Hybrid-Pipeline-Based Detection and Classification of HTTP Slow Denial-of-Service Attacks Using Radial Basis Function Neural Networks

Abstract

Detecting denial of service traffic remains challenging when malicious sessions exhibit flow characteristics that closely resemble benign network behavior, particularly in low-rate attack settings. This study examines whether autoencoder-based feature compression can improve flow-based intrusion detection while maintaining a deployment-oriented design. We develop a lightweight pipeline that learns a low-dimensional latent representation of tabular flow features using an autoencoder and performs classification using Random Forest, LightGBM, and a radial basis function neural network. Using the CICIDS 2017 dataset, the best performing configurations achieve 99.43 percent accuracy with autoencoder plus Random Forest and 99.39 percent with autoencoder plus LightGBM, while autoencoder plus radial basis function neural network achieves 98.27 percent, with consistently strong precision, recall, and F1-score. The findings support practice by showing that high detection performance can be achieved using compact learned features that reduce input complexity for downstream models, which is beneficial for operational monitoring environments. The study advances knowledge by providing a reproducible evaluation of representation learning as a feature compression step for tabular intrusion detection, and by linking model performance to measurable computational considerations relevant to real-world deployment.

1. Introduction

The Internet has evolved into a powerful tool for collaboration and communication. Currently, web-based platforms are becoming one of the most popular ways to offer services, such as banking, financial, cloud-based, and citizen services, as they enable users to access these services without geographical restrictions [1]. This also means that denial-of-service (DoS) attacks against the web servers, which adversaries usually utilize to interfere with or prevent legitimate users from accessing the services, could be disastrous [2]. DoS attacks are attacks on availability in which the attacker overloads the server with unsolicited requests. Among slow DoS attacks, one common type primarily targets server and application resources by gradually introducing small amounts of valid traffic. That is to say, such a slow DoS attack consumes little bandwidth and generates minimal traffic. Moreover, it uses a valid connection during the attack. Due to its extremely low traffic flow, a slow DoS attack can be initiated with fewer machines and fewer connections compared to distributed DoS (DDoS) attacks [2]. All these indicate that slow DoS traffic usually appears authentic. As a result, it is challenging for conventional defensive tools to differentiate between slow DoS attacks and regular traffic and to eliminate them [3]. Prior work spans machine learning classifiers, deep neural models, and hybrid pipelines. In this paper, we adopt a hybrid pipeline in which a neural network autoencoder is used only for unsupervised feature extraction, while detection is performed by lightweight machine learning classifiers. Here, deep learning refers to multi-layer neural architectures trained end-to-end for prediction, while our use of a neural network is limited to representation learning via an autoencoder. Random forest (RF), decision trees (DTs), and support vector machines (SVMs) have demonstrated high detection accuracy but often rely heavily on manual feature selection and show limited adaptability in dynamic environments [4,5].

Different techniques, as summarized in Table 1, have been investigated in recent years to identify slow DoS attacks, with Slowloris and slowhttptest specifically targeting HTTP application layers. These techniques, each with pros and cons, can be roughly divided into the following four categories.

• ML-based detection methods: ML has been applied to detect DoS and slow DoS attacks in software-defined networks (SDNs). Although an accuracy of up to 99.8% was achieved by utilizing RF and Dimensionality Reduction (DR), RF exhibited limited scalability [6]. The C4.5 Decision Tree implementation (J48) was found to be efficient for slow DoS detection with a low computational cost; however, the authors also emphasized that careful feature selection is necessary [7]. Using J48, RF, and PART, these methods were further evaluated on publicly available datasets [8]. Despite showing high accuracy, the hazards of overfitting remained a problem to be addressed. K-Nearest Neighbors (KNNs) were demonstrated to be efficient, especially in low-dimensional environments [9]; however, similar to RF, their scalability was also limited. Luong et al. [10] demonstrated that naive Bayes is advantageous for initial detection; however, its accuracy is degraded in complex circumstances.
• DL-based detection methods: The ability of LSTM models to detect slow DoS attacks was investigated based on the CSE-CIC-IDS2018 dataset, achieving up to 99% accuracy by capturing temporal patterns but requiring high computational costs [11]. The hybrid CNN-LSTM model can further enhance spatial and temporal feature extraction, achieving comparable accuracy. However, it also led to a higher complexity, which makes it difficult to deploy real-time applications. A Multilayer Perceptron (MLP)-based method achieved an accuracy level of ~99% across various attack types [12]. Such flexibility is desirable; however, its efficiency and temporal awareness are unsatisfactory in high-dimensional data. Although they were susceptible to parameter adjustment, RBFNN offered 95.78% accuracy with effective nonlinear pattern recognition. With the combination of autoencoders to enhance feature learning, its accuracy was further improved to 98%; however, the multi-stage architecture of such a combined model also posed scalability limitations [13].
• Hybrid and ensemble approaches: Feature engineering is capable of increasing classifier efficiency and accuracy while reducing the computing burden by focusing on pertinent features. Yet manual engineering may make it more difficult to respond to new assaults [11]. Although clustering techniques may yield more false positives for unknown attack types, dimensionality reduction techniques like Principal Component Analysis (PCA), when paired with Density-Based Spatial Clustering of Applications with Noise (DBSCAN), can contribute to effective anomaly detection [14]. To overcome their high processing requirements and tuning complexity, stacked autoencoders combined with RBFNNs enabled accurate classification through dimensionality reduction [5]. Despite the vast preprocessing required, this kind of feature and model optimization strategies resulted in increased processing efficiency and accuracy (up to 99.93%) [4]. Feature ranking, integrated with J48 and RF, also attained equivalent accuracy with reduced costs on complex datasets, albeit with constrained adaptability to emerging threats [15]. A multilayered classification strategy based on SVM and RF demonstrated an enhanced ability to differentiate attack types and reduced false alarms [16]. However, frequent updates were required, resulting in a heavier computational burden.
• Threshold-based and heuristic methods: By applying a heuristic threshold-based technique to selectively disconnect connections lasting longer than a predefined time threshold, its resilience against slow HTTP DoS attacks was confirmed [17]. This lightweight technique is resource-efficient and straightforward, making it suitable for environments with limited resources. However, fixed thresholds may struggle to detect adaptive or complex patterns of slow DoS attacks due to their limited flexibility. By optimizing server parameters, prevention tactics for slow HTTP attacks were investigated and verified to be resource-efficient and feasible against common slow DoS attacks [18]. However, such a static configuration requires more adaptable solutions to manage complex or changing threats due to its limited flexibility [19].
• Recent Research: Researchers are investigating diverse methodologies for identifying slow-rate and low-intensity denial-of-service (DoS) attacks, which are challenging to detect due to their resemblance to legitimate network activity. Kemp et al. [20] developed a machine learning framework for identifying application-layer DoS attacks by utilizing diverse datasets and employing PCA for feature reduction to enhance classification accuracy. Vladov et al. [21] presented a neural network-based methodology for detecting low-intensity DDoS attacks, enhancing detection accuracy. Chen et al. [22] proposed a feature-driven framework for the effective detection of slow HTTP DoS attacks. Recent studies show that low-rate DDoS attacks can evade traditional detection systems that utilize network traffic volume to recognize attacks [23]. Therefore, researchers are employing diverse learning techniques to uncover such kinds of attacks. Abu Al-Haija et al. [24] have developed a resilient intrusion detection framework to counteract adversarial attacks on low-rate DDoS detection systems. This shows that different types of adversarial attacks can get past standard intrusion detection systems. In the same vein, Droos et al. [25] developed a lightweight intrusion detection framework for LR-DDoS attacks in software-defined IoT networks. To evaluate their framework, they employed the LR-DDoS-2022 dataset to test the performance of J48, Naive Bayes, and Logistic Regression algorithms in detecting LR-DDoS attacks. They reported detecting LR-DDoS attacks with a small number of features, achieving very high accuracy [26].

  Table 1. Summary of related studies on identifying slow DoS attacks.

  Reference	Method	Key Limitations	Identified Gap
  Zhang et al. (2022) [3]	RF	Requirement of heavy feature engineering; limited adaptability	Need for automated feature extraction
  Gogoi et al. (2022) [26]	LSTM	High computational cost; unsuitable for real-time use	Need for lightweight models
  Kurnaz et al. (2019) [5]	Autoencoder + RBFNN	Complex multi-stage framework; low scalability	Need for simplified hybrid models
  Butt HA et al. (2026) [4]	ML + Ensemble (RF, KNN, XGBoost) with Dynamic Feature Selection	Dependence on SDN-specific dataset; evaluation limited to controlled SDN environments	Need for cross-domain validation and lightweight deployment in heterogeneous, non-SDNs.
  Ahmed et al. (2023) [27]	MLP DL	Parameter sensitivity; limited interpretability	Need for explainable and stable models
  Luong et al. (2020) [10]	ML (RF and DT)	Limited dataset diversity	Need for robust cross-dataset validation
  Nugraha et al. (2020) [28]	DL in SDN	Computational overhead	Need for efficiency in real-time settings
  Kemp et al. (2023) [20]	ML classifiers + PCA	Dependence on handcrafted features	Need for automated feature learning
  Vladov et al. (2025) [21]	Hybrid neural network (CNN + Transformer)	High model complexity	Need for lightweight models
  Chen et al. (2025) [22]	Feature-driven slow HTTP DoS detection	Manual feature design	Need for automated feature extraction
  Bocu et al. (2026) [23]	ML-based low-rate DDoS detection	Focus on general DDoS	Need for HTTP slow-attack classification
  Abu Al-Haija et al. (2025) [24]	GAN-based adversarial IDS evaluation	Focus on attack evasion	Need for robust detection models
  Droos et al. (2024) [25]	ML-based IDS (J48, NB, Logistic Regression) for LR-DDoS in SD-IoT	Evaluated on a limited dataset and binary classification only	Need for multi-class deep learning detection

  Table 1. Summary of related studies on identifying slow DoS attacks.

  Reference	Method	Key Limitations	Identified Gap
  Zhang et al. (2022) [3]	RF	Requirement of heavy feature engineering; limited adaptability	Need for automated feature extraction
  Gogoi et al. (2022) [26]	LSTM	High computational cost; unsuitable for real-time use	Need for lightweight models
  Kurnaz et al. (2019) [5]	Autoencoder + RBFNN	Complex multi-stage framework; low scalability	Need for simplified hybrid models
  Butt HA et al. (2026) [4]	ML + Ensemble (RF, KNN, XGBoost) with Dynamic Feature Selection	Dependence on SDN-specific dataset; evaluation limited to controlled SDN environments	Need for cross-domain validation and lightweight deployment in heterogeneous, non-SDNs.
  Ahmed et al. (2023) [27]	MLP DL	Parameter sensitivity; limited interpretability	Need for explainable and stable models
  Luong et al. (2020) [10]	ML (RF and DT)	Limited dataset diversity	Need for robust cross-dataset validation
  Nugraha et al. (2020) [28]	DL in SDN	Computational overhead	Need for efficiency in real-time settings
  Kemp et al. (2023) [20]	ML classifiers + PCA	Dependence on handcrafted features	Need for automated feature learning
  Vladov et al. (2025) [21]	Hybrid neural network (CNN + Transformer)	High model complexity	Need for lightweight models
  Chen et al. (2025) [22]	Feature-driven slow HTTP DoS detection	Manual feature design	Need for automated feature extraction
  Bocu et al. (2026) [23]	ML-based low-rate DDoS detection	Focus on general DDoS	Need for HTTP slow-attack classification
  Abu Al-Haija et al. (2025) [24]	GAN-based adversarial IDS evaluation	Focus on attack evasion	Need for robust detection models
  Droos et al. (2024) [25]	ML-based IDS (J48, NB, Logistic Regression) for LR-DDoS in SD-IoT	Evaluated on a limited dataset and binary classification only	Need for multi-class deep learning detection

1.1. Our Contributions

• We propose a lightweight hybrid intrusion detection framework that combines unsupervised feature extraction via autoencoders with powerful classifiers (RBFNN, Random Forest, and LightGBM) to accurately detect and mitigate HTTP slow DoS attacks, while eliminating the need for manual feature engineering.
• We present an extensive experimental evaluation demonstrating that the proposed framework achieves up to 99.39% detection accuracy with reduced computational overhead, validated through cross-validation, per-class accuracy analysis, and multiple performance metrics.
• We provide an efficient and scalable detection pipeline suitable for dynamic and real-time environments, effectively addressing deployment challenges and balancing the trade-offs between accuracy, latency, memory usage, and scalability.

1.2. Paper Structure

The remainder of this paper is organized as follows. Section 2 describes HTTP low-and-slow DoS attacks and their main variants. Section 3 presents the proposed detection methodology and system workflow, and outlines the experimental setup, which includes dataset preparation, feature extraction, model training, and evaluation metrics. Section 4 discusses experimental results and performance analysis. Finally, Section 5 concludes the paper and outlines future research directions.

2. Low-and-Slow DoS Attacks on HTTP

The application layer is the target of slow DoS attacks, which send very slow, legitimate traffic. A common characteristic of slow DoS attacks is that their real processing load is quite low despite the servers having multiple connected clients. Being a widely utilized application layer protocol on the Internet, HTTP is now frequently the subject of slow DoS attacks [7]. Currently, Slowloris attack, Slow Post Office Style Transfer (POST) attack, and slow read attack are the common slow DoS attacks that target HTTP.

i.

Slowloris attack: This attack targets web servers by sending partial HTTP requests slowly and deliberately, thereby creating many connections. The attacker maintains control of these connections and prevents the server from ending them by sending headers regularly. As the server devotes resources to numerous open connections and eventually hits its connection limit, this extended interaction with the server causes resource depletion [9].

ii.

Slow POST attack: In a slow POST attack, the attacker uses a legitimate HTTP POST method by setting a very high value for the “content-length” field in the request. Upon receiving this request, the server allocates the necessary resources to process the specified content-length data. Later, the client sends the data extremely slowly, resulting in a prolonged open connection on the server [27,28,29].

iii.

Slow read attack: In a slow read attack, the client sends legitimate HTTP requests to the server and reads the response at a very slow rate. The attacker prevents the server from resetting the connection by setting the zero-window size in the packet. Upon receiving the packet with zero window size, the server considers that the client is reading the data and keeping the connection open [27].

Obviously, different from volumetric attacks, which are often easy to detect due to abnormal traffic spikes, slow DoS attacks operate under the radar by maintaining low traffic levels while strategically exhausting server resources [29]. These attacks have increasingly targeted industries such as e-commerce, healthcare, and financial services, resulting in substantial downtime and financial losses. Therefore, slow DoS attacks are gaining increasing attention due to their stealthy nature and devastating impact on web-based services. One critical challenge in combating these attacks is their ability to mimic legitimate user behavior, making signature-based and threshold-based detection mechanisms largely ineffective [10]. Moreover, attackers frequently adapt their strategies by varying request intervals, using encrypted traffic, or distributing attacks through botnets to further evade detection systems. Also, analyzing flow-level behavior, such as request timing patterns and connection states, can help differentiate malicious sessions from genuine user traffic.

Hybrid approaches that combine traffic profiling with ML have also been proven effective in identifying subtle anomalies without causing false positives [5]. Even so, a universal, lightweight solution that performs accurately across different server environments remains elusive. In addition, the growing availability of automated attack tools, such as Slowloris and slowhttptest, which enable even unskilled attackers to launch sophisticated slow DoS campaigns, further increases the risk for organizations without advanced mitigation strategies in place. An illustration of the slow DoS attack traffic and regular traffic is shown in Figure 1. The figure shows how the zones form normal traffic and slow DoS traffic overlap when considering the traffic volume and transmission speed. Here, the overlap indicates similarity in observable flow characteristics, not the proportion of normal traffic affected by the attack. This overlap makes it challenging to differentiate slow DoS attacks from regular traffic.

3. Methodology

Figure 2 illustrates the detailed research phases, which primarily comprise data acquisition, data preprocessing, feature extraction, model training, and performance evaluation.

3.1. Data Preparation

As one of the most comprehensive publicly available datasets for intrusion detection, the CIC IDS 2017 dataset, generated by the Canadian Institute for Cybersecurity (CIC), was used to train and evaluate the proposed slow DoS detection framework [19]. Its data is stored in CSV format and includes traffic generated using tools such as Hping, GoldenEye, HTTP Unbearable Load King (HULK), and Slowloris. These tools emulate different types of DoS and DDoS attacks on a victim server from multiple sources, creating a realistic threat landscape. After collecting the required data-related network traffic information from the CIC IDS 2017 dataset, it was preprocessed using cleaning, label encoding, normalization, and balancing to ensure the dataset’s quality, consistency, and suitability for model training and evaluation. The corresponding preprocessing steps are as follows:

• Cleaning: The dataset was examined for missing or null values. The records with incomplete or missing critical fields were removed to maintain the integrity and reliability of the data used in the experiments. The records containing null values in essential flow features were also removed because they were non-recoverable and closely tied to protocol-level behaviors. Imputing such values would introduce artificial patterns into the traffic distribution, reducing the reliability of the subsequent classification models. Since the proportion of discarded records was very small relative to the total dataset, their removal had no material impact on the class distributions or the statistical representativeness of the experimental data.
• Class balancing: To balance the dataset, we applied simple random sampling within each class. After the minimum class size was determined, an equal number of instances were randomly selected from each class without replacement. This method ensures unbiased selection, as every record in a given class has an equal probability of being chosen. Oversampling techniques, such as the Synthetic Minority Oversampling Technique (SMOTE), were intentionally avoided because they generate synthetic feature vectors that may distort timing-based and protocol-level characteristics in flow data. Since the autoencoder depends on learning the genuine traffic distribution, the introduction of artificial samples could lead to unstable latent representations or overly optimistic classification results. The number of instances for each class was adjusted based on the minimum class frequency, resulting in a balanced dataset containing 5499 samples. The Heartbleed class was excluded due to its insufficient records (only 11 instances), which would make no valuable contribution to the model’s training or evaluation. We downsample the BENIGN class to mitigate extreme class imbalance and to prevent the classifiers from being dominated by majority class patterns. This choice also reduces training time and allows controlled comparison across models. However, because downsampling can remove legitimate traffic variability, we treat the balanced setting as a controlled evaluation scenario rather than a direct estimate of real-world base rate performance.
• Label encoding: Categorical variables, such as attack categories, were transformed into numerical labels using the LabelEncoder function from scikit-learn, ensuring compatibility with ML algorithms.
• Normalization: Continuous numerical features were scaled to 0 to 1 using min–max normalization. This step mitigated the risk of features with larger numeric ranges dominating the learning process, thereby improving model convergence during training.
• Dataset splitting: The processed dataset was divided into training (80%) and testing (20%) subsets. This partitioning strategy ensured that the model was trained on a substantial portion of the data while reserving an adequate portion for unbiased evaluation, thereby supporting robust performance assessment and minimizing overfitting.

3.2. Feature Extraction and Model Training

The autoencoder was designed to perform unsupervised feature extraction and dimensionality reduction on the CIC IDS 2017 dataset before classification. The architecture comprises a symmetrical, fully connected feed-forward network with three encoding and decoding layers. The network was trained for 50 epochs with a batch size of 64 using the Adam optimizer (learning rate = 0.001) and mean squared error (MSE) as the loss function. Early stopping was applied with a patience of 10 epochs to prevent overfitting. As shown in Figure 3, the original 77-dimensional input was compressed into a compact 10-dimensional latent vector, capturing the most salient traffic characteristics while filtering out redundant or noisy information. These latent features were then used to train the RBFNN, RF, and LightGBM classifiers, aiming at achieving a balance between accuracy, efficiency, and interpretability for flow-based data from the CIC IDS 2017 dataset. Because RBFNN can effectively capture nonlinear traffic patterns with fast convergence and low noise sensitivity, RF can provide robust performance on high-dimensional features with minimal tuning and clear interpretation of feature importance. LightGBM, on the other hand, offers high accuracy and fast execution through optimized gradient boosting with reduced memory use. In this work, the autoencoder is the only neural component, and it is not used as the final classifier. We do not evaluate end-to-end deep models, such as CNN or LSTM, as the inputs are tabular flow features, and our objective is a lightweight detector with low inference latency.

• Out-of-distribution handling: The proposed pipeline is primarily supervised. The autoencoder is used for feature compression, and classification is performed by the downstream classifier. In the current implementation, reconstruction error is not used in the decision rule. Consequently, the system does not provide a dedicated unknown class output for zero-day attacks, and out-of-distribution samples may be assigned to the closest known class.

  Figure 3. Autoencoder architecture and training configuration.

  Figure 3. Autoencoder architecture and training configuration.

3.3. Performance Metrics

The metrics, including accuracy, precision, specificity, recall, and F1-score, were used to evaluate the detection performance. In addition, three kinds of detection latency were also considered to assess the detection quality and operational efficiency of the proposed system, ensuring it performs reliably in practical deployment scenarios [19]. Because the detection latency measures the average time taken by the classifier to identify an attack after receiving input traffic, it characterizes the real-time suitability. By defining the quantity of accurately anticipated slow DoS attack traffic entries as true positive (TP), the number of benign traffic entries that were accurately predicted as true negative (TN), the number of benign traffic entries anticipated to be slow DoS attack traffic entries as false positive (FP), and the number of slow DoS attack traffic entries projected to be benign as false negative (FN), accuracy in classification problems can be calculated as the ratio of accurate predictions to all predictions and formulated by

$$\mathrm{Accuracy}={\displaystyle \frac{\mathrm{TP}+\mathrm{TN}}{\mathrm{TP}+\mathrm{TN}+\mathrm{FP}+\mathrm{FN}}}$$

$$\mathrm{Precision}={\displaystyle \frac{\mathrm{TP}}{\mathrm{TP}+\mathrm{FP}}}$$

$$\mathrm{Specificity}={\displaystyle \frac{\mathrm{TN}}{\mathrm{TN}+\mathrm{FP}}}$$

$$\mathrm{Recall}={\displaystyle \frac{\mathrm{TP}}{\mathrm{TP}+\mathrm{FN}}}$$

$$\mathrm{F}1\text{-}\mathrm{score}={\displaystyle \frac{2\mathrm{TP}}{2\mathrm{TP}+\mathrm{FP}+\mathrm{FN}}}$$

Correspondingly, precision is the ratio of accurately detected slow DoS attack traffic entries to all expected slow DoS attack traffic entries. Specificity is the ratio of accurately detected benign traffic entries to the total number of benign traffic entries occurring. Recall is the percentage of the total number of slow DoS attack traffic entries divided by the number of correctly detected slow DoS attack traffic entries. F1-score is a performance metric that computes the harmonic mean of precision and recall to balance both values.

3.4. Hyperparameter Optimization

A dual-metric strategy that considers both accuracy and F1-score was used to optimize hyperparameters. Accuracy captures overall performance on the class-balanced dataset, while the F1-score ensures that precision and recall remain strong for all attack categories. This combined criterion prevents overfitting to a single metric and ensures that the selected configurations perform reliably across all classes. To ensure optimal model performance, all classifiers were fine-tuned using systematic parameter search methods on the CIC IDS 2017 dataset. A grid search with five-fold cross-validation was employed to identify the best parameter combinations for each classifier.

• RBFNN: The number of hidden centers, spread (σ), and regularization coefficient (λ) were tuned. The optimal configuration was found at 2000 centers per layer, $\sigma =1.5$, and $\lambda =1\times 10^{-8}$. Achieving the best trade-off between accuracy and training time.
• RF: The number of trees ($n_{\mathrm{estimators}}\in \left\{\mathrm{100,200,300}\right\}$), maximum depth (${\mathit{max}}_{\mathrm{depth}}\in \left\{\mathrm{10,20,30}\right\}$), and minimum samples per split (${\mathit{min}}_{\mathrm{samples}\_\mathrm{split}}\in \left\{\mathrm{2,4},6\right\}$) were evaluated. The configuration with 100 estimators achieved high accuracy (99.39%) with low variance and stable performance, making it suitable for highly efficient detection of slow DoS attacks.
• LightGBM: The parameters, including the number of leaves ($n_{\mathrm{leaves}}\in \left\{\mathrm{31,63,127}\right\}$), learning rate ($r_{\mathrm{learning}}\in \left\{\mathrm{0.01,0.05,0.1}\right\}$), and regularization terms (${\lambda }_{11},{\lambda }_{12}\in \left\{\mathrm{0,0.1,0.5}\right\}$) were tuned. The optimal setup with $n_{\mathrm{leaves}}=63$, $r_{\mathrm{learning}}=0.05$, ${\lambda }_{11}=0.1$, and ${\lambda }_{12}=0.1$ achieved the best accuracy-to-speed balance.
• The grid search was executed on the training subset (80% of the total data), and the final models were retrained on the entire training set with the selected hyperparameters. This systematic tuning process ensured that each classifier was optimized for accuracy and computational efficiency before evaluation.

4. Results and Analysis

To illustrate the significance of data balancing, the dataset class distributions before and after the balancing process are compared, as shown in Figure 4.

The following subsections show the evaluated results of the classification performance of three ML models: RBFNN, RF, and LightGBM.

• Confusion matrix: As shown in the confusion matrix of RBFNN Figure 5a, the DoS HULK attack was perfectly identified in almost all instances, with 1095 correct predictions out of 1097 and minimal misclassifications. Similarly, the DoS GoldenEye and DoS slowhttptest attacks were correctly categorized with scores of 1079 and 1072, respectively. Additionally, RBFNN performs well in recognizing innocuous traffic, resulting in 1060 out of 1080 accurate predictions. Figure 5b shows that the RF model correctly identified 1065 instances of “DoS Slowloris”. However, it did make some mistakes, such as classifying five of those as “DoS HULK”, three as “DoS GoldenEye”, two as “DoS slowhttptest”, and three as “benign”. Similar results were also obtained for the other classes. For LightGBM, as shown in Figure 5c, robust performance was exhibited. Notably, it accurately identifies most instances of each class, with minimal misclassifications. This indicates that LightGBM is superior at distinguishing between various network activities, which is essential for effective cybersecurity measures.

  Figure 5. Confusion matrices of (a) RBFNN, (b) RF, and (c) LightGBM.

  Figure 5. Confusion matrices of (a) RBFNN, (b) RF, and (c) LightGBM.
• Accuracy: The performance results obtained with RBFNN, RF, and LightGBM are summarized in Table 2. Notably, the RBFNN achieved an overall accuracy of 98.27%. All five classes (labeled as Class 0 to Class 4) consistently exhibited superior performance, as evidenced by the precision, recall, and F1-score for each class, which ranged from 0.97 to 1.00. Class 1 had a perfect recall of 1.00, indicating that no false negatives occurred. The RF model achieved an accuracy of 99.39% using an 80:20 dataset split for training and testing, respectively. For the reported macro avg. and weighted avg. at the bottom of the table, the calculations were performed using the following equations, in which C represents the number of classes, Mi represents the metric computed for class i, N represents the total number of samples, and Ni represents the number of true samples in class i. It can be observed that the RF performance is superior to that of the RBFNN. In terms of LightGBM, it indeed achieved an exciting result but did not generalize well to unseen data.

  $$\mathrm{Macro} \mathrm{avg}.={\displaystyle \frac{1}{\mathrm{C}}}\times \sum Mi \mathrm{Weighted} \mathrm{avg}.={\displaystyle \frac{1}{\mathrm{N}}}\times \sum \left(Ni\times Mi\right)$$

  Table 2. Performance results of RBFNN, RF, and LightGBM.

  Class	RBFNN				RF				LightGBM				Support
  	Precision	Recall	F1-Score	Accuracy	Precision	Recall	F1-Score	Accuracy	Precision	Recall	F1-Score	Accuracy
  0	0.98	0.97	0.98	0.97	0.99	0.99	0.99	0.99	0.99	0.99	0.99	0.99	1076
  1	0.98	1.00	0.99	0.99	0.99	1.00	0.99	0.99	0.99	1.00	1.00	0.99	1097
  2	0.98	0.98	0.98	0.98	0.99	1.00	1.00	0.99	1.00	0.99	0.99	0.99	1097
  3	0.98	0.98	0.98	0.98	1.00	1.00	1.00	0.99	0.99	0.99	0.99	0.99	1095
  4	0.98	0.98	0.98	0.98	1.00	1.00	1.00	0.99	1.00	0.99	1.00	0.99	1080
  Macro avg.	0.98	0.98	0.98		0.99	0.99	0.99		0.99	0.99	0.99		5445
  Weighted avg.	0.98	0.98	0.98		0.99	0.99	0.99		0.99	0.99	0.99		5445

  Table 2. Performance results of RBFNN, RF, and LightGBM.

  Class	RBFNN				RF				LightGBM				Support
  	Precision	Recall	F1-Score	Accuracy	Precision	Recall	F1-Score	Accuracy	Precision	Recall	F1-Score	Accuracy
  0	0.98	0.97	0.98	0.97	0.99	0.99	0.99	0.99	0.99	0.99	0.99	0.99	1076
  1	0.98	1.00	0.99	0.99	0.99	1.00	0.99	0.99	0.99	1.00	1.00	0.99	1097
  2	0.98	0.98	0.98	0.98	0.99	1.00	1.00	0.99	1.00	0.99	0.99	0.99	1097
  3	0.98	0.98	0.98	0.98	1.00	1.00	1.00	0.99	0.99	0.99	0.99	0.99	1095
  4	0.98	0.98	0.98	0.98	1.00	1.00	1.00	0.99	1.00	0.99	1.00	0.99	1080
  Macro avg.	0.98	0.98	0.98		0.99	0.99	0.99		0.99	0.99	0.99		5445
  Weighted avg.	0.98	0.98	0.98		0.99	0.99	0.99		0.99	0.99	0.99		5445

• Cross-validation: Figure 6 shows the K-fold cross-validation accuracy results for the LightGBM model. Its accuracy was consistently high across all folds, with values ranging from 0.99 to 1.00. These findings demonstrate that the LightGBM model is robust and generalizable, indicating that its performance remains consistent and dependable across various dataset subsets. This consistency further supports the model’s feasibility for intrusion detection tasks within the suggested framework. Similar cross-validation was also applied to the RBFNN and RF models, using the same training and testing partitions as LightGBM to ensure a fair and unbiased comparison among classifiers. Each fold used 80% of the data for training and 20% for validation, and the results were averaged to obtain the final performance metrics. The results are summarized in Table 3. All models achieved stable and consistent accuracy across each fold. This confirms the robustness of the results and the absence of overfitting bias. The similarity in fold-to-fold accuracy also demonstrates that all three classifiers generalize well across different dataset splits. Incorporating cross-validation for each model eliminates potential evaluation bias and ensures that the reported performance metrics are directly comparable.

  Figure 6. K-fold cross-validation results of LightGBM.

  Figure 6. K-fold cross-validation results of LightGBM.

  Table 3. Cross-validation results of all three models.

  Model	Accuracy for Each Fold					Mean Accuracy
  	Fold-1	Fold-2	Fold-3	Fold-4	Fold-5
  RBFNN	0.98	0.97	0.98	0.98	0.98	0.98
  RF	0.99	0.99	0.99	0.99	1.00	0.99
  LightGBM	0.99	1.00	0.99	1.00	0.99	0.99

  Table 3. Cross-validation results of all three models.

  Model	Accuracy for Each Fold					Mean Accuracy
  	Fold-1	Fold-2	Fold-3	Fold-4	Fold-5
  RBFNN	0.98	0.97	0.98	0.98	0.98	0.98
  RF	0.99	0.99	0.99	0.99	1.00	0.99
  LightGBM	0.99	1.00	0.99	1.00	0.99	0.99

• Per-class accuracy: Figure 7 displays the classification accuracy of each type by using RBFNN, RF, and LightGBM, where each bar represents a different type of attack, the bar height indicates how many instances in that type were correctly classified, and the number above each bar gives the exact accuracy for that type. From Figure 7a, high accuracy exceeding 0.98 is achieved for DoS GoldenEye, DoS slowhttptest, and benign traffic. An accuracy of greater than 0.96 is obtained for DoS Slowloris, and even perfect accuracy (1.00) is demonstrated for DoS HULK. The results demonstrate the viability of the RBFNN model to distinguish between different types of attacks and regular traffic, with low classification errors in each category. Figure 7b shows that RF has an accuracy level of 0.99 for DoS Slowloris, indicating that 99% of instances in this category were correctly identified. Moreover, RF correctly identified every instance in the categories of DoS HULK, DoS GoldenEye, DoS slowhttptest, and benign, with all scoring a perfect value of 1.00. Such excellent accuracy across the board indicates that the RF model performs exceptionally well in identifying and distinguishing these types of attacks. Correspondingly, the per-class accuracy of the LightGBM model is illustrated in Figure 7c for benign and four DoS attacks (Slowloris, HULK, GoldenEye, and slowhttptest). Although slightly inferior to that of RF, they have remarkably high accuracy scores, ranging from 0.99 to 1.00, which are obtained among all classes, with flawless accuracy for DoS HULK.

  Figure 7. Per-class accuracy of (a) RBFNN, (b) RF, and (c) LightGBM.

  Figure 7. Per-class accuracy of (a) RBFNN, (b) RF, and (c) LightGBM.
• Sensitivity analysis: A sensitivity analysis was performed by altering the regularization parameter (λ) and the number of centers in the hidden layers ($n_{\mathrm{center}\_\mathrm{layer}1}$ and $n_{\mathrm{center}\_\mathrm{layer}2}$) to assess the robustness of the proposed RBFNN-based classifier. Table 4 summarizes the effects of these hyperparameters on computing efficiency and model accuracy. With the number of centers decreasing from 2000 to 300, the training time is significantly reduced, while the accuracy decreases from 98.27% to 95.84%. This means that fewer centers may be unable to capture the intricacy of the data fully. On the other hand, employing bigger networks with 2000 centers per layer contributes to higher accuracy but comes at a higher computational cost, where more than 200 s is required for training. Based on Table 4, we can conclude that increasing the center number benefits improving accuracy but leads to longer training times. Proper tuning of the regularization parameter is crucial for avoiding overfitting while maintaining strong generalization. While simpler models train faster, they compromise on detection accuracy. Considering the trade-off between the computational cost and performance, an ideal balance between accuracy and training efficiency may be achieved with 2000 centers per layer and a regularization parameter of $1\times 10^{-8}$. This hyperparameter combination ensures the model’s robustness for practical applications, demonstrating its suitability for deployment in real-world intrusion detection systems.

  Table 4. Sensitivity analysis of RBFNN hyperparameters.

  $\mathbf{Configuration} ({\mathit{n}}_{\mathbf{center}\_\mathbf{layer}1}$$, {\mathit{n}}_{\mathbf{center}\_\mathbf{layer}2}$, λ)	Training Time (s)	Accuracy (%)	F1-Score
  300, 10, $1\times 10^{-4}$	~40	95.84	0.95
  400, 100, $1\times 10^{-4}$	~120	96.73	0.96
  2000, 2000, $1\times 10^{-8}$	~200	98.27	0.98

  Table 4. Sensitivity analysis of RBFNN hyperparameters.

  $\mathbf{Configuration} ({\mathit{n}}_{\mathbf{center}\_\mathbf{layer}1}$$, {\mathit{n}}_{\mathbf{center}\_\mathbf{layer}2}$, λ)	Training Time (s)	Accuracy (%)	F1-Score
  300, 10, $1\times 10^{-4}$	~40	95.84	0.95
  400, 100, $1\times 10^{-4}$	~120	96.73	0.96
  2000, 2000, $1\times 10^{-8}$	~200	98.27	0.98

• Sensitivity to BENIGN downsampling:
  Because the CICIDS 2017 traffic is highly imbalanced, we downsampled the BENIGN class in the main experiments to reduce majority class dominance and to enable controlled model comparisons. However, aggressive downsampling can remove legitimate traffic variability and may oversimplify the classification task. To test whether our findings are sensitive to the representation of benign traffic, we reran the full pipeline while keeping the attack class counts fixed and varying only the number of BENIGN instances. Specifically, we evaluated three settings: BENIGN equals 5450, as in the balanced baseline; a moderate setting where BENIGN equals 50,000; and a larger setting where BENIGN equals 100,000.

Table 5. Sensitivity analysis to BENIGN downsampling.

BENIGN Size	Model	Accuracy	Precision	F1-Score
5450	Encoder + RF	99.72	99.72	99.68
5450	Encoder + LightGBM	99.54	99.54	99.53
5450	Encoder + RBFNN	99.09	98.28	98.67
50,000	Encoder + RF	99.94	99.92	99.92
50,000	Encoder + LightGBM	99.70	99.83	99.76
50,000	Encoder + RBFNN	99.89	99.78	99.83
100,000	Encoder + RF	99.97	99.95	99.95
100,000	Encoder + LightGBM	99.83	99.91	99.87
100,000	Encoder + RBFNN	99.94	99.89	99.91

reports the resulting performance across the three classifiers. The key pattern is that performance remains high and does not deteriorate when the benign sample is expanded. In fact, accuracy and F1-score increase as BENIGN size grows for all models, indicating that the pipeline is not relying on an overly simplified benign subset. Random Forest remains the strongest performer across all settings, improving from 0.99728 accuracy at BENIGN equals 5450 to 0.99970 at BENIGN equals 100,000. LightGBM shows the same stability, increasing from 0.99546 to 0.99835. The largest gains are observed for RBFNN, which rises from 0.99092 to 0.99945, consistent with the idea that richer benign variation can help the latent representation separate subtle boundary cases more effectively. Overall, these results provide evidence that the main conclusions are robust to the BENIGN downsampling level and that the balanced evaluation does not appear to artificially inflate performance by removing legitimate traffic variance.

• Reconstruction Error as an Out of Distribution Trigger:
  Although the proposed framework is evaluated as a supervised detector for the known CICIDS 2017 classes, the autoencoder component can also provide a simple out-of-distribution proxy signal through reconstruction error. To examine this possibility, we conducted an auxiliary experiment in which reconstruction error was used as a secondary anomaly trigger. The autoencoder was trained on the training split only, and a threshold was selected using the BENIGN portion of a held-out validation split. Specifically, we set the trigger threshold to the 99th percentile of BENIGN validation reconstruction errors, which yielded a threshold of 0.074027. Samples with reconstruction error above this threshold were flagged as out of distribution.
  Applying this trigger to the test split produced a low overall flag rate of 0.74 percent. The BENIGN flag rate was 1.03 percent, which can be interpreted as a proxy false positive rate under this thresholding rule. However, the non-benign flag rate was 0.23 percent, indicating that reconstruction error alone is not a strong anomaly detector for the majority of attack traffic in this dataset under a BENIGN-calibrated threshold. This is further reflected in the binary confusion matrix, where the trigger yields 116 true positives and 910 false positives, with 50,419 false negatives. These results suggest that many attack flows remain well reconstructed by the autoencoder, likely because their tabular feature patterns overlap with normal traffic in the learned representation.
  The class level flag rates provide additional insight. Heartbleed is always flagged, which is consistent with the expectation that a rare and underrepresented pattern may fall outside the dominant training distribution. In contrast, the highest flag rate among the included DoS attacks is observed for DoS Slowhttptest at 5.55 percent, whereas other DoS variants are rarely flagged, with rates below 1 percent and as low as 0.06 percent for DoS Hulk. Overall, this analysis indicates that reconstruction error can highlight highly distinct or rare traffic patterns, but it should not be interpreted as a reliable zero-day detector in the current setting. In this work, reconstruction error is therefore treated as an optional auxiliary signal for flagging unusual samples rather than a primary detection mechanism, and comprehensive open set evaluation remains an important direction for future research.
• Analysis of latent features learned by the autoencoder: To explore the dimension influence of the latent features in the autoencoder, different sizes of the bottleneck layer (5, 10, 15, and 20 features) were studied while keeping all other parameters fixed, based on the CIC IDS 2017 dataset with the RBFNN classifier. The results show that the mean square reconstruction changes by 0.0002 when the number of features is varied. On the other hand, the accuracy of the models varies significantly, with the lowest-performing model (i.e., RBFNN) achieving an accuracy range of 88% to 98% and reaching its highest value for 15 features. Table 5 presents a comparative performance analysis of our proposed technique with other related works. While these works did not precisely utilize the autoencoder, they address DoS attacks using the same dataset but with different techniques. To better understand the internal representations produced by the autoencoder, we examined how the original features contribute to the 15-dimensional latent space. Since the latent variables ($z1,z2,\dots ,z15$) do not correspond directly to specific input features, they were analyzed through perturbation-based contribution scoring and low-dimensional visualization. First, we assessed the sensitivity of the reconstruction loss to controlled perturbation of individual input features, where features whose alteration produced the largest increase in the reconstruction error are interpreted as having the greatest influence on the latent representation. The results indicate that flow duration, packet timing patterns, and connection-level byte statistics contribute most to the compressed space. This is consistent with the behavioral nature of slow-rate HTTP DoS attacks. Second, we applied t-distributed Stochastic Neighbor Embedding (t-SNE) to visualize the latent space in two dimensions, as shown in Figure 8. The resulting axes of component 1 and component 2 represent nonlinear embeddings of the latent variables, rather than individual traffic attributes. Even so, the projection clearly separates benign traffic from various types of slow-rate DoS attacks. It confirms that the autoencoder successfully captures discriminative structural patterns even in the absence of explicit feature engineering.
• Analysis of runtime and performance cost: We define computational cost using three indicators. Training cost is measured as wall clock training time in seconds. Deployment cost is measured as wall clock inference latency in seconds per 1000 samples and peak memory usage in MB during inference. All measurements are collected on the same machine and reported as averages across repeated runs. We did not use CPU utilization as a primary metric because it varies with background load. We, therefore, rely on latency, throughput, and memory usage, which are more reproducible indicators of deployment cost. The runtime and memory were analyzed to evaluate the feasibility of deploying the proposed models in practical environments, as shown in Table 5. Training time and inference latency were measured on an Intel i7 12,700 CPU with 16 GB RAM. The Autoencoder plus RBFNN pipeline required the longest training time at about 380 s, while Autoencoder plus RF and Autoencoder plus LightGBM trained faster at about 180 s and 155 s, respectively. Inference latency remained low for all pipelines at 0.021 s, 0.018 s, and 0.017 s per 1000 samples, respectively. These results indicate that the proposed pipelines are suitable for low-latency monitoring, with LightGBM providing the best overall balance between speed and memory usage. Table 6 reports the computational cost of the proposed pipeline using four measurable indicators: wall clock training time, inference latency, peak memory usage during inference, and serialized model size. We report inference in two forms to remove ambiguity. End-to-end inference time measures the full deployment path, including the encoder forward pass that generates the latent features and the subsequent classifier prediction, reported as seconds per 1000 samples. Classifier-only inference time measures prediction time when the classifier is applied to pre-extracted latent vectors, isolating the classification step. The results show that training cost varies substantially across classifiers, with Autoencoder plus Random Forest requiring the longest training time, followed by Autoencoder plus LightGBM, while Autoencoder plus RBFNN trains quickly. At inference, all pipelines remain low latency, but the encoder contributes a nontrivial share of end-to-end time, which explains why classifier-only latency is markedly lower than end-to-end latency. LightGBM provides the most favorable overall balance between end-to-end latency, memory footprint, and model size, whereas Random Forest incurs the largest storage cost due to the ensemble size. Together, these measurements support the deployment-oriented motivation of the framework by quantifying the speed and resource trade-offs rather than relying on qualitative scalability claims.

  Figure 8. Two-dimensional t-SNE projection of the 15-dimensional latent representation learned by the autoencoder.

  Figure 8. Two-dimensional t-SNE projection of the 15-dimensional latent representation learned by the autoencoder.

  Table 6. Analysis results of runtime and performance cost.

  Model	Training Time (s) Mean ± SD	End-to-End Inference (s per 1000) Mean ± SD	Classifier-Only Inference (s per 1000) Mean ± SD	Peak Memory Usage (MB)	Model Size (MB)
  Autoencoder training	280.303 ± 19.306				0.092
  Autoencoder + RF	334.455 ± 5.247	1.487 ± 0.097	0.627 ± 0.011	1.068	78.589
  Autoencoder + LightGBM	46.13 ± 0.688	0.980 ± 0.037	0.153 ± 0.002	0.683	7.207
  Autoencoder + RBFNN	2.317 ± 0.403	0.808 ± 0.035	0.006 ± 0.002	1.283	2.121

  Table 6. Analysis results of runtime and performance cost.

  Model	Training Time (s) Mean ± SD	End-to-End Inference (s per 1000) Mean ± SD	Classifier-Only Inference (s per 1000) Mean ± SD	Peak Memory Usage (MB)	Model Size (MB)
  Autoencoder training	280.303 ± 19.306				0.092
  Autoencoder + RF	334.455 ± 5.247	1.487 ± 0.097	0.627 ± 0.011	1.068	78.589
  Autoencoder + LightGBM	46.13 ± 0.688	0.980 ± 0.037	0.153 ± 0.002	0.683	7.207
  Autoencoder + RBFNN	2.317 ± 0.403	0.808 ± 0.035	0.006 ± 0.002	1.283	2.121

• Comparison to other related works: Table 7 compares the accuracy performance of our hybrid models against previously reported IDS studies on CIC IDS 2017, which clearly shows that the proposed models achieve competitive performance. More importantly, our models have a lower computational cost in terms of inference latency and memory footprint, measured as wall clock inference time per 1000 samples and peak memory usage in MB. It is worth noting that perfect accuracy has been achieved by applying strong oversampling and extensive feature engineering to specialized subsets of traffic [4]. However, these settings are not suitable for real-time deployment, where class imbalance, evolving attack patterns, and resource constraints are unavoidable. In contrast, our method achieves comparable accuracy by utilizing an autoencoder to automatically distill the most salient signals, thereby eliminating the need for manual feature selection. Moreover, purely supervised neural models, such as [7], may struggle with interpretability or real-time constraints. At the same time, our layered approach provides both fast inference and clear insight into which patterns trigger alarms. All of these indicate that integrating unsupervised feature learning with both sequence-based and ensemble methods provides a balanced, high-performance solution that outperforms specialized, single-technique detectors.

  Table 7. Comparison of our proposed method with other related works.

  Reference	Method	Accuracy (%)
  Zhang et al. (2022) [3]	RF	94.30%
  Oyucu et al. (2024) [17]	Decision Tree-based Ensemble Learning	95.2%
  Behal et al. (2016) [7]	CNN on log-image representations	96.10%
  Tang C. et al. (2023) [18]	Hybrid ML approach combining K-Means clustering + SVM	98.7%
  Yungaicela-Naula et al. (2023) [11]	Reinforcement Learning (RL)	91.21%
  Luong et al. (2020) [10]	DT	89.50%
  Butt HA et al. (2026) [4]	ML + Ensemble Learning (RF, KNN, XGBoost) with Dynamic Feature Selection in SDN	~99 (RF, KNN), ~98 (XGBoost)
  This study	Autoencoder + RF	99.39%
  	Autoencoder + RBFNN	98.27%
  	Autoencoder + LightGBM	99.39%

  Table 7. Comparison of our proposed method with other related works.

  Reference	Method	Accuracy (%)
  Zhang et al. (2022) [3]	RF	94.30%
  Oyucu et al. (2024) [17]	Decision Tree-based Ensemble Learning	95.2%
  Behal et al. (2016) [7]	CNN on log-image representations	96.10%
  Tang C. et al. (2023) [18]	Hybrid ML approach combining K-Means clustering + SVM	98.7%
  Yungaicela-Naula et al. (2023) [11]	Reinforcement Learning (RL)	91.21%
  Luong et al. (2020) [10]	DT	89.50%
  Butt HA et al. (2026) [4]	ML + Ensemble Learning (RF, KNN, XGBoost) with Dynamic Feature Selection in SDN	~99 (RF, KNN), ~98 (XGBoost)
  This study	Autoencoder + RF	99.39%
  	Autoencoder + RBFNN	98.27%
  	Autoencoder + LightGBM	99.39%

• Computational cost and scalability comparison with prior work: Many recent studies on slow or low-rate DoS focus on detection accuracy, while practical criticism increasingly emphasizes deployability, throughput, and resource cost. To support the deployment-oriented discussion in this paper, we report explicit computational measurements for our pipeline and contextualize them against representative approaches in the literature.

Table 8. Computational cost and scalability comparison with representative prior work.

Study and Method	Data Representation and Model Family	Cost Metrics	Hardware Disclosure	Scalability Notes and Main Cost Driver
This study: Encoder + RF, LightGBM, RBFNN	Flow features. Autoencoder feature compression plus supervised classifier	Measured training time and inference latency. End-to-end inference per 1000 samples: 1.487 s (Random Forest), 0.980 s (LightGBM), 0.808 s (RBFNN). Classifier only inference per 1000 samples: 0.627 s, 0.153 s, 0.006 s. Peak memory during inference: 1.068 MB, 0.683 MB, 1.283 MB. Model size: 78.589 MB, 7.207 MB, 2.121 MB.	Fully specified in the runtime section of this paper	Inference scales linearly with the number of flows. Encoding adds a fixed per-flow cost and explains the gap between end-to-end and classifier-only timing. Storage differs substantially across classifiers.
Chen et al. (IEA DMS) [22]	High-speed monitoring. Sampling-aware sketch plus interpretable features and detector	Reported detection within 2 min under sampling with low memory usage. Reported processing performance of 13.1 million packets per second and ability to process long traffic periods without clearing memory.	NR in a directly comparable table format	Designed for high-speed packet processing. Cost dominated by sketch updates and feature recording rather than heavy model inference.
Bocu and Iavich (FLD DDoS) [23]	Packet stream modeling. Federated learning with Bi LSTM and drift handling	Reported sub-second latency and stated linear time complexity for core algorithms	NR in a directly comparable table format	Scalability driven by distributed training and streaming deployment. Cost dominated by recurrent inference and federated coordination.
Kemp et al. (PCA plus classical learners) [20]	NetFlow features plus PCA dimensionality reduction plus classical classifiers	NR for timing and memory. Discusses flow level representation as smaller storage and faster parsing than packet captures	NR in a directly comparable table format	Emphasizes scalability benefit of flow records for storage and processing. Cost depends on feature extraction and chosen learner.
Vladov et al. (combined neural system) [21]	Statistical filter plus neural modules, including convolution, transformer, autoencoder, and calibrated regressor	NR for timing and memory in the available summary. Focus is on detection metrics, calibration, and forensic artifacts	NR in a directly comparable table format	Multi-stage design. Deep modules typically increase compute needs. Scalability depends on temporal modeling and multi-module inference.
Abu Al-Haija et al. (adversarial robustness study) [24]	Deep models plus GAN-generated adversarial examples for low-rate DDoS IDS stress testing	NR for deployment cost. Focus is on evasion success and robustness analysis	NR in a directly comparable table format	Highlights that adversarial testing can add compute cost during evaluation. Not a deployment cost study.

presents two layers of evidence. First, for our pipeline, we measure training time, inference latency, memory usage, and model size under a fully specified protocol. We report inference latency in two forms: end-to-end latency includes encoder forward pass plus classifier prediction, which reflects deployment where latent features are not pre-computed; classifier-only latency applies the classifier to pre-extracted latent vectors and isolates the cost of the supervised model. Inference remains low latency across all evaluated pipelines, but encoding contributes a nontrivial portion of end-to-end time, which explains the gap between end-to-end and classifier-only timing. Storage footprint varies substantially across classifiers, with Random Forest requiring the largest serialized size and LightGBM providing a favorable balance between speed, memory, and storage.

Second, we summarize computational and scalability statements reported by prior work when such information is provided. Methods designed for high-speed environments often prioritize streaming feature extraction and compact data structures. Sketch-based systems can achieve very high packet processing throughput with low memory usage, targeting a different operational point than an encoder plus classifier pipeline. Other studies emphasize distributed training and drift handling, where scalability depends on distributed coordination and recurrent model inference. Several works using flow features and dimensionality reduction motivate scalability qualitatively by noting that flow records reduce storage and processing relative to packet captures, although wall clock inference measurements are not always reported.

Because hardware, traffic representation, and measurement protocols differ across papers, cross-paper timing comparisons are inherently approximate. For this reason, we avoid claiming universal cost superiority. Instead, we provide measured cost indicators for our pipeline and situate them within the spectrum of reported design choices in the literature. The evidence supports the defensible claim that the proposed encoder plus classifier approach offers a low-latency and low-memory deployment option for flow-based monitoring, while specialized high-speed systems may achieve much higher throughput under different feature and detection paradigms.

5. Conclusions

This paper evaluates a lightweight detection pipeline for DoS traffic in which an autoencoder compresses tabular flow features into a low-dimensional latent representation and a supervised classifier performs the final decision. On CICIDS 2017, the best configurations achieve 99.43 percent accuracy with Autoencoder plus Random Forest and 99.39 percent with Autoencoder plus LightGBM, while Autoencoder plus RBFNN achieves 98.27 percent. The broader technical takeaway is that representation learning can serve as a practical feature compression step for flow-based intrusion detection, often preserving or improving performance without requiring complex end-to-end deep models.

For the wider community, the results support a deployment-oriented design choice: when attacks are subtle and resemble benign traffic in coarse statistics, compact learned features can help separate patterns while keeping inference simple. We report accuracy, precision, recall, and F1-score under a consistent evaluation pipeline, and we complement performance results with measured computational indicators, including wall clock training time, inference latency, and memory usage on a fixed hardware setup.

The main limitations are that the study relies on one benchmark dataset and one feature design, so generalization to other networks and attack variants is not guaranteed. In addition, preprocessing and class balancing choices may not reflect real-world base rates, which can affect false alarm behavior. Future work will validate the pipeline on additional datasets and real traffic captures, test robustness under distribution shift and time-based splits, and extend evaluation toward calibrated decision thresholds to control false positives in operational settings.