A team at De Montfort University Leicester (DMU) has published new research exploring how artificial intelligence can be used more effectively to identify destructive and harmful forms of cyber-attacks.
A distributed denial of service (DDoS) attack occurs when a malicious attacker, such as a cybercriminal or hacktivist, overwhelms a website, network, or online service with a wave of malicious traffic, making it unavailable to legitimate users.
The UK’s National Cyber Security Center (NCSC) has repeatedly warned of the growing threat from DDoS attacks, including campaigns by pro-Russian hacktivist groups such as NoName05716, targeting UK organizations and critical infrastructure.
Adrian Kwiecien, DMU graduate student studying data analytics, and Waddah Saeed, senior lecturer in data analytics at DMU, investigated whether AI models can detect such cyberattacks quickly, efficiently, and reliably enough to be used in real-world environments.
A recently published study evaluated 210 different machine learning pipelines using the leading cybersecurity dataset CICDDoS2019. These combine five popular AI classifiers, three feature selection methods, two tuning approaches, and seven different training and testing splits.
Unlike many previous studies, this study looked beyond standard accuracy scores. We also measured practical factors such as training time, inference time, CPU usage, and memory consumption.
“The strongest pipeline overall used a decision tree classifier with recursive feature removal and grid search tuning. It achieves a good balance between detection performance and low computational cost, making it a promising option for resource-constrained environments.”
“Our research also found that tree-based machine learning models generally offer the best trade-off between accuracy, speed, and interpretability. This is important because cybersecurity teams need systems that are not only effective, but actually understandable and manageable.”
However, the study also found that when the best-performing models were tested on a different dataset, their performance dropped significantly. This suggests that AI models used to detect cyber-attacks may have difficulties when faced with a variety of real-world network situations.
Data processing workflow showing the order of operations: Evaluating supervised machine learning pipelines for identifying distributed denial-of-service attacks using traditional computational performance metrics Written by Adrian Kwiecien and Waddah Saeed.
The findings highlight the need for a more realistic evaluation of AI-based cybersecurity tools before deployment. Rather than focusing only on accuracy, developers and organizations need to evaluate whether their models are fast, efficient, scalable, and reliable across different datasets.
This research provides practical guidance for researchers, cybersecurity professionals, and organizations developing machine learning systems to defend against DDoS attacks.
The full research paper can be found here: https://www.mdpi.com/2297-8747/31/2/62
Posted on: Tuesday, May 12, 2026
