ARTFEED — Contemporary Art Intelligence

Research Proposes Framework for Optimizing DDoS Detection in 5G Networks

ai-technology · 2026-04-22

A new study looks into ways to detect Distributed Denial-of-Service attacks in cloud-native 5G networks. It presents a simplified decision-making framework that evaluates whether it's better to use time-based or structure-based traits for spotting anomalies before training a model. This framework uses two main diagnostics: the lag-1 autocorrelation of a combined flow signal and the cumulative explained variance from PCA. If the results are unclear, the system may explore a mixed approach in the future. The research tested various algorithms, including Isolation Forest and KMeans, on two distinct datasets. Findings indicate that structural features often outperform time-based ones, especially when temporal dependencies are weaker. This work addresses a gap in research that typically assumes a fixed traffic model without assessing the best feature space. It appears on arXiv under Computer Science and Machine Learning.

Key facts

  • The study focuses on unsupervised anomaly detection for DDoS attacks in cloud-native 5G networks.
  • A lightweight decision framework prioritizes temporal or structural features before model training.
  • Two diagnostics are used: lag-1 autocorrelation of an aggregated flow signal and PCA cumulative explained variance.
  • A hybrid option is reserved as a future fallback when diagnostics are inconclusive.
  • Experiments used Isolation Forest, One-Class SVM, and KMeans algorithms on two distinct datasets.
  • Structural features consistently matched or outperformed temporal features in detection performance.
  • The performance gap widens as temporal dependence weakens.
  • The research is published on arXiv under Computer Science > Machine Learning.

Entities

Institutions

  • arXiv

Sources