CICDDoS2019 Multi Class Classification Using Hybrid Deep Learning Models (CNN BiLSTM, ResGRU, Transformer)
Objective
The primary objective is to develop a multi?class DDoS attack detection system using the CICDDoS2019 dataset. The project implements and compares four deep learning architectures – CNN?BiLSTM?Attention, Residual GRU, Transformer Encoder, and Hybrid CNN?Transformer – to classify network traffic into 18 distinct categories: Benign and 17 attack classes including DrDoS_NTP, Syn, UDP, TFTP, Portmap, etc. The goal is to achieve high accuracy and F1?score, and to deploy the best?performing model in a Flask web application for interactive prediction.
Abstract
Distributed Denial of Service (DDoS) attacks continue to evolve, making accurate multi‑class detection a challenging task. This project presents a deep learning framework for classifying network traffic into 18 categories (one benign and 17 attack types) using the CICDDoS2019 dataset. The original dataset contains 79 features; a feature selection step based on ANOVA F‑test retains the top 20 most discriminative features. To address severe class imbalance, a balanced dataset of 200,000 samples is created through statistical resampling and controlled perturbation of existing instances. Four advanced neural architectures are implemented and compared: (1) a hybrid model combining convolutional neural networks, bidirectional long short‑term memory, and an attention layer; (2) a residual gated recurrent unit network with skip connections; (3) a transformer encoder with multi‑head self‑attention; and (4) a hybrid CNN‑transformer model. Each architecture processes the 20 features as a univariate time series. Training employs standard scaling, cosine learning rate decay, early stopping, and categorical cross‑entropy loss. Evaluation metrics include accuracy, precision, recall, F1‑score, and confusion matrices. The hybrid CNN‑transformer achieves the highest performance across all classes. The final model is packaged into a Flask web application with user registration, login, an interactive dashboard, model performance visualisation, and a prediction interface that returns both the attack class and descriptive mitigation guidance.
Keywords: DDoS detection, deep learning, CNN‑transformer, CICDDoS2019, multi‑class classification, feature selection, attention mechanism, residual GRU, network security, class balancingNOTE: Without the concern of our team, please don't submit to the college. This Abstract varies based on student requirements.
Block Diagram
Specifications
Hardware Requirements
The following hardware specifications are recommended for developing, training, and running the DDoS attack classification system. Training deep learning models (CNN‑BiLSTM‑Attention, ResGRU, Transformer, Hybrid CNN‑Transformer) benefits significantly from a GPU, but CPU‑only execution is sufficient for inference and web deployment.
Component
Minimum Requirement
Recommended Requirement
Processor
Intel Core i5 (10th gen or newer) or AMD equivalent
Intel Core i7 / i9 (12th gen+) or AMD Ryzen 7/9
RAM
8 GB
16 GB or higher (32 GB for large dataset processing)
Hard Disk
160 GB (SSD preferred)
512 GB NVMe SSD
GPU (Optional)
None (CPU only for inference)
NVIDIA GPU with 8 GB VRAM (e.g., RTX 2070, RTX 3060, RTX 4060, Tesla P100)
Keyboard
Standard keyboard
Standard USB/wireless keyboard
Mouse
Two or three button mouse
Optical mouse
Monitor
SVGA (1024×768)
Full HD (1920×1080) or higher
Additional Notes:
· Training the hybrid CNN‑transformer model on the 200k balanced dataset takes approximately 2‑3 hours on a Tesla P100 GPU. CPU training may take 10‑15 hours.
· For inference (web application), a basic CPU with 8 GB RAM is sufficient to serve predictions in under 3 seconds per request.
Software Requirements
The software requirements specification for the DDoSGuard AI project (using four deep learning models with a Flask web interface and MySQL database) is presented below.
Category
Requirement
Operating System
Windows 10/11, Linux (Ubuntu 20.04+), or macOS 11+ (for development only; deployment on Linux server recommended)
Frontend Languages
HTML5, CSS3, JavaScript (Bootstrap 5 for UI)
Backend Language
Python 3.8 or higher
Web Framework
Flask 2.0+
Deep Learning Framework
TensorFlow 2.10+ (Keras API)
Data Handling
pandas, numpy, scipy
Preprocessing & Feature Selection
scikit‑learn 1.2+ (StandardScaler, SelectKBest, LabelEncoder)
Model Serialisation
TensorFlow SavedModel format (.keras), joblib (for scaler, encoder)
Database
MySQL 8.0+ (for user credentials – users table)
Database Connector
mysql‑connector‑python or PyMySQL
Visualisation (Offline)
matplotlib, seaborn (for training charts, confusion matrix)
Development Environment
VS Code, Jupyter Notebook, Kaggle Notebook
Version Control
Git (optional)
Browser Compatibility
Google Chrome, Mozilla Firefox, Microsoft Edge (latest versions)
Paper Publishing
Request Call Back
Would you like to receive a free callback now?
Choose the best time for callback:
Leave your message and we will contact you as soon as possible
6-2-85/B, Old Maternity Hospital Road, Thyagaraja Nagar, Tirupati, Andhra Pradesh – 517501
+91 9030333433
+91 9393939065
0877-2261612
Disclaimer - Takeoff Edu Group Projects are not associated or affiliated with IEEE in any way. The IEEE Projects mentioned here are mentioned in the context of student projects, whose ideas are derived from IEEE publications, not projects of or by IEEE.
