A Predictive Neural Network Architecture for Early Detection of Low-Rate Cyberattacks

Abstract

Low-Rate Denial of Service (LDoS) attacks pose a significant challenge to IoT networks due to their subtle and prolonged nature, often evading traditional intrusion detection systems. This paper presents IDQS (Intrusion Detection via QoS Prediction), a lightweight and proactive framework for early LDoS attack detection. IDQS integrates two new key components: (i) RTP-QoS, a Recurrent Trend Predictive Neural Network that learns and forecasts future Quality of Service (QoS) based on historical traffic patterns, and (ii) PDM, a Pairwise Decision Model that evaluates discrepancies between predicted and actual QoS to identify potential attacks. Evaluated on the public SDN-SlowRate-DDoS and CIC-IDS2017 datasets, IDQS respectively achieves over 79% and 91% detection accuracy across most attack scenarios with high recall and low false negatives, while maintaining an end-to-end inference time of just 0.28 seconds. The results demonstrate the effectiveness and efficiency of IDQS for real-time deployment in resource-constrained IoT environments.