Edge-Fog-Cloud Distributed Architecture for Intelligent DDoS Detection and Mitigation

Hedjaz Sabrine; Baadache Abderrahmane; Semchedine Fouzi

doi:10.2478/cait-2025-0034

.blurhash-client-img { display: none !important; }

Edge-Fog-Cloud Distributed Architecture for Intelligent DDoS Detection and Mitigation

Cybernetics and Information Technologies

Volume 25 (2025): Issue 4 (December 2025)

By: Hedjaz Sabrine, Baadache Abderrahmane and Semchedine Fouzi

Open Access

|Dec 2025

Abstract

Cloud and distributed infrastructures face significant challenges from increasingly sophisticated Distributed Denial-of-Service (DDoS) attacks. Real-time efficiency is limited by the latency and scalability issues that affect traditional centralized detection systems. This paper presents a multi-layered DDoS detection and mitigation framework built on the Edge-Fog-Cloud paradigm. Hierarchical intelligence is integrated into the architecture to strike a balance between adaptive defense, resource efficiency, and responsiveness. A threshold-guided lightweight classifier quickly distinguishes malicious, suspicious, and benign traffic at the edge. A compact Deep Neural Network (DNN) verifies anomalies in suspicious flows that are escalated to the fog. For context-aware mitigation, a deep classifier at the cloud layer categorizes confirmed attacks into two main families: reflection/amplification and exploitation. Evaluation on the CICDDoS2019 dataset demonstrates high accuracy, a low false-positive rate, and efficient traffic handling. The modular design ensures scalability and adaptability for modern distributed computing infrastructures.

References

Sharafaldin, I., A. H. Lashkari, S. Hakak, A. A. Ghorbani. Developing a Realistic Distributed Denial of Service (DDoS) Attack Dataset and Taxonomy. – In: Proc. of 53rd International Carnahan Conference on Security Technology, Chennai, India, 2019, IEEE, 2019.
Search in Google Scholar Back to article
AlSaleh, I., A. Al-Samawi, L. Nissirat. Novel Machine Learning Approach for DDoS Cloud Detection: Bayesian-Based CNN and Data Fusion Enhancements. – Sensors, Vol. 24, 2024, No 5, 1418.
Search in Google Scholar Back to article
Ec-Sabery, M., A. B. Abbou, A. Boushaba, F. Mrabti, R. B. Abbou. The Optimized Extreme Learning Machine (GA-OELM) for DDoS Attack Detection in a Cloud Environment. – Journal of Computer Science, Vol. 21, 2025, No 1, pp. 146-157.
Search in Google Scholar Back to article
Songa, A. V., G. R. Karri. An Integrated SDN Framework for Early Detection of DDoS Attacks in Cloud Computing. – Journal of Cloud Computing, Vol. 13, 2024, 64.
Search in Google Scholar Back to article
Amitha, M., M. Srivenkatesh. DDoS Attack Detection in Cloud Computing Using Deep Learning Algorithms. – International Journal of Intelligent Systems and Applications in Engineering, Vol. 11, 2023, No 4, pp. 82-90.
Search in Google Scholar Back to article
Gudla, S. P. K., S. K. Bhoi, S. R. Nayak, A. Verma. DI-ADS: A Deep Intelligent Distributed Denial of Service Attack Detection Scheme for Fog-Based IoT Applications. – Computational Intelligence and Neuroscience, Vol. 2022, 2022, pp. 1-17.
Search in Google Scholar Back to article
Bensaid, R., N. Labraoui, A. A. A. Ari, L. Maglaras, H. Saidi, A. M. A. Lwahhab, S. Benfriha. Toward a Real-Time TCP SYN Flood DDoS Mitigation Using an Adaptive Neuro-Fuzzy Classifier and SDN Assistance in Fog Computing. – Security and Communication Networks, Vol. 2023, 2023, 6651584.
Search in Google Scholar Back to article
Pokale, N. B., P. Sharma, D. T. Mane. Deep Hybrid Model for Attack Detection in IoT-Fog Architecture with Improved Feature Set and Optimal Training. – In: Web Intelligence, 2024.
Search in Google Scholar Back to article
Selim, I. M., R. A. Sadek. An Effective Fog-Aware NIDS for DDoS Attack Detection. – IAENG International Journal of Computer Science, Vol. 52, 2025, No 6, pp. 1806-1814.
Search in Google Scholar Back to article
Kurdi, H., V. Thayananthan. A Multi-Tier MQTT Architecture with Multiple Brokers Based on Fog Computing for Securing Industrial IoT. – Applied Sciences, Vol. 12, 2022, No 7173, pp. 1-15.
Search in Google Scholar Back to article
Naik, N. Choice of Effective Messaging Protocols for IoT Systems: MQTT, CoAP, AMQP, and HTTP. – In: IEEE International Systems Engineering Symposium (ISSE’17), Vol. 1, 2017, No 7, pp. 1-7.
Search in Google Scholar Back to article
Tavallaee, M., E. Bagheri, W. Lu, A. Ghorbani. A Detailed Analysis of the KDD Cup 99 Data Set. – In: Proc. of 2nd IEEE Symposium on Computational Intelligence for Security and Defense Applications. IEEE, 2009.
Search in Google Scholar Back to article
Divekar, A., M. Parekh, V. Savla, M. Shirole. Benchmarking Datasets for Anomaly-Based Network Intrusion Detection: KDD Cup 99 Alternatives. – In: Proc. of IEEE International Conference on Computing, Communication and Security, Kathmandu, Nepal, 2018, IEEE, 2018.
Search in Google Scholar Back to article
Sharafaldin, I., A. H. Lashkari, S. Hakak, A. A. Ghorbani. Toward Generating a New Intrusion Detection Dataset and Intrusion Traffic Characterization. – In: Proc. of 4th International Conference on Information Systems Security and Privacy (ICISSP’18), Portugal, 2018, Scitepress, 2018.
Search in Google Scholar Back to article
Ferri, C., J. Hernandez-Orallo, R. Modroiu. An Experimental Comparison of Performance Measures for Classification. – Pattern Recognition Letters, Vol. 30, 2009, No 1, pp. 27-38.
Search in Google Scholar Back to article
Gamage, S., J. Samarabandu. Deep Learning Methods in Network Intrusion Detection: A Survey and an Objective Comparison. – Pattern Recognition Letters, Vol. 169, 2020, No 2.
Search in Google Scholar Back to article
Gubta, B. B., M. Misra, R. C. Joshi. An ISP-Level Solution to Combat DDoS Attacks Using a Combined Statistical-Based Approach. – International Journal of Information Assurance and Security, Vol. 3, 2008, No 2, pp. 102-110.
Search in Google Scholar Back to article
Jisa, D., T. Siza. Efficient DDoS Flood Attack Detection Using Dynamic Thresholding on Flow-Based Network Traffic. – Computers and Security, Vol. 82, 2019, pp. 284-295.
Search in Google Scholar Back to article
Azahrani, R. J., A. Azahrani. Security Analysis of DDoS Attacks Using Machine Learning Algorithms in Network Traffic. – Electronics, Vol. 10, 2021, No 23.
Search in Google Scholar Back to article
Gaur, V., R. Kumar. Analysis of Machine Learning Classifiers for Early Detection of DDoS Attacks on IoT Devices. – Arabian Journal for Science and Engineering, Vol. 47, 2022, pp. 1353-1374.
Search in Google Scholar Back to article
Wijnhoven, R. G. J., P. H. N. de With. Fast Training of Object Detection Using Stochastic Gradient Descent. – In: Proc. of 20th International Conference on Pattern Recognition, Istanbul, Turkey, 2010, IEEE, 2010.
Search in Google Scholar Back to article
Probst, P., M. N. Wright, A.-L. Boulesteix. Hyperparameters and Tuning Strategies for Random Forest. – WIREs Data Mining and Knowledge Discovery, Vol. 9, 2019, No 3.
Search in Google Scholar Back to article
Zou, Q., S. Xie, Z. Lin, M. Wu, Y. Ju. Finding the Best Classification Threshold in an Imbalanced Classification. – Big Data Research, Vol. 5, 2016, pp. 2-8.
Search in Google Scholar Back to article
Jimin, L., Z. Jianye, Z. Huiqi, D. Xueyu, G. Xin. An Improved Random Forest Intrusion Detection Model Based on Tent Mapping. – In: Proc. of 4th World Symposium on Artificial Intelligence, Jilin, China, 2022. IEEE, 2022.
Search in Google Scholar Back to article
Barona, R., E. Baburaj. An Efficient DDoS Attack Detection and Categorization Using an Adolescent Identity Search-Based Weighted SVM Model. – Peer-to-Peer Networking and Applications, Vol. 16, 2023, No 2, pp. 1227-1241.
Search in Google Scholar Back to article
Faker, O., E. Dogdu. Intrusion Detection Using Big Data and Deep Learning Techniques. – In: Proc. of 2019 ACM SouthEast Conference (ACM SE’19), ACM, April 2019.
Search in Google Scholar Back to article
Banerjee, C., T. Mukherjee, E. Pasiliao. An Empirical Study on Generalizations of the ReLU Activation Function. – In: Proc. of 2019 ACM SouthEast Conference (ACM SE’19), ACM, April 2019.
Search in Google Scholar Back to article
Akhilesh, A. W., K. S. Brijesh. Performance Analysis of Sigmoid and ReLU Activation Functions in a Deep Neural Network. – In: A. Sheth, A. Sinhal, A. Shrivastava, A. K. Pandey, Eds. Intelligent Systems, Algorithms for Intelligent Systems, Springer, 2021, pp. 39-52.
Search in Google Scholar Back to article
Jadon, S. A Survey of Loss Functions for Semantic Segmentation. – In: Proc. of IEEE Conference on Computational Intelligence in Bioinformatics and Computational Biology (CIBCB’20), Via del Mar, Chile, 2020, IEEE, 2020.
Search in Google Scholar Back to article
Zaheer, R., S. Humera. A Study of the Optimization Algorithms in Deep Learning. – In: Proc. of 3rd International Conference on Inventive Systems and Control (ICISC’19), Coimbatore, India, 2019, IEEE, 2019.
Search in Google Scholar Back to article
Qian, N. On the Momentum Term in Gradient Descent Learning Algorithms. – Neural Networks, Vol. 12, 1999, No 1, pp. 145-151.
Search in Google Scholar Back to article
Sutskever, I., J. Martens, G. Dahl, G. Hinton. On the Importance of Initialization and Momentum in Deep Learning. – In: Proc. of 30th International Conference on International Conference on Machine Learning (ICML’13), ACM, 2013.
Search in Google Scholar Back to article
Shaikh, J., T. A. Syed, S. A. Shah, S. Jan, Q. Ul Ain, P. K. Singh. Advancing DDoS Attack Detection with Hybrid Deep Learning: Integrating Convolutional Neural Networks, PCA, and Vision Transformers. – International Journal on Smart Sensing and Intelligent Systems, Vol. 17, 2024, No 1, pp. 1-16.
Search in Google Scholar Back to article
Mehmood, S., R. Amin, J. Mustafa, M. Hussain, F. S. Alsubaei, M. D. Zakaria. Distributed Denial of Services (DDoS) Attack Detection in SDN Using Optimizer-Equipped CNN-MLP. – PLOS ONE, Vol. 20, 2025, No 1.
Search in Google Scholar Back to article
AlSaleh, I., A. Al-Samawi, L. Nissirat. Novel Machine-Learning Approach for DDoS Cloud Detection: Bayesian-Based CNN and Data Fusion Enhancements. – Sensors, Vol. 24, 2024, No 5, 1418.
Search in Google Scholar Back to article
Abdullah, E., K. Yildiz. Detection of DDoS Attacks with Feed-Forward Based Deep Neural Network Model. – Expert Systems with Applications, Vol. 486, 2021, No 3, pp. 75-174.
Search in Google Scholar Back to article

Articles in this issue

DOI: https://doi.org/10.2478/cait-2025-0034 | Journal eISSN: 1314-4081 | Journal ISSN: 1311-9702

Journal RSS Feed

Language: English

Page range: 78 - 97

Submitted on: Sep 16, 2025

Accepted on: Nov 6, 2025

Published on: Dec 11, 2025

Published by: Bulgarian Academy of Sciences, Institute of Information and Communication Technologies

In partnership with: Paradigm Publishing Services

Publication frequency: 4 issues per year

Keywords:

Edge-Fog-Cloud architecture,

DDoS detection,

Lightweight threshold-based filtering,

DNN,

Adaptive mitigation

Related subjects:

Computer sciences,

Information technology

© 2025 Hedjaz Sabrine, Baadache Abderrahmane, Semchedine Fouzi, published by Bulgarian Academy of Sciences, Institute of Information and Communication Technologies
This work is licensed under the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 License.

Volume 25 (2025): Issue 4 (December 2025)