An Agent-Oriented Adaptive Machine Learning Framework for Bias-Aware DDoS Attack Identification

Authors

  • Bekov Sanjar Nigmandjanovich Independent Researcher at Tashkent International University

DOI:

https://doi.org/10.51699/cajitmf.v7i3.1321

Keywords:

DDoS Detection, Multi-Agent Systems, Agent-Oriented Programming, Machine Learning, Evidence Fusion, Model Selection, Dataset Bias, Anomaly Detection, Explainable AI

Abstract

Distributed Denial-of-Service (DDoS) attacks constitute a persistent and significant threat to the availability of Internet services, cloud platforms, and Internet of Things infrastructures. Numerous machine-learning approaches conceptualize DDoS detection as a single classification task, in which a single model labels network traffic as either benign or malicious. While such systems may demonstrate strong performance on benchmark datasets, they remain susceptible to dataset bias, class imbalance, concept drift, suboptimally calibrated thresholds, and limited interpretability. This study introduces an agent-oriented, adaptive machine-learning framework that allocates traffic monitoring, feature extraction, supervised classification, anomaly detection, normal-behavior modeling, transparent rule analysis, evidence fusion, explanation, analyst feedback, and bias monitoring to specialized agents. The architecture amalgamates independent sources of evidence, thereby mitigating overreliance on any single model, dataset, or feature family. The proposed methodology employs CIC-DDoS2019 for primary offline training and incorporates cross-dataset testing, nested cross-validation, per-attack metrics, probability calibration, agent-ablation studies, and concept-drift monitoring. An event-driven Spring microservice implementation facilitates modular model replacement. Rather than asserting unverified experimental results, this paper provides a reproducible architecture and evaluation protocol, thereby laying the foundation for developing adaptive, interpretable, and bias-aware multi-agent DDoS detection systems.

References

R. Abu Bakar, X. Huang, M. S. Javed, S. Hussain, and M. F. Majeed, “An intelligent agent-based detection system for DDoS attacks using automatic feature extraction and selection,” Sensors, vol. 23, no. 6, p. 3333, 2023.

J. S. Balasubramaniyan, J. O. Garcia-Fernandez, D. Isacoff, E. Spafford, and D. Zamboni, “An architecture for intrusion detection using autonomous agents,” in Proc. 14th Annual Computer Security Applications Conf., 1998, pp. 13–24.

F. L. Bellifemine, G. Caire, and D. Greenwood, Developing Multi-Agent Systems with JADE. Chichester, UK: Wiley, 2007.

L. Breiman, “Random forests,” Machine Learning, vol. 45, pp. 5–32, 2001.

A. L. Buczak and E. Guven, “A survey of data mining and machine learning methods for cyber security intrusion detection,” IEEE Communications Surveys & Tutorials, vol. 18, no. 2, pp. 1153–1176, 2016.

T. Chen and C. Guestrin, “XGBoost: A scalable tree boosting system,” in Proc. 22nd ACM SIGKDD Int. Conf. Knowledge Discovery and Data Mining, 2016, pp. 785–794.

A. A. Diro and N. Chilamkurti, “Distributed attack detection scheme using deep learning approach for Internet of Things,” Future Generation Computer Systems, vol. 82, pp. 761–768, 2018.

R. Doshi, N. Apthorpe, and N. Feamster, “Machine learning DDoS detection for consumer Internet of Things devices,” in Proc. IEEE Security and Privacy Workshops, 2018, pp. 29–35.

J. Gama, I. Zliobaite, A. Bifet, M. Pechenizkiy, and A. Bouchachia, “A survey on concept drift adaptation,” ACM Computing Surveys, vol. 46, no. 4, Art. 44, 2014.

C. Guo, G. Pleiss, Y. Sun, and K. Q. Weinberger, “On calibration of modern neural networks,” in Proc. 34th Int. Conf. Machine Learning, 2017, pp. 1321–1330.

H. He and E. A. Garcia, “Learning from imbalanced data,” IEEE Trans. Knowledge and Data Engineering, vol. 21, no. 9, pp. 1263–1284, 2009.

R. Kohavi, “A study of cross-validation and bootstrap for accuracy estimation and model selection,” in Proc. 14th Int. Joint Conf. Artificial Intelligence, 1995, pp. 1137–1144.

N. Koroniotis, N. Moustafa, E. Sitnikova, and B. Turnbull, “Towards the development of a realistic botnet dataset in IoT: Bot-IoT dataset,” Future Generation Computer Systems, vol. 100, pp. 779–796, 2019.

F. T. Liu, K. M. Ting, and Z.-H. Zhou, “Isolation Forest,” in Proc. 8th IEEE Int. Conf. Data Mining, 2008, pp. 413–422.

S. M. Lundberg and S.-I. Lee, “A unified approach to interpreting model predictions,” in Advances in Neural Information Processing Systems 30, 2017.

J. Mirkovic and P. Reiher, “A taxonomy of DDoS attack and DDoS defense mechanisms,” ACM SIGCOMM Computer Communication Review, vol. 34, no. 2, pp. 39–53, 2004.

N. Moustafa and J. Slay, “UNSW-NB15: A comprehensive data set for network intrusion detection systems,” in Proc. Military Communications and Information Systems Conf., 2015, pp. 1–6.

K. P. Murphy, Machine Learning: A Probabilistic Perspective. Cambridge, MA, USA: MIT Press, 2012.

M. T. Ribeiro, S. Singh, and C. Guestrin, “Why should I trust you? Explaining the predictions of any classifier,” in Proc. 22nd ACM SIGKDD Int. Conf., 2016, pp. 1135–1144.

S. T. Zargar, J. Joshi, and D. Tipper, “A survey of defense mechanisms against distributed denial-of-service (DDoS) flooding attacks,” IEEE Communications Surveys & Tutorials, vol. 15, no. 4, pp. 2046–2069, 2013.

Downloads

Published

2026-05-31

How to Cite

Nigmandjanovich, B. S. (2026). An Agent-Oriented Adaptive Machine Learning Framework for Bias-Aware DDoS Attack Identification. Central Asian Journal of Innovations on Tourism Management and Finance, 7(3), 394–405. https://doi.org/10.51699/cajitmf.v7i3.1321

Issue

Vol. 7 No. 3 (2026): July

Section

Articles

License

Copyright (c) 2026 Bekov Sanjar Nigmandjanovich

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

In submitting the manuscript to the Central Asian Journal of Innovations on Tourism Management and Finance, the authors certify that:

  • They are authorized by their co-authors to enter into these arrangements.
  • The work described has not been formally published before, except in the form of an abstract or as part of a published lecture, review, thesis, or overlay journal.
  • That it is not under consideration for publication elsewhere,
  • The publication has been approved by the author(s) and by responsible authorities – tacitly or explicitly – of the institutes where the work has been carried out.
  • They secure the right to reproduce any material that has already been published or copyrighted elsewhere.
  • They agree to the following license and copyright agreement.

License and Copyright Agreement

Authors who publish with Central Asian Journal of Innovations on Tourism Management and Finance agree to the following terms:

  1. Authors retain copyright and grant the Central Asian Journal of Innovations on Tourism Management and Finance right of first publication with the work simultaneously licensed under Creative Commons Attribution License (CC BY 4.0) that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this journal.
  2. Authors can enter into separate, additional contractual arrangements for the non-exclusive distribution of the Central Asian Journal of Innovations on Tourism Management and Finance published version of the work (e.g., post it to an institutional repository or edit it in a book), with an acknowledgment of its initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) before and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.