An Intelligent Hybrid Machine Learning and Deep Learning–Based Intrusion Detection System for DDoS and Botnet Attacks

Intrusion Detection Systems (IDS) play a critical role in protecting modern networks from cyber threats. However, traditional signature-based IDS fail to detect unknown or polymorphic attacks, while anomaly-based approaches often generate high false-positive rates and struggle with scalability. To overcome these limitations, this study proposes an Intelligent Intrusion Detection System (IIDS) that integrates machine learning (ML) and deep learning (DL) techniques for effective detection of Distributed Denial-of-Service (DDoS) and botnet attacks.

The proposed framework employs a hybrid detection architecture combining supervised ML classifiers—Random Forest, Gradient Boosting, and Support Vector Machines—with deep learning models, including Convolutional Neural Networks (CNN) and Long Short-Term Memory (LSTM) networks. Feature selection and dimensionality reduction are performed using Principal Component Analysis (PCA) and autoencoders to reduce noise and improve computational efficiency. The system is trained and evaluated using the CICIDS2017 benchmark dataset, supplemented with simulated attack traffic to enhance realism.

Experimental results demonstrate that the hybrid ensemble model outperforms individual ML and DL models, achieving higher detection accuracy and significantly lower false-positive rates. The IIDS achieves an average accuracy above 98%, with improved recall for low-rate DDoS and botnet traffic. Additionally, explainable AI techniques are incorporated to enhance interpretability and operational trust.

The results confirm that integrating ML and DL within a scalable and adaptive framework significantly improves intrusion detection performance, making the proposed IIDS suitable for real-time deployment in cloud and edge-based network environments.