Open-Set Recognition of Unknown DDoS Attacks Using Reciprocal Points Learning and Machine Learning Classifiers

International Journal of Emerging Research in Science, Engineering, and Management
Vol. 2, Issue 1, pp. 306-311, January 2026.

https://doi.org/10.58482/ijersem.v2i1.41

This work is licensed under a Creative Commons Attribution 4.0 International License.

Open-Set Recognition of Unknown DDoS Attacks Using Reciprocal Points Learning and Machine Learning Classifiers

Full Text PDF

B Jhansi

T Susmitha

Shivam Saurabh

Paipuri Vamsi Krishna

Shaik Mastan Hussain

Alisha Sinha

Department of CSE, Siddartha Institute of Science and Technology, Puttur, India.

Abstract: Distributed Denial of Service (DDoS) attacks continue to pose a significant threat to modern network infrastructures, particularly due to the emergence of previously unseen and evolving attack patterns. Conventional intrusion detection systems predominantly rely on closed-set assumptions, limiting their effectiveness against unknown or zero-day DDoS attacks. To address this challenge, this paper proposes an open-set recognition framework for DDoS attack detection based on Reciprocal Points Learning (RPL). The proposed approach leverages network traffic features such as flow duration, packet statistics, and statistical flow characteristics to distinguish normal traffic, known DDoS attacks, and unknown attack instances. Machine learning classifiers, including Passive Aggressive, Random Forest, and Decision Tree models, are employed to evaluate the effectiveness of the proposed framework. Experimental analysis demonstrates that the integration of Reciprocal Points Learning significantly enhances the system’s capability to identify unknown DDoS attacks while maintaining high detection accuracy for known classes. The results indicate that the proposed framework provides a robust and adaptable solution for proactive DDoS detection in dynamic and evolving network environments.

Keywords: Open-set recognition, DDoS attack detection, Reciprocal Points Learning, Machine learning, Network security.

References: 

  1. S. Kumar, M. Dwivedi, M. Kumar, and S. S. Gill, “A comprehensive review of vulnerabilities and AI-enabled defense against DDoS attacks for securing cloud services,” Computer Science Review, vol. 53, p. 100661, Aug. 2024, doi: 10.1016/j.cosrev.2024.100661.
  2. X. Fu et al., “Deep learning techniques for DDoS attack detection: Concepts, analyses, challenges, and future directions,” Expert Systems With Applications, vol. 291, p. 128469, Jun. 2025, doi: 10.1016/j.eswa.2025.128469.
  3. M. Yue, H. Yan, R. Han, and Z. Wu, “A DDoS attack detection method based on IQR and DFFCNN in SDN,” Journal of Network and Computer Applications, vol. 240, p. 104203, Apr. 2025, doi: 10.1016/j.jnca.2025.104203.
  4. A. Alabdulatif, N. N. Thilakarathne, and M. Aashiq, “Machine learning enabled novel Real-Time IoT targeted DOS/DDOS Cyber Attack Detection System,” Computers, Materials & Continua/Computers, Materials & Continua (Print), vol. 80, no. 3, pp. 3655–3683, Jan. 2024, doi: 10.32604/cmc.2024.054610.
  5. J. K. Chahal, A. Bhandari, and S. Behal, “DDoS attacks & defense mechanisms in SDN-enabled cloud: Taxonomy, review and research challenges,” Computer Science Review, vol. 53, p. 100644, Jun. 2024, doi: 10.1016/j.cosrev.2024.100644.
  6. D. M. A. A. Afraji, J. Lloret, and L. Peñalver, “Deep learning-driven defense strategies for mitigating DDoS attacks in cloud computing environments,” Cyber Security and Applications, vol. 3, p. 100085, Jan. 2025, doi: 10.1016/j.csa.2025.100085.
  7. E. P. Farias, A. B. De Neira, L. F. Borges, and M. Nogueira, “Transformers model for DDoS attack detection: A survey,” Computer Networks, vol. 270, p. 111433, Jun. 2025, doi: 10.1016/j.comnet.2025.111433.
  8. C. -S. Shieh, T.-L. Nguyen, T.-T. Nguyen, and M.-F. Horng, “Unknown DDoS Attack Detection with Sliced Iterative Normalizing Flows Technique,” Computers, Materials & Continua/Computers, Materials & Continua (Print), vol. 82, no. 3, pp. 4881–4912, Jan. 2025, doi: 10.32604/cmc.2025.061001.
  9. C. Singh and A. K. Jain, “A comprehensive survey on DDoS attacks detection & mitigation in SDN-IoT network,” e-Prime – Advances in Electrical Engineering Electronics and Energy, vol. 8, p. 100543, Apr. 2024, doi: 10.1016/j.prime.2024.100543.
  10. S. Behal, K. Kumar, and M. Sachdeva, “Characterizing DDoS attacks and flash events: Review, research gaps and future directions,” Computer Science Review, vol. 25, pp. 101–114, Aug. 2017, doi: 10.1016/j.cosrev.2017.07.003.
  11. Md. T. Khorshed, A. B. M. S. Ali, and S. A. Wasimi, “A survey on gaps, threat remediation challenges and some thoughts for proactive attack detection in cloud computing,” Future Generation Computer Systems, vol. 28, no. 6, pp. 833–851, Jan. 2012, doi: 10.1016/j.future.2012.01.006.
  12. K. Singh, P. Singh, and K. Kumar, “Application layer HTTP-GET flood DDoS attacks: Research landscape and challenges,” Computers & Security, vol. 65, pp. 344–372, Oct. 2016, doi: 10.1016/j.cose.2016.10.005.
Download PDF

This article is part of Volume 2, Issue 1 (January 2026)