CBM-IDS: An Advanced Hybrid Deep Learning Model for DDoS Attack Detection in IoT Networks

Karamollaoglu, Hamdullah; Yucedag, Ibrahim; DOĞRU, İBRAHİM; TOKLU, SİNAN; ATACAK, İSMAİL

doi:10.3897/jucs.146099

CBM-IDS: An Advanced Hybrid Deep Learning Model for DDoS Attack Detection in IoT Networks

Karamollaoglu H., Yucedag I., DOĞRU İ. A., TOKLU S., ATACAK İ.

JOURNAL OF UNIVERSAL COMPUTER SCIENCE, cilt.32, sa.1, ss.108-132, 2026 (SCI-Expanded, Scopus)

Yayın Türü: Makale / Tam Makale
Cilt numarası: 32 Sayı: 1
Basım Tarihi: 2026
Doi Numarası: 10.3897/jucs.146099
Dergi Adı: JOURNAL OF UNIVERSAL COMPUTER SCIENCE
Derginin Tarandığı İndeksler: Science Citation Index Expanded (SCI-EXPANDED), Scopus, zbMATH, Directory of Open Access Journals
Sayfa Sayıları: ss.108-132
Gazi Üniversitesi Adresli: Evet

Özet

The rapid expansion of IoT devices has transformed industries while simultaneously introducing critical security vulnerabilities, particularly Distributed Denial-of-Service (DDoS) attacks that exploit the constrained resources of IoT systems. To address this challenge, a novel intrusion detection system (CBM-IDS) is proposed for the effective identification and mitigation of DDoS attacks in IoT environments. A hybrid deep learning framework is employed, integrating Convolutional Neural Networks (CNN) for spatial feature extraction, Bidirectional Long Short-Term Memory (BiLSTM) for temporal dependency analysis, and a Multi-Head Attention Mechanism (MHAM) to prioritize critical network traffic patterns. Model robustness is enhanced through Adaptive Synthetic Sampling (ADASYN) and One-Sided Selection (OSS) for class imbalance mitigation, along with dimensionality reduction using an Autoencoder combined with ANOVA F-test-based feature selection. The proposed system is evaluated on the CICDDoS2019 benchmark dataset, achieving a detection accuracy of 99.93%, which demonstrates its efficacy in real-world IoT security applications.