Umeå University's logo

Web servers are the backbone of modern Internet infrastructure, serving as the primary medium for online information distribution. Despite their critical role, web servers are susceptible to cyber-attacks. While current firewall mechanisms provide some level of protection against cyber threats, the evolving nature of these attacks and emerging vulnerabilities continue to pose significant risks. One of the most prevalent yet lethal attacks known today is DDoS (Distributed Denial of Service) attacks. These growing risks emphasize the urgent need for dynamic and robust threat detection and mitigation systems. This paper presents a comparative analysis of ensemble learning models (e.g., Random Forest, XGBoost, and LightGBM) and neural network-based models (e.g., Graph Neural Networks (GNN), Long Short-Term Memory networks (LSTM) with attention layers, and Gated Recurrent Units (GRU)) for DDoS attack detection and classification. Based on this analysis, we propose a real-time DDoS attack detection system integrated with a mitigation mechanism. The proposed system utilizes a two-tiered mitigation strategy assisted by UFW (Uncomplicated Firewall) and Apache server configuration files to block the incoming and outgoing traffic associated with suspicious IP addresses. The system's overall complexity, integrating both detection and response processes, ensures its efficiency in real-time environments while handling large volumes of traffic. Furthermore, the proposed approach achieves 15% improvement in detection accuracy and 20% reduction in false positives compared to traditional techniques, making it an effective and scalable solution for modern web server security.