Optimization and comparison of Deep Learning architectures for multi class classification of DDoS attacks in enterprise networks

---

Résumé

This article presents an in-depth study aimed at optimizing and comparing several deep learning architectures for multi-class classification of DDoS attacks in enterprise
networks, using the CIC-DDoS2019 dataset. The methodological approach includes rigorous data preprocessing (normalization, encoding, balancing, stratified split) as well as
an experimental implementation of four models: DNN, CNN-1D, CNN-LSTM, and CNN-BiLSTM. The evaluation, based on metrics from the confusion matrix (Accuracy,
Precision, Recall, F1-score), reveals an average accuracy of approximately 80%, limited by the high similarity of signatures between certain attack subtypes (DrDoS-SNMP, DrDoS-NetBIOS, DrDoS-SSDP, DrDoS-LDAP, UDP-lag). The results demonstrate the superiority of hybrid architectures, particularly the CNN-LSTM model, which stands out for its
robustness, learning stability, and generalization capability with an accuracy of 86.20%. This architecture effectively captures local traffic patterns and temporal
dependencies, significantly improving multi-class detection. The article concludes by highlighting the operational relevance of CNN-LSTM for deployment in enterprise networks
and opens up avenues for integrating intelligent intrusion detection and protection (IDPS) systems, continuous learning on real-world data streams, and exploring advanced models such as attentional architectures.

Mots-clés

DDoS, intrusion detection, multi- class classification, Deep Learning, CNN-1D, CNN-LSTM, CNN-BiLSTM, CIC-DDoS2019.