Open Access

ARTICLE

FRF-BiLSTM: Recognising and Mitigating DDoS Attacks through a Secure Decentralized Feature Optimized Federated Learning Approach

Sushruta Mishra¹, Sunil Kumar Mohapatra², Kshira Sagar Sahoo³, Anand Nayyar⁴, Tae-Kyung Kim^5,*

1 School of Computer Engineering, Kalinga Institute of Industrial Technology (Deemed to be University), Bhubaneswar, 751024, Odisha, India
2 Department of Computer Science and Engineering, Centurion University of Technology and Management, Bhubaneswar, 761211, Odisha, India
3 Department of Computer Science and Engineering, SRM University-AP, Amaravati, 522240, Andhra Pradesh, India
4 School of Computer Science, Duy Tan University, Da Nang, 550000, Vietnam
5 Department of Management Information Systems, Chungbuk National University, Cheongju-Si, 28644, Chungcheongbuk-Do, Republic of Korea

* Corresponding Author: Tae-Kyung Kim. Email:

(This article belongs to the Special Issue: Advances in Machine Learning and Artificial Intelligence for Intrusion Detection Systems)

Computers, Materials & Continua 2026, 86(3), 45 https://doi.org/10.32604/cmc.2025.072493

Received 28 August 2025; Accepted 21 October 2025; Issue published 12 January 2026

Abstract

With an increase in internet-connected devices and a dependency on online services, the threat of Distributed Denial of Service (DDoS) attacks has become a significant concern in cybersecurity. The proposed system follows a multi-step process, beginning with the collection of datasets from different edge devices and network nodes. To verify its effectiveness, experiments were conducted using the CICDoS2017, NSL-KDD, and CICIDS benchmark datasets alongside other existing models. Recursive feature elimination (RFE) with random forest is used to select features from the CICDDoS2019 dataset, on which a BiLSTM model is trained on local nodes. Local models are trained until convergence or stability criteria are met while simultaneously sharing the updates globally for collaborative learning. A centralised server evaluates real-time traffic using the global BiLSTM model, which triggers alerts for potential DDoS attacks. Furthermore, blockchain technology is employed to secure model updates and to provide an immutable audit trail, thereby ensuring trust and accountability among network nodes. This research introduces a novel decentralized method called Federated Random Forest Bidirectional Long Short-Term Memory (FRF-BiLSTM) for detecting DDoS attacks, utilizing the advanced Bidirectional Long Short-Term Memory Networks (BiLSTMs) to analyze sequences in both forward and backward directions. The outcome shows the proposed model achieves a mean accuracy of 97.1% with an average training delay of 88.7 s and testing delay of 21.4 s. The model demonstrates scalability and the best detection performance in large-scale attack scenarios.

---

Keywords

---