Random Forest and LLM Synergies Framework for Autonomous DDoS Mitigation
DOI:
https://doi.org/10.52436/1.jutif.2026.7.1.5300Keywords:
Agentic AI Framework, Autonomous DDoS Mitigation, Closed-Loop Security, Cognitive Agent, Large Language Models, Machine LearningAbstract
Modern Distributed Denial of Service (DDoS) attacks increasingly evade traditional defenses, and while Machine Learning (ML) has improved detection accuracy, a critical challenge remains in bridging detection with effective automated mitigation. This paper introduces a novel framework centered on a cognitive agent that synergistically combines high-speed ML detection with the advanced reasoning capabilities of a Large Language Model (LLM) for autonomous DDoS mitigation. The proposed architecture operates as a closed-loop security system. Following a data preprocessing phase that includes one-hot encoding and Standard Scaling (z-score normalization), a fine-tuned Random Forest model was identified as the optimal detector with 95.99% accuracy on the UNSW-NB15 dataset, which in turn triggers the LLM-based agent. This agent autonomously generates both human-readable incident explanations and machine-executable mitigation commands. Crucially, all generated commands undergo a syntax and logic validation step before execution to ensure operational integrity. Empirical results demonstrate the framework's efficacy, achieving a complete end-to-end detection-to-mitigation cycle in 24.20 seconds. This work validates that the unified approach presents a viable and transparent paradigm, contributing to the field of cybersecurity by enhancing automated mitigation and analytical processes through responsive and intelligent defense mechanisms.
Downloads
References
S. M. Syifa Munawarah, Kurniabudi, and Eko Arip Winanto, “Deteksi Serangan DDoS SYN Flood Pada Jaringan Internet of Things (IoT) Menggunakan Metode Deep Neural Network (DNN),” J. Inform. Dan Rekayasa KomputerJAKAKOM, vol. 4, no. 1, pp. 982–991, Apr. 2024, doi: 10.33998/jakakom.2024.4.1.1710.
D. Firdaus, F. Fahira, and R. Rianti, “DETEKSI ANOMALI DAN SERANGAN LOW RATE DDOS DALAM LALU LINTAS JARINGAN MENGGUNAKAN NAIVE BAYES,” Naratif J. Nas. Ris. Apl. Dan Tek. Inform., vol. 5, no. 2, pp. 140–148, Dec. 2023, doi: 10.53580/naratif.v5i2.208.
M. Ilman Aqilaa, D. Firdaus, and N. Naofal, “Identifikasi Serangan Lowrate Distributed Denial Of Services Dalam Jaringan Dengan Menggunakan Algoritma Adaboost,” Simpatik J. Sist. Inf. Dan Inform., vol. 3, no. 1, pp. 34–41, June 2023, doi: 10.31294/simpatik.v3i1.1829.
S. Joses, S. Quinevera, R. Mardianto, D. Yulvida, and A. M. Shiddiqi, “Pendekatan Metode Ensemble Learning untuk Deteksi Serangan DDoS menggunakan Soft Voting Classifier,” J. Edukasi Dan Penelit. Inform. JEPIN, vol. 10, no. 1, p. 79, Apr. 2024, doi: 10.26418/jp.v10i1.73241.
Y. Xie, “Machine learning-based DDoS detection for IoT networks,” Appl. Comput. Eng., vol. 29, no. 1, pp. 99–107, Dec. 2023, doi: 10.54254/2755-2721/29/20230972.
A. A. Alahmadi et al., “DDoS Attack Detection in IoT-Based Networks Using Machine Learning Models: A Survey and Research Directions,” Electronics, vol. 12, no. 14, p. 3103, July 2023, doi: 10.3390/electronics12143103.
M. A. Owaid and A. S. Hammoodi, “Evaluating Machine Learning and Deep Learning Models for Enhanced DDoS Attack Detection,” Math. Model. Eng. Probl., vol. 11, no. 2, pp. 493–499, Feb. 2024, doi: 10.18280/mmep.110221.
M. S. Raza, M. N. A. Sheikh, I.-S. Hwang, and M. S. Ab-Rahman, “Feature-Selection-Based DDoS Attack Detection Using AI Algorithms,” Telecom, vol. 5, no. 2, pp. 333–346, Apr. 2024, doi: 10.3390/telecom5020017.
B. Goparaju and Dr. B. S. Rao, “A DDoS Attack Detection using PCA Dimensionality Reduction and Support Vector Machine,” Int. J. Commun. Netw. Inf. Secur. IJCNIS, vol. 14, no. 1s, pp. 01–08, Jan. 2023, doi: 10.17762/ijcnis.v14i1s.5586.
Zerin Hasan Sahosh, Azraf Faheem, Marzana Bintay Tuba, Md. Istiaq Ahmed, and Syed Anika Tasnim, “A Comparative Review on DDoS Attack Detection Using Machine Learning Techniques,” Malays. J. Sci. Adv. Technol., pp. 75–83, Mar. 2024, doi: 10.56532/mjsat.v4i2.208.
A. Purnomo, A. Kurniasih, A. Nuarminah, and S. Hartati, “Peran Artificial Intelligence dalam Deteksi Dini Ancaman Keamanan Jaringan,” J. Minfo Polgan, vol. 13, no. 2, pp. 2044–2048, Dec. 2024, doi: 10.33395/jmp.v13i2.14356.
K. Handayani and E. Erni, “PENERAPAN LIGHT GRADIENT BOOSTING DALAM PREDIKSI RASIO KLIK TAYANG,” JATI J. Mhs. Tek. Inform., vol. 7, no. 1, pp. 13–18, Jan. 2023, doi: 10.36040/jati.v7i1.6010.
B. Pernama and H. D. Purnomo, “Analisis Risiko Pinjaman dengan Metode Support Vector Machine, Artificial Neural Network dan Naïve Bayes,” J. JTIK J. Teknol. Inf. Dan Komun., vol. 7, no. 1, pp. 92–99, Jan. 2023, doi: 10.35870/jtik.v7i1.693.
N. Mamuriyah, S. E. Prasetyo, and A. O. Sijabat, “Rancangan Sistem Keamanan Jaringan dari serangan DDoS Menggunakan Metode Pengujian Penetrasi,” J. Teknol. Dan Sist. Inf. Bisnis, vol. 6, no. 1, pp. 162–167, Jan. 2024, doi: 10.47233/jteksis.v6i1.1124.
I. Rahmadaniar, D. A. A. Tondang, B. S. Fernando, and A. Setiawan, “Implementasi Firewall Menggunakan Iptables untuk Melindungi Server dari Serangan DDoS,” J. Internet Softw. Eng., vol. 1, no. 3, p. 10, June 2024, doi: 10.47134/pjise.v1i3.2564.
L. Bagdadi and B. Messabih, “Distributed denial of service attacks classification system using features selection and ensemble techniques,” Indones. J. Electr. Eng. Comput. Sci., vol. 34, no. 3, p. 1868, June 2024, doi: 10.11591/ijeecs.v34.i3.pp1868-1878.
E. Deni̇Z and S. Serttaş, “Deep learning-based distributed denial of service detection system in the cloud network,” J. Sci. Rep.-A, no. 055, pp. 16–33, Dec. 2023, doi: 10.59313/jsr-a.1333839.
USA and A. Aluwala, “Mitigating DDoS Attacks via AI Detection and SDN Response,” J. Artif. Intell. Cloud Comput., vol. 2, no. 4, pp. 1–5, Dec. 2023, doi: 10.47363/JAICC/2023(2)E151.
W. I. Khedr, A. E. Gouda, and E. R. Mohamed, “FMDADM: A Multi-Layer DDoS Attack Detection and Mitigation Framework Using Machine Learning for Stateful SDN-Based IoT Networks,” IEEE Access, vol. 11, pp. 28934–28954, 2023, doi: 10.1109/ACCESS.2023.3260256.
J. Wang, L. Wang, and R. Wang, “A Method of DDoS Attack Detection and Mitigation for the Comprehensive Coordinated Protection of SDN Controllers,” Entropy, vol. 25, no. 8, p. 1210, Aug. 2023, doi: 10.3390/e25081210.
Jain(Deemed-to-be University) and S. Pandey, “Surveying Emerging Trends in DDoS Defense,” INTERANTIONAL J. Sci. Res. Eng. Manag., vol. 08, no. 05, pp. 1–5, May 2024, doi: 10.55041/IJSREM34483.
M. Nas, F. Ulfiah, and U. Putri, “Analisis Sistem Security Information and Event Management (SIEM) Aplikasi Wazuh pada Dinas Komunikasi Informatika Statistik dan Persandian Sulawesi Selatan,” J. Teknol. Elekterika, vol. 20, no. 2, p. 92, Nov. 2023, doi: 10.31963/elekterika.v20i2.4536.
W. P. Putra, R. Burjulius, M. A. Al Hilmi, and A. Sumarudin, “Implementasi Sistem Manajemen Log untuk Penanggulangan Serangan Server dengan SIEM,” IKRA-ITH Inform. J. Komput. Dan Inform., vol. 8, no. 3, pp. 23–30, Oct. 2024, doi: 10.37817/ikraith-informatika.v8i3.4359.
M. R. T. Hidayat, N. Widiyasono, and R. Gunawan, “OPTIMASI DETEKSI MALWARE PADA SIEM WAZUH MELALUI INTEGRASI CYBER THREAT INTELLIGENCE DENGAN MISP DAN DFIR-IRIS,” J. Inform. Dan Tek. Elektro Terap., vol. 13, no. 1, Jan. 2025, doi: 10.23960/jitet.v13i1.5686.
P. Purwanti, “Visualisasi Data Cyber Security Attack Dengan Fitur Prediksi Serangan Dan Mitigasi Risiko:Perspektif Generative Gemini AI,” J. Minfo Polgan, vol. 13, no. 2, pp. 2340–2350, Jan. 2025, doi: 10.33395/jmp.v13i2.14453.
M. Q. Syahputra, D. R. Akbi, and D. Risqiwati, “Deteksi Dan Mitigasi Serangan DDoS Pada Software Defined Network Menggunakan Algoritma Decision Tree,” J. Repos., vol. 2, no. 11, p. 1491, Dec. 2020, doi: 10.22219/repositor.v2i11.795.
A. Tantoni, M. T. A. Zaen, and Y. Yuliadi, “PENERAPAN VLAN DALAM MITIGASI SERANGAN DDOS PADA OLT HSGQ DAN ROUTER MIKROTIK,” J. Inform. Teknol. Dan Sains Jinteks, vol. 6, no. 2, pp. 298–305, June 2024, doi: 10.51401/jinteks.v6i2.4137.
D. Aryani and E. D. Absharina, “Mitigasi Risiko Cybercrime Terhadap Keamanan Sistem Komputasi Awan Pada Perusahaan,” J. Cakrawala Akad., vol. 1, no. 4, pp. 1365–1373, Dec. 2024, doi: 10.70182/JCA.v1i4.27.
V. Gustina Dm and A. Ananda, “Kecerdasan Buatan untuk Security Orchestration, Automation and Response: Tinjauan Cakupan,” J. Komput. Terap., vol. 10, no. 1, pp. 36–47, June 2024, doi: 10.35143/jkt.v10i1.6247.
A. Januantoro and S. Supangat, “DETEKSI SERANGAN JARINGAN KOMPUTER BERBASIS SNORT DENGAN INTEGRASI NOTIFIKASI REAL-TIME MELALUI TELEGRAM,” J. Mnemon., vol. 8, no. 1, pp. 100–105, Mar. 2025, doi: 10.36040/mnemonic.v8i1.12175.
T. Syaiful Huda and S. Subektiningsih, “Analisis Keamanan Jaringan Komputer Menggunakan Metode IDS dan IPS dengan Notifikasi Telegram: Computer Network Security Analysis Using IDS and IPS Methods with Telegram Notifications,” Indones. J. Comput. Sci., vol. 13, no. 1, Jan. 2024, doi: 10.33022/ijcs.v13i1.3505.
H. Alturkistani and S. Chuprat, “Artificial Intelligence and Large Language Models in Advancing Cyber Threat Intelligence: A Systematic Literature Review,” Nov. 27, 2024, In Review. doi: 10.21203/rs.3.rs-5423193/v1.
Z. Li, X. Wang, and Q. Zhang, “Evaluating the Quality of Large Language Model-Generated Cybersecurity Advice in GRC Settings,” June 21, 2024, In Review. doi: 10.21203/rs.3.rs-4608321/v1.
S. M. Taghavi and F. Feyzi, “Using Large Language Models to Better Detect and Handle Software Vulnerabilities and Cyber Security Threats,” May 21, 2024, In Review. doi: 10.21203/rs.3.rs-4387414/v1.
F. Wang, “Using Large Language Models to Mitigate Ransomware Threats,” Nov. 08, 2023, Open Science Framework. doi: 10.31219/osf.io/mzsnh.
T. Wang, X. Xie, L. Zhang, C. Wang, L. Zhang, and Y. Cui, “ShieldGPT: An LLM-based Framework for DDoS Mitigation,” in Proceedings of the 8th Asia-Pacific Workshop on Networking, Sydney Australia: ACM, Aug. 2024, pp. 108–114. doi: 10.1145/3663408.3663424.
I. K. Prasetya, M. Ahsan, M. Mashuri, and M. H. Lee, “Multivariate Robust MRCD Based Hotelling’s T2 Control Chart with Bootstrap Control Limit for Intrusion Detection,” Dec. 27, 2023, Computer Science and Mathematics. doi: 10.20944/preprints202312.2062.v1.
X. Tong, C. Zhang, J. Wang, Z. Zhao, and Z. Liu, “Dark-Forest: Analysis on the Behavior of Dark Web Traffic via DeepForest and PSO Algorithm,” Comput. Model. Eng. Sci., vol. 135, no. 1, pp. 561–581, 2023, doi: 10.32604/cmes.2022.022495.
Y. S. Kuruba Manjunath, “Network Traffic Classification for Internet of Things Based on Deep Learning Models”. Toronto Metropolitan University, 29-Aug-2023, doi: 10.32920/24050748.v1.
C.-N. Hang, P.-D. Yu, R. Morabito, and C.-W. Tan, “Large Language Models Meet Next-Generation Networking Technologies: A Review,” Future Internet, vol. 16, no. 10, p. 365, Oct. 2024, doi: 10.3390/fi16100365.
Y. Alotaibi and M. Ilyas, “Ensemble-Learning Framework for Intrusion Detection to Enhance Internet of Things’ Devices Security,” Sensors, vol. 23, no. 12, p. 5568, June 2023, doi: 10.3390/s23125568.
M. Hebbaka Shivanajappa, R. Maidanahalli Seetharamaiah, B. Viswaraju Sai, A. Jakkanahally Siddegowda, and V. Kuppanna Rajuk, “An Intrusion Detection System against RPL-based Routing Attacks for IoT Networks,” Indones. J. Electr. Eng. Comput. Sci., vol. 34, no. 2, p. 1324, May 2024, doi: 10.11591/ijeecs.v34.i2.pp1324-1335.
T. T. Atmojo and Y. N. Kunang, “Machine Learning-Based E-Archive for Archives Management of South Sumatra Province,” J. Inf. Syst. Inform., vol. 5, no. 4, pp. 1491–1507, Dec. 2023, doi: 10.51519/journalisi.v5i4.566.
V. Z. Mohale and I. C. Obagbuwa, “A systematic review on the integration of explainable artificial intelligence in intrusion detection systems to enhancing transparency and interpretability in cybersecurity,” Front. Artif. Intell., vol. 8, p. 1526221, Jan. 2025, doi: 10.3389/frai.2025.1526221.
C. Chen et al., “Application of GA-WELM Model Based on Stratified Cross-Validation in Intrusion Detection,” Symmetry, vol. 15, no. 9, p. 1719, Sept. 2023, doi: 10.3390/sym15091719.
J. Shaikh, Y. A. Butt, and H. F. Naqvi, “Effective Intrusion Detection System Using Deep Learning for DDoS Attacks,” Asian Bull. Big Data Manag., vol. 4, no. 1, Mar. 2024, doi: 10.62019/abbdm.v4i1.113.
C.-S. Shieh, F.-A. Ho, M.-F. Horng, T.-T. Nguyen, and P. Chakrabarti, “Open-Set Recognition in Unknown DDoS Attacks Detection With Reciprocal Points Learning,” IEEE Access, vol. 12, pp. 56461–56476, 2024, doi: 10.1109/ACCESS.2024.3388149.
U. D. Maiwada, K. U. Danyaro, A. Sarlan, M. S. Liew, A. Taiwo, and U. I. Audi, “Energy efficiency in 5G systems: A systematic literature review,” Int. J. Knowl.-Based Intell. Eng. Syst., vol. 28, no. 1, pp. 93–132, Mar. 2024, doi: 10.3233/KES-230061.
H. M. S. Saleeh, H. Marouane, and A. Fakhfakh, “A Novel Deep Learning Approach for Detecting Types of Attacks in the NSL-KDD Dataset,” Babylon. J. Netw., vol. 2024, pp. 171–181, Sept. 2024, doi: 10.58496/BJN/2024/017.
J. F. Loevenich, E. Adler, T. Hürten, F. Spelter, D. Roncevic, and R. R. F. Lopes, “Automating Cyber Threat Intelligence and Attack Chain Generation using Cyber Security Knowledge Graphs and Large Language Models,” in 2025 International Conference on Military Communication and Information Systems (ICMCIS), Oerias, Portugal: IEEE, May 2025, pp. 1–10. doi: 10.1109/ICMCIS64378.2025.11047951.
K. N. Meda et al., “Integrating Prompt Structures Using LLM Embeddings for Cybersecurity Threats,” in Proceedings of the 2025 ACM Southeast Conference, Southeast Missouri State University Cape Girardeau MO USA: ACM, Apr. 2025, pp. 180–187. doi: 10.1145/3696673.3723069.
M. T. Sandaruwan, J. Wijayanayake, and J. Senanayake, “Integrating Large Language Models for Automated Vulnerability Scanning and Reporting in Network Hosts,” in 2025 International Research Conference on Smart Computing and Systems Engineering (SCSE), Colombo, Sri Lanka: IEEE, Apr. 2025, pp. 1–7. doi: 10.1109/SCSE65633.2025.11031059.
Additional Files
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Romadhon Wiratama, Ananta Pirdhaus, Ellys Rahma Putri Bintoro, Zamah Sari, Syaifuddin
This work is licensed under a Creative Commons Attribution 4.0 International License.
