha Nair KS (2024) Stacking framework for detecting braktooth attack on iot health care systems. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS)

  35. Kirubavathi G, AR N (2024) Hybrid deep learning framework-based intrusion detection system for the internet of things. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS)

  36. Ganapathiyappan K, Yadav A (2025) Optimized deep learning technique for the effective detection of windows PE malware. In: Joshi S, Bairwa AK, Radenkovic M, Pljonkin A (eds) Cyber Warfare, Security and Space Computing, Communications in Computer and Information Science, vol 2195. Springer, Cham

    MATH  Google Scholar 

  37. Ganapathiyappan K, Noorudheen F (2025) A deep learning approach to PDF malware detection enhanced with XAI. In: Joshi S, Bairwa AK, Radenkovic M, Pljonkin A (eds) Cyber Warfare, Security and Space Computing, Communications in Computer and Information Science, vol 2195. Springer, Cham. https://doi.org/10.1007/978-3-031-73494-6_26

    Chapter  Google Scholar 

  38. Wani AR, Rana QP, Saxena U, Pandey N (2019) Analysis and detection of DDoS attacks on cloud computing environment using machine learning techniques. In: International Journal of Information Technology

  39. Guo H, Li X, Zhang Y (2023) Attention mechanism and sparse logistic regression for malicious web traffic detection. IEEE Trans Netw Serv Manage 20(1):150–161

    MATH  Google Scholar 

  40. Zhang T, Wu J, Liu F (2024) Attention-based sparse regression for low-rate DDoS detection in IoT networks. J Netw Comput Appl 127:45–56

    MATH  Google Scholar 

  41. Lin Q, Huang Z, Chen K (2022) An attention-enhanced sparse logistic regression framework for cloud anomaly detection. Clust Comput 25(4):1201–1215

    MATH  Google Scholar 

  42. Söğüt E, Erdem OA (2023) A multi-model proposal for classification and detection of DDoS attacks on SCADA systems. Appl Sci 13:5993. https://doi.org/10.3390/app13105993

    Article  MATH  Google Scholar 

  43. Najar AA (2025) Manohar Naik S AE-CIAM: a hybrid AI-enabled framework for low-rate DDoS attack detection in cloud computing. Clust Comput 28(2):103

    Article  MATH  Google Scholar 

  44. JSAN | Free Full-Text | DDoS Attack and Detection Methods in Internet-Enabled Networks: Concept, Research Perspectives, and Challenges. (2023). MDPI

  45. Kartheek R, Yadav MR, Raju BSK, Indumathy K (2023) Recognizing DDoS attacks and their impact in cloud environments. IJFMR, 5(6)

  46. Xu Z, Zhang H, Wang Y, Chang X, Liang Y (2010) \(L_{\frac{1}{2}}\) regularization. Sci China Inf Sci 53:1159–1169

    Article  MathSciNet  MATH  Google Scholar 

  47. Xu Z, Chang X, Xu F, Zhang H (2012) \(L_{\frac{1}{2}}\) regularization: a thresholding representation theory and a fast solver. IEEE Trans Neural Netw Learn Syst 23(7):1013–1027

    Article  MATH  Google Scholar 

  48. Liang Y, Liu C, Luan XZ, Leung KS, Chan TM, Xu ZB, Zhang H (2013) Sparse logistic regression with a \(L_{\frac{1}{2}}\) penalty for gene selection in cancer classification. BMC Bioinform 14:1–12

    Article  Google Scholar 

  49. Chen DW, Miao R, Deng ZY, Lu YY, Liang Y, Huang L (2020) Sparse logistic regression with \(L_{\frac{1}{2}}\) penalty for emotion recognition in electroencephalography classification. Front Neuroinform 14:29

    Article  Google Scholar 

  50. Yu D, Kang Q, Jin J, Wang Z, Li X (2023) Smoothing group \(L_{\frac{1}{2}}\) regularized discriminative broad learning system for classification and regression. Pattern Recogn 141:109656

    Article  Google Scholar 

  51. Chao M, Lu Y, Jian J, Xu X (2024) An efficient regularized PR splitting type algorithm for two-block nonconvex linear constrained programs in \(L\mathcalligra{l}_{\frac{1}{2}}\) regularized compressed sensing problems. J Comput Appl Math, 116145

  52. MohammadMoein Shafi, Lashkari AH, Rodriguez V, Nevo R (2024) Toward generating a new cloud-based distributed denial of service (DDoS) dataset and cloud intrusion traffic characterization. Information 15(4):195. https://doi.org/10.3390/info15040195

    Article  Google Scholar 

  53. Kaur B, Dadkhah S, Shoeleh F, Neto ECP, Xiong P, Iqbal S, Lamontagne P, Ray S, Ghorbani AA (2023) Internet of things (IoT) security dataset evolution: challenges and future directions. Internet of Things 22:100780

    Article  Google Scholar 

  54. Mohanta BK, Jena D, Satapathy U, Patnaik S (2020) Survey on IoT security: challenges and solution using machine learning, artificial intelligence and blockchain technology. Internet of Things 11:100227

    Article  Google Scholar 

  55. G K, Y A (2024) Detection and characterization of darknet traffic using attention LSTM with XAI. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS), pp 1–7. IEEE. https://doi.org/10.1109/ISCS61804.2024.10581210

  56. Rejeb A, Rejeb K, Treiblmaier H, Appolloni A, Alghamdi S, Alhasawi Y, Iranmanesh M (2023) The Internet of Things (IoT) in healthcare: taking stock and moving forward. Internet of Things 22:100721

    Article  MATH  Google Scholar 

  57. G K, Nair AR (2024) Hybrid deep learning framework-based intrusion detection system for the internet of things. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS), pp 1–6. IEEE. https://doi.org/10.1109/ISCS61804.2024.10581228

  58. Balakrishnan N, Rajendran A, Pelusi D, Ponnusamy V (2021) Deep belief network enhanced intrusion detection system to prevent security breach in the internet of things. Internet of Things 14:100112

    Article  Google Scholar 

  59. G K, S A N K (2024) Stacking framework for detecting braktooth attack on IoT health care systems. In: 2024 International Conference on Intelligent Systems for Cybersecurity (ISCS), pp 1–7. IEEE. https://doi.org/10.1109/ISCS61804.2024.10581018

  60. Najar AA, Sugali MN, Lone FR, Nazir A A novel CNN-based approach for detection and classification of DDoS attacks, concurrency and computation: practice and experience, First published: 03 June 2024, https://doi.org/10.1002/cpe.8157

  61. Ravinarayanan B, Nagesh HR (2022)A hybrid model for DDoS attack detection using LSTM-RNN. In: Smart Intelligent Computing and Applications, Volume 2: Proceedings of Fifth International Conference on Smart Computing and Informatics (SCI 2021), Springer, pp 281–294

  62. Alashhab AA, Zahid MS, Isyaku B, Elnour AA, Nagmeldin W, Abdelmaboud A, Abdullah TAA, Maiwada U (2024) Enhancing DDoS attack detection and mitigation in SDN using an ensemble online machine learning model. IEEE Access, IEEE

  63. Smith A, Johnson B, Williams C (2024) A new cloud-based distributed denial of service (DDoS) dataset for advanced detection systems. J Cloud Comput Adv Syst Appl 10(3):45–60

    MATH  Google Scholar 

  64. Kumar D, Zhao E, Li F (2024) Comprehensive intrusion traffic characterization in cloud environments: challenges and solutions. IEEE Trans Cloud Comput 12(1):75–90

    MATH  Google Scholar 

  65. Brown G, Garcia H, Miller I (2024) A hybrid approach to DDoS detection: combining signature-based and anomaly-based methods. ACM Trans Cyber-Phys Syst 8(2):123–140

    MATH  Google Scholar 

  66. Lee J, Park K, Kim L (2024) Deep learning models for enhanced cloud security: a case study on DDoS detection. IEEE Access 12:20045–20060

    MATH  Google Scholar 

  67. Wang M, Patel N, Clark O (2024) Real-time intrusion detection in cloud platforms: design and implementation. Int J Inf Secur 23(4):215–230

    MATH  Google Scholar 

  68. Robinson P, Chen Q, Taylor R (2024) Traffic analysis and behavioral pattern recognition in cloud-based environments. J Netw Comput Appl 52(1):30–45

    MATH  Google Scholar 

  69. Martinez S, Wang T, Singh U (2024) Scalable DDoS mitigation strategies in multi-cloud architectures. Comput Secur 101:135–150

    MATH  Google Scholar 

Download references

Acknowledgements

This is our original research work.

Author information

Authors and Affiliations

  1. Department of Mathematics, Amrita School of Physical Sciences, Amrita Vishwa Vidyapeetham, Coimbatore, India

    G. Kirubavathi, I. R. Sumathi & J. Mahalakshmi

  2. Chitkara University Institute of Engineering and Technology, Chitkara University, Rajpura, Punjab, India

    Durgesh Srivastava

Authors
  1. G. Kirubavathi
    View author publications

    You can also search for this author inPubMed Google Scholar

  2. I. R. Sumathi
    View author publications

    You can also search for this author inPubMed Google Scholar

  3. J. Mahalakshmi
    View author publications

    You can also search for this author inPubMed Google Scholar

  4. Durgesh Srivastava
    View author publications

    You can also search for this author inPubMed Google Scholar

Contributions

GK contributed overall domain contributions, SIR contributed Mathematical part, JM and Durgesh thoroughly proof read the manuscript.

Corresponding author

Correspondence to G. Kirubavathi.

Ethics declarations

Conflict of interests

The authors declare no Conflict of interest.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

Rights and permissions

Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Kirubavathi, G., Sumathi, I.R., Mahalakshmi, J. et al. Detection and mitigation of TCP-based DDoS attacks in cloud environments using a self-attention and intersample attention transformer model. J Supercomput 81, 474 (2025). https://doi.org/10.1007/s11227-025-06940-5

Download citation

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11227-025-06940-5

Keywords