Transformers model for DDoS attack detection: A survey

IF 4.6 2区计算机科学 Q1 COMPUTER SCIENCE, HARDWARE & ARCHITECTURE

Computer Networks Pub Date : 2025-06-23 DOI:10.1016/j.comnet.2025.111433

Euclides Peres Farias Junior , Anderson Bergamini de Neira , Ligia Fracielle Borges , Michele Nogueira

{"title":"Transformers model for DDoS attack detection: A survey","authors":"Euclides Peres Farias Junior , Anderson Bergamini de Neira , Ligia Fracielle Borges , Michele Nogueira","doi":"10.1016/j.comnet.2025.111433","DOIUrl":null,"url":null,"abstract":"<div><div>Distributed Denial of Service (DDoS) attack detection through Transformer models is one of the innovative Deep Learning applications. DDoS attacks are hard to handle and there is no definitive solution. Therefore, detecting DDoS attacks based on the Transformer architecture are being widely explored because of its versatility and customization. Transformer architectures analyze network traffic and identify malicious patterns, given different advantages from these architectures, such as the processing capacity in long sequences, the attention mechanism (a.k.a., self-attention) aimed at capturing complex patterns in the identification of malicious traffic, real-time detection through parallelism, the generalization to new types of attacks and, finally, the complete integration with other artificial intelligence techniques. Therefore, this survey is an extensive literature review providing an overview of the Transformer Architecture through different applied models, strategies for data preprocessing, and applications in various types of data, including real-time, address different machine learning techniques and deep learning. Thus, it analyzed 45 papers that focus on detecting DDoS attacks. The F1-Score of the DDoS attack detection identified in the papers varies between 47.40% and 100.00%. This survey contributes to the understanding of relevant aspects in different models applied in transformer architecture and thus emphasizes open issues and research directions.</div></div>","PeriodicalId":50637,"journal":{"name":"Computer Networks","volume":"270 ","pages":"Article 111433"},"PeriodicalIF":4.6000,"publicationDate":"2025-06-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Networks","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1389128625004001","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, HARDWARE & ARCHITECTURE","Score":null,"Total":0}

引用次数: 0

Abstract

Distributed Denial of Service (DDoS) attack detection through Transformer models is one of the innovative Deep Learning applications. DDoS attacks are hard to handle and there is no definitive solution. Therefore, detecting DDoS attacks based on the Transformer architecture are being widely explored because of its versatility and customization. Transformer architectures analyze network traffic and identify malicious patterns, given different advantages from these architectures, such as the processing capacity in long sequences, the attention mechanism (a.k.a., self-attention) aimed at capturing complex patterns in the identification of malicious traffic, real-time detection through parallelism, the generalization to new types of attacks and, finally, the complete integration with other artificial intelligence techniques. Therefore, this survey is an extensive literature review providing an overview of the Transformer Architecture through different applied models, strategies for data preprocessing, and applications in various types of data, including real-time, address different machine learning techniques and deep learning. Thus, it analyzed 45 papers that focus on detecting DDoS attacks. The F1-Score of the DDoS attack detection identified in the papers varies between 47.40% and 100.00%. This survey contributes to the understanding of relevant aspects in different models applied in transformer architecture and thus emphasizes open issues and research directions.

查看原文本刊更多论文

用于DDoS攻击检测的transformer模型：综述

基于Transformer模型的分布式拒绝服务（DDoS）攻击检测是深度学习的创新应用之一。DDoS攻击很难处理，也没有明确的解决方案。因此，基于Transformer体系结构的DDoS攻击检测由于其通用性和可定制性而得到了广泛的研究。变压器架构分析网络流量并识别恶意模式，与这些架构相比具有不同的优势，例如长序列的处理能力、旨在捕获恶意流量识别中复杂模式的关注机制（即自关注）、通过并行进行实时检测、对新类型攻击的推广以及与其他人工智能技术的完全集成。因此，本调查是一个广泛的文献综述，通过不同的应用模型、数据预处理策略和各种类型数据的应用（包括实时），提供Transformer架构的概述，解决不同的机器学习技术和深度学习。因此，分析了45篇专注于检测DDoS攻击的论文。论文中发现的DDoS攻击检测的F1-Score在47.40% - 100.00%之间。这一调查有助于了解变压器结构中不同模型的相关方面，从而强调开放性问题和研究方向。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Computer Networks 工程技术-电信学

CiteScore

10.80

自引率

3.60%

发文量

434

审稿时长

8.6 months

期刊介绍： Computer Networks is an international, archival journal providing a publication vehicle for complete coverage of all topics of interest to those involved in the computer communications networking area. The audience includes researchers, managers and operators of networks as well as designers and implementors. The Editorial Board will consider any material for publication that is of interest to those groups.