@Article{cmc.2026.078546,
AUTHOR = {Noor Mueen Mohammed Ali Hayder, Seyed Amin Hosseini Seno, Mehdi Ebady Manaa, Hamid Noori, Davood Zabihzadeh},
TITLE = {Graph and Transformer-Based Deep Learning Paradigms for DDoS Detection: A Systematic and Critical Survey},
JOURNAL = {Computers, Materials \& Continua},
VOLUME = {},
YEAR = {},
NUMBER = {},
PAGES = {{pages}},
URL = {http://www.techscience.com/cmc/online/detail/26387},
ISSN = {1546-2226},
ABSTRACT = {With the rapid expansion of networked systems, Distributed Denial-of-Service (DDoS) attacks have become a major threat to Internet security and service availability. Due to their limited scalability, incapacity to capture temporal and relational relationships, and decreased detection accuracy under dynamic and high-volume network traffic, traditional machine learning algorithms frequently fail in large-scale DDoS scenarios. This encourages the application of deep learning techniques that can simulate intricate relationships. This survey systematically reviews graph-based deep learning and Transformer models for DDoS detection. We categorize methods for transforming network traffic into graph representations and analyze key architectures, including GraphSAGE, GCN, GAT, spatio-temporal Transformers, and hybrid GNN–Transformer models. We summarize the evaluation metrics, datasets, feature extraction strategies, and performance trends reported across existing studies. Results indicate that these approaches effectively capture topological and temporal patterns to detect coordinated attacks. Our comparative review shows that these approaches are capable of capturing both topological and temporal patterns in network traffic, enabling more accurate identification of coordinated DDoS attacks reported in the literature. Remaining challenges include explainability, scalability, data imbalance, and limited generalization. The survey’s contributions are a unified taxonomy, comparative analysis, identification of open challenges, and future research directions toward explainable, lightweight, and federated frameworks.},
DOI = {10.32604/cmc.2026.078546}
}