Submit

Login Login

Register Register

Home / Journals / CMC / Online First / doi:10.32604/cmc.2026.078546
Journal Menu
Special Issues
Table of Content

All issues

Online First

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Open Access

REVIEW

Graph and Transformer-Based Deep Learning Paradigms for DDoS Detection: A Systematic and Critical Survey

Noor Mueen Mohammed Ali Hayder1,2, Seyed Amin Hosseini Seno2,*, Mehdi Ebady Manaa3,4, Hamid Noori2, Davood Zabihzadeh5
1 Faculty of Nursing, Babylon University, Hilla, Iraq
2 Department of Computer Engineering, Ferdowsi University of Mashhad, Mashhad, Iran
3 Intelligent Medical Systems Department, College of Sciences, Al-Mustaqbal University, Babylon, Iraq
4 College of Information Technology, University of Babylon, Babylon, Iraq
5 Computer Engineering Department, Hakim Sabzevari University (HSU), Sabzevar, Iran
* Corresponding Author: Seyed Amin Hosseini Seno. Email: email
(This article belongs to the Special Issue: Advances in Machine Learning and Artificial Intelligence for Intrusion Detection Systems)

Computers, Materials & Continua https://doi.org/10.32604/cmc.2026.078546

Received 03 January 2026; Accepted 04 March 2026; Published online 31 March 2026

Abstract

With the rapid expansion of networked systems, Distributed Denial-of-Service (DDoS) attacks have become a major threat to Internet security and service availability. Due to their limited scalability, incapacity to capture temporal and relational relationships, and decreased detection accuracy under dynamic and high-volume network traffic, traditional machine learning algorithms frequently fail in large-scale DDoS scenarios. This encourages the application of deep learning techniques that can simulate intricate relationships. This survey systematically reviews graph-based deep learning and Transformer models for DDoS detection. We categorize methods for transforming network traffic into graph representations and analyze key architectures, including GraphSAGE, GCN, GAT, spatio-temporal Transformers, and hybrid GNN–Transformer models. We summarize the evaluation metrics, datasets, feature extraction strategies, and performance trends reported across existing studies. Results indicate that these approaches effectively capture topological and temporal patterns to detect coordinated attacks. Our comparative review shows that these approaches are capable of capturing both topological and temporal patterns in network traffic, enabling more accurate identification of coordinated DDoS attacks reported in the literature. Remaining challenges include explainability, scalability, data imbalance, and limited generalization. The survey’s contributions are a unified taxonomy, comparative analysis, identification of open challenges, and future research directions toward explainable, lightweight, and federated frameworks.

Keywords

Distributed Denial-of-Service (DDoS) detection; Graph Neural Networks (GNNs); transformer architecture; deep learning; network security; graph-based learning

  • 300

    View

  • 168

    Download

  • 0

    Like

Related articles
Copyright© 2026 Tech Science Press
© 1997-2026 TSP (Henderson, USA) unless otherwise stated

Share Link