EconPapers    
Economics at your fingertips  

EconPapers Home
About EconPapers

Working Papers
Journal Articles
Books and Chapters
Software Components

Authors

JEL codes
New Economics Papers

Advanced Search


EconPapers FAQ
Archive maintainers FAQ
Cookies at EconPapers

Format for printing

The RePEc blog
The RePEc plagiarism page

 

Method for Detecting Low-Intensity DDoS Attacks Based on a Combined Neural Network and Its Application in Law Enforcement Activities

Serhii Vladov (), Oksana Mulesa (), Victoria Vysotska, Petro Horvat, Nataliia Paziura, Oleksandra Kolobylina, Oleh Mieshkov, Oleksandr Ilnytskyi and Oleh Koropatov
Additional contact information
Serhii Vladov: Department of Scientific Activity Organisation, Kharkiv National University of Internal Affairs, 27, L. Landau Avenue, 61080 Kharkiv, Ukraine
Oksana Mulesa: Department of Physics, Mathematics and Technologies, University of Prešov, 3, Námestie Legionárov, 080 01 Prešov, Slovakia
Victoria Vysotska: Department of Combating Cybercrime, Kharkiv National University of Internal Affairs, 27, L. Landau Avenue, 61080 Kharkiv, Ukraine
Petro Horvat: Department of Computer Systems and Networks, Uzhhorod National University, 3, Narodna Square, 88000 Uzhhorod, Ukraine
Nataliia Paziura: Aviation English Department, State University “Kyiv Aviation Institute”, 1, Liubomyra Huzara Avenue, 03680 Kyiv, Ukraine
Oleksandra Kolobylina: Department of Legal Disciplines, Sumy Branch of Kharkiv National University of Internal Affairs, 24 Miru Street, 40007 Sumy, Ukraine
Oleh Mieshkov: Fire and Electrical Research Sector of the Engineering and Technical Research Laboratory, National Scientific Centre “Hon. Prof. M. S. Bokarius Forensic Science Institute”, 8-A, Zolochivska Street, 61177 Kharkiv, Ukraine
Oleksandr Ilnytskyi: Department of Scientific and Organisational Support for Interaction with State Authorities and the Public, National Academy of Legal Sciences of Ukraine, 70, Hryhorii Skovoroda Street, 61024 Kharkiv, Ukraine
Oleh Koropatov: Department of Administrative and Legal Disciplines, Odesa State University of Internal Affairs, 1 Uspenska Street, 65014 Odesa, Ukraine

Data, 2025, vol. 10, issue 11, 1-55

Abstract: The article presents a method for detecting low-intensity DDoS attacks, focused on identifying difficult-to-detect “low-and-slow” scenarios that remain undetectable by traditional defence systems. The key feature of the developed method is the statistical criteria’s ( χ 2 and T statistics, energy ratio, reconstruction errors) integration with a combined neural network architecture, including convolutional and transformer blocks coupled with an autoencoder and a calibrated regressor. The developed neural network architecture combines mathematical validity and high sensitivity to weak anomalies with the ability to generate interpretable artefacts that are suitable for subsequent forensic analysis. The developed method implements a multi-layered process, according to which the first level statistically evaluates the flow intensity and interpacket intervals, and the second level processes features using a neural network module, generating an integral blend-score S metric. ROC-AUC and PR-AUC metrics, learning curve analysis, and the estimate of the calibration error (ECE) were used for validation. Experimental results demonstrated the superiority of the proposed method over existing approaches, as the achieved values of ROC-AUC and PR-AUC were 0.80 and 0.866, respectively, with an ECE level of 0.04, indicating a high accuracy of attack detection. The study’s contribution lies in a method combining statistical and neural network analysis development, as well as in ensuring the evidentiary value of the results through the generation of structured incident reports (PCAP slices, time windows, cryptographic hashes). The obtained results expand the toolkit for cyber-attack analysis and open up prospects for the methods’ practical application in monitoring systems and law enforcement agencies.

Keywords: low-intensity DDoS attacks; anomaly detection; interpacket intervals; statistical criteria; neural network models; autoencoder; transformer; energy ratio; network traffic forensics; law enforcement (search for similar items in EconPapers)
JEL-codes: C8 C80 C81 C82 C83 (search for similar items in EconPapers)
Date: 2025
References: Add references at CitEc
Citations:

Downloads: (external link)
https://www.mdpi.com/2306-5729/10/11/173/pdf (application/pdf)
https://www.mdpi.com/2306-5729/10/11/173/ (text/html)

Related works:
This item may be available elsewhere in EconPapers: Search for items with the same title.

Export reference: BibTeX RIS (EndNote, ProCite, RefMan) HTML/Text

Persistent link: https://EconPapers.repec.org/RePEc:gam:jdataj:v:10:y:2025:i:11:p:173-:d:1783789

Access Statistics for this article

Data is currently edited by Ms. Becky Zhang

More articles in Data from MDPI
Bibliographic data for series maintained by MDPI Indexing Manager ().

 
Share

RePEc
This site is part of RePEc and all the data displayed here is part of the RePEc data set.

Is your work missing from RePEc? Here is how to contribute.

Questions or problems? Check the EconPapers FAQ or send mail to .

Örebro UniversityEconPapers is hosted by the School of Business at Örebro University.

Page updated 2025-11-01
Handle: RePEc:gam:jdataj:v:10:y:2025:i:11:p:173-:d:1783789