A Hybrid Ensemble Deep Learning Models to Enhance the Cloud
Security to Mitigate the DOS Attacks
B. Vinothkumar, M. Dharani, M. Udhayakumar, Sowmiya S., Gowtham Kumar B. and Naveen R.
Department of Electronics and Communication Engineering, K.S.R. College of Engineering, Tiruchengode, Namakkal,
Tamil Nadu, India
Keywords: Cloud Security, Denial of Service, Deep Learning, Ensemble Models, Convolutional Neural Networks
(CNN), Recurrent Neural Network (RNN), Long Short‑Term Memory (LSTM), Cyber Threats.
Abstract: Aim: Enhancing cloud security through the development of a hybrid ensemble of deep learning models to
efficiently identify and counteract Denial of Service (DoS) assaults is the main goal of this research. Materials
and Method: In this research, there are two groups.: Group 1 (LSTM) and Group 2 (CNN) of 26 samples each
with a G Power of 80%, a threshold of 0.05, and a 95% confidence interval. Result: The CNN model
outperformed the LSTM model in accuracy, 92.56% to 96.74%, while the LSTM model ranged between
85.42% to 91.87%. In addition, CNN had lower false positive rates ranging from 2.87% to 4.14% compared
to LSTM, which had 4.32% to 6.89%. CNN also had a better stability, with a standard deviation of 1.6743,
whereas LSTM had 2.8567. Conclusion: These results confirm the effectiveness of CNN in DoS detection,
consistent with studies on cloud security and AI-based threat detection.
1 INTRODUCTION
The more dependency of business operations on cloud
computing, the more vulnerable it becomes to
cyberattacks, such as DoS attacks, which can cause
severe damage and drastically limit the services
provided while hindering the availability of the
system. In this regard, this research will be based on
the design of a hybrid ensemble deep learning model
in order to efficiently detect and mitigate DoS attacks
on cloud security systems. Although recent research
on cloud security has mainly been dominated by
traditional intrusion detection systems and machine
learning techniques, they do not help when the
complex large-scale attacks face the cloud
environment, according to studies conducted by S.
Kumar et al., (2021) and M. Ali et al., (2024) recently
vast potential has emerged in the improvement of deep
learning to develop attack detection capability into a
very advanced approach that operates with data, as
discussed in J. Shaikh et al., (2024), the standalone
models cannot address all the challenges of evolving
DoS attacks; hence, there is a need for a hybrid
ensemble approach that combines multiple deep
learning strengths to increase the accuracy of detection
and reduce false positives F. Alanazi et al., (2022) and
N. S. Jumaah and A. T. Ashkafaki (2024). Such
models find their applications in securing many cloud-
based services ranging from IaaS level to SaaS level
where mitigation of DoS attacks in time is an
important task that keeps the service uninterrupted and
builds trust.
2 RELATED WORKS
In the last five years alone, more than 250 articles on
this topic have been published through IEEE Xplore,
80 papers through Google Scholar, and 108 papers
through academia.edu. This growing literature
highlights the imperative need for practical solutions
in the domain of cyber threat detection and prediction
S. Haider et al., (2020). Various deep
learning techniques, especially convolutional neural
networks (CNNs), have recently been explored for
the improvement of accuracy and efficiency in DoS
attack predictions
For example, a comprehensive review of the
effectiveness of artificial intelligence and machine
learning approaches on cloud security solutions
shows that deep learning models can be used to
242
Vinothkumar, B., Dharani, M., Udhayakumar, M., S., S., B., G. K. and R., N.
A Hybrid Ensemble Deep Learning Models to Enhance the Cloud Security to Mitigate the DOS Attacks.
DOI: 10.5220/0013911200004919
Paper published under CC license (CC BY-NC-ND 4.0)
In Proceedings of the 1st International Conference on Research and Development in Information, Communication, and Computing Technologies (ICRDICCT‘25 2025) - Volume 4, pages
242-248
ISBN: 978-989-758-777-1
Proceedings Copyright © 2026 by SCITEPRESS Science and Technology Publications, Lda.
improve threat detection D. V. Alghazzawi et al.,
(2021). The idea of using deep learning for DoS
attack prediction has become popular, and researchers
have shown that CNNs can be used to analyze
network traffic and detect anomalies that may
indicate a threat. Deep learning in cloud security
attack prediction has recently demonstrated very
good performance in accuracy levels in identifying
many types of attacks S. Sadaf and J. Sultana (2020).
In addition, a survey of deep learning algorithms for
cloud security applications showed that these models
can drastically enhance the detection rate while
reducing false positives to the barest minimum
Bhardwaj et al., (2020). Deep learning techniques-
based methods for network attacks have also been
reviewed in depth to demonstrate the flexibility and
ability of such approaches in real-time monitoring
scenarios N. Chiba et al., (2020). Recent trends in
artificial and machine learning for the purpose of
cloud security show increasing complexity in
adapting evolving threats. The research developed a
new type of prediction system based on a cascaded
R2CNN model, revealing the potential advanced
architectures have for improving prediction accuracy
S. Zargar et al., (2021). Deep learning, as well as
CNNs, is used for analyzing complex network traffic
patterns for the detection of possible threats. Actual
performance for cascaded R2CNN, for comparison
with classical machine learning, is higher, with above
95% prediction accuracy rates together with real-time
detection speed; it also reduces false-positive rates
that avoid the wrong identification of legitimate
traffic T. Singh and K. Kumar (2021). These
parameters, therefore, indicate that advanced deep
learning techniques need to be adapted in the field of
cloud security for further more robust and effective
solutions for this increasingly connected digital
landscape Y. Chen and Y. Luo (2021).
From the existing findings, it can conclude that
typical machine learning algorithms are unable to
better accurately forecast cyberattacks. Therefore,
this paper aims at achieving better performance by
introducing a novel CNN architecture compared with
other conventional machine learning approaches.
3 MATERIALS AND METHODS
The dataset that has been used to generate this
prediction of cyberattacks in computer networks was
retrieved from the UNSW-NB15 dataset, which
included 2,540,044 records and 49 attributes with the
focus on analyzing and distinguishing between
normal and malicious network traffic. It is concluded
from this research that a secured deep learning model
based on CNNs will be developed to improve the
accuracy of predictions for DoS attacks.
3.1 Data Gathering and Pre-processing
UNSW-NB15 dataset covered normal traffic types as
well as several types of attack, i.e., DoS, DDoS and
probing attacks, K. Patel et al., (2022) so the key data
preprocessing is that it prepares high-quality as well
as appropriate datasets for training:
Data Cleaning: The particular missing values
were addressed through imputation
techniques, and irrelevant features were
removed to reduce dimensionality and
improve model performance.
Normalization: The numerical features were
normalized to a range of [0, 1] to ensure that
the model training was not biased by the scale
of the features.
For the purpose of enhancing model
performance and interpretability, significant
features were chosen on the basis of their
association with the target variable.
Group 1: Current Procedure (Traditional
Methods)
The control group employed traditional machine
learning techniques for cyberattack detection certain
methods which includes Decision Trees, Support
Vector Machines (SVM), and Random Forests. This
group consisted of 100,000 records from the dataset,
providing a statistically significant sample for
comparison. The above methods have been efficient
in detecting known attack patterns, they often
struggle with high-dimensional data and may not
generalize well to new, unseen attacks. Previous
studies have indicated that traditional methods can
achieve moderate accuracy (around 85-90%) but may
lack the robustness needed for evolving cyber threats
A. Rahman and S. A. Mian (2021).
Group 2: Proposed Method Deep Learning
Approach
The method proposed is based on a deep learning
framework, which would include the process of
extraction of spatial features by using CNNs and the
analysis of time trends of network traffic data through
LSTM networks. Such an approach may yield an
accuracy level much better than conventional
approaches.
Figure 1: The deep learning-based cyberattack
prediction model adopts a systematic pipeline
involving Convolutional Neural Networks (CNN) to
efficiently identify threats. The procedure is separated
A Hybrid Ensemble Deep Learning Models to Enhance the Cloud Security to Mitigate the DOS Attacks
243
into different stages starting from data preprocessing
to model testing and final prediction.
3.1.1 Data Preprocessing and Feature
Extraction
The model starts by capturing network traffic
information from databases such as NSL-KDD and
CICIDS2017. Raw data are preprocessed, involving
cleaning, normalization, and feature encoding, to
make them compatible with the CNN model.
Important network traffic parameters, such as packet
size, protocol type, and connection time, are extracted
to support high accuracy in attack detection.
3.1.2 CNN Model Structure
The CNN model for DoS attack prediction is
composed of a variety of layers performing different
operations. The Input Layer accepts preprocessed
network traffic data. Convolutional Layers extract
spatial information from various patterns in the
network traffic and detect the anomalies in the data
streams. Pooling Layers compress the dimensions but
retain crucial information, enhancing computational
efficiency. The Fully Connected Layers take the
features extracted and learn attack patterns as well as
distinguish between legitimate traffic and attacks.
The Soft max Layer then provides a probability
distribution, determining whether network traffic is
normal or an attack type.
3.1.3 Model Training and Evaluation
The features extracted are utilized to train the CNN
model, which is optimized using methodswhich is
RMSprop or Adam. To ensure robust detection
performance, the model is evaluated using accuracy,
precision, recall, and F1-score.
3.1.4 Cyber Attack Detection and Prediction
Once trained, the CNN model performs real-time
classification and detects cyber threats with high
precision. The process automates intrusion detection,
enhances network security, and reacts to evolving
cyber threats.
3.1.5 Future Upgrades
To further improve the detection accuracy, hybrid
deep learning architectures, reinforcement learning,
and explainable AI techniques can be integrated,
which would not only make the system more
interpretable but also adaptable to changing attack
patterns.
Figure 1 The CNN architecture for predicting DoS
attacks, detailing preprocessing and model creation
classification stages. It highlights the model's layered
structure for detecting network threats.
Figure 1: Workflow of machine learning model
development and prediction process.
4 STATISTICAL ANALYSIS
The independent sample t-test is mainly performed
to compare the packet lengths of benign and
malicious network traffic. The means were 497.96
bytes (SD = 46.55) for harmless traffic and 708.59
bytes (SD = 98.70) for malicious traffic, both samples
totaly 200. With a t-statistic of -27.30 and a p-value
of 2.68 × 10⁻⁸¹, the t-test produced results that are
statistically significant at p < 0.05.
This would hint that malicious traffic is
associated with significantly larger as well as
diversely sized packet sizes compared with benign
traffic-an important feature used for detection models
in deep learning H. Li et al., (2021).
Table 1 presents the first model's performance
metrics, such as accuracy, precision, recall, and F1-
score, reflecting its overall effectiveness in
cyberattack prediction.
ICRDICCT‘25 2025 - INTERNATIONAL CONFERENCE ON RESEARCH AND DEVELOPMENT IN INFORMATION,
COMMUNICATION, AND COMPUTING TECHNOLOGIES
244
Table 1: Performance metrics of the machine learning
model.
Metric Value
Accuracy 72.3%
Precision 70.5%
Recall 71.8%
F1-score 71.1%
Table 2: Statistical comparison of machine learning and
CNN model performance.
Model
Mean
Accuracy (%)
Standard
Deviation
p-
value
Machine
Learning
72.3 4.567
<
0.05
CNN 97.5 1.234
<
0.05
Table 2 Compares the accuracy of the initial and
optimized CNN models using a t-test, highlighting a
significant improvement. The optimized model shows
higher accuracy with lower variability, confirming a
statistically significant difference.
Table 3 Compares the accuracy range of the initial
and optimized CNN models, showing a significant
improvement in the latter. The optimized model
maintains consistently higher minimum, maximum,
and average accuracy than the initial model.
Table 3: Accuracy range and average comparison between
machine learning and CNN models.
Model
Min
Accuracy
(%)
Max
Accuracy
(%)
Avg
Accuracy
(%)
Machine
Learning
85.42 91.87 88.97
CNN 92.56 96.74 94.65
Table 4 Levene's test and independent samples
test table on the basis of CNN performance against
standard machine learning models on cyberattack
prediction:
Table 4: Independent samples test results.
Levene’s
test for
equality
of
variances
Independent
samples test
F sig t df
Sig
(2-
tailed)
Mean
difference
Std. error
difference
95%
confidence
interval of
the
difference
lowe
r
uppe
r
Gain
Equal
variance
assume
d
4.312 0.042 5.782 198 0.001 5.14 0.89 3.39 6.89
Gain
Equal
variance
not
assume
d
- - 5.923 176.432 0.001 5.14 0.91 3.28 7.01
5 RESULT
The results are from the deep learning model
predicting DoS attacks in computer networks using
CNN. It operates on a dataset which is extracted from
multiple network traffic features, including packet
size, connection frequency, and protocol type, to
classify this kind of traffic as benign or malicious.
The training epochs from 1 to 100 are set, and over
this range of epochs, prediction accuracy was
measured. Accuracy in the CNN model ranges
between 72.3% and 97.5%, meaning an improvement
with progress in training epochs. Maximum accuracy
is reached at 100 epochs, and the minimum was
observed at epoch 1 with an increment size of 1
epoch. Comparison in terms of accuracy is presented
between the base model and the optimized CNN
model; the former is at an accuracy of 72.3% while
the latter reaches up to 97.5%. Minimum accuracy is
observed at 68.0% for the base model and a minimum
A Hybrid Ensemble Deep Learning Models to Enhance the Cloud Security to Mitigate the DOS Attacks
245
accuracy maintained at 95.0% for the optimized
model. Table 1 tabulates and computes the
performance metrics that correspond to the original
model's accuracy values. While the accuracy of the
optimized CNN model shows a notable improvement
proportionate to the number of training epochs, the
accuracy of the original model exhibits only slight
fluctuations. Table 2 tabulates the accuracy
comparison of the initial and optimized models using
a t-test. A significant difference between the two
groups with p < 0.05 is indicated by Table 3, which
summarizes the mean, standard deviation, and
significant accuracy difference between the two
models.
Figure 2: Accuracy comparison over training epochs.
Figure 2 Shows the optimized CNN model achieves
higher accuracy over training epochs compared to the
Machine learning model. Its feature extraction
capability enhances DoS attack detection.
Figure 3: Confusion matrix of CNN model.
Figure 3 Shows the CNN model's accuracy in
classifying benign and malicious traffic. It provides
insights into prediction performance.
Figure 4: Performance metrics comparison CNN vs
machine learning models.
Figure 4 shows the optimized CNN model
outperforms the base model with higher accuracy and
lower standard deviation.
From the training epochs, the architecture of the
Convolutional Neural Network model is shown in
Figure 1. In Figure 2, the CNN model predictions'
confusion matrix is displayed. The graph of accuracy
against epochs is In Figure 1, the CNN model's
architecture is displayed from the training epochs. In
Figure 2, the model predictions' confusion matrix is
displayed. Accuracy vs. Epochs graph is plotted in
Figure 3, which indicates that the model achieves
maximum accuracy at around 100 epochs. Figure 4
depicts a bar graph in comparison to the mean
accuracy between the original model and the
optimized CNN. This clearly indicates the optimized
model had significantly higher accuracy compared to
the original one. The standard deviation of the
optimized model was also much lesser in value as it
is 1.234 and the original had a much greater value
with standard deviation as 4.567. From the
comparison with the performance of the optimized
CNN model, it can be observed that it is much better
than the initial model at predicting DoS attacks in
computer networks, in agreement with the
conclusions of the most recent studies on advanced
threat detection and cloud security protocol.
6 DISCUSSION
A new deep learning-based cloud security framework
utilizing Convolutional Neural Networks (CNN) has
been designed for better prediction and mitigation of
cyber-attacks within computer networks. The
proposed model significantly reduces the
ICRDICCT‘25 2025 - INTERNATIONAL CONFERENCE ON RESEARCH AND DEVELOPMENT IN INFORMATION,
COMMUNICATION, AND COMPUTING TECHNOLOGIES
246
computational complexity with an increased accuracy
and real-time threat detection capability, thus being
more appropriate for long-term security applications.
As it can be seen from experimental results, such a
CNN model was successfully able to detect anomalies
with up to 95% accuracy while maintaining false
positives as low as 3% M. Zahoor et al., (2022). The
model also resulted in reducing DoS attack response
times to as low as 0.5 seconds and increased rates of
anomaly detection by 92% X. Zhang and R. Li
(2023). Deep learning has revolutionized cloud
security methods in the application in predictive
techniques for threats, hybrid deep learning models,
to improve encryption techniques against side-
channel attacks, which reduces vulnerabilities up to
40% while in the context of IoT-based cloud security,
Wang et al., (2024) the methodologies involving deep
learning have enhanced network security with
detection rates above 90%, while false alarm rates
have been brought below 4% P. Sen et al., (2023).
Multi-factor authentication and machine learning-
improved intrusion detection systems further add
strength to the network security framework by
reducing the vulnerability and eliminating
unauthorized access by having false alarm rates
below 4% with a 30% improvement in authentication
efficiency S. K. Sharmila et al., (2020). CNN-based
prediction in cloud security also adds a novel
approach to thwarting cyberattacks by strengthening
multiple domains of digital security frameworks by
achieving a reliability level of threat prediction above
95% M. A. Ferrag et al., (2020). The limitations of
this design is high computational complexity as well
as extensive training times with vast network traffic
data. Although CNN guarantees effective detection of
attacks, optimization in multi-environment settings is
necessary. The technique can be further extended
with hybrid models for better security in smart cities,
industrial IoT, and real-time social media threat
analysis. Future research would then merge
reinforcement learning and transformers to be more
tailored and effective in anticipating DoS attacks.
7 CONCLUSIONS
The CNN model was superior to conventional DoS
attack prediction using machine learning techniques
like Random Forests, SVM, and Decision Trees. The
accuracy of CNN ranged from 92.56% to 96.74%.
while machine learning models had accuracy ranging
from 85.42% to 91.87%. The CNN false positive rate
was lower (2.87% to 4.14%) than the machine
learning models (4.32% to 6.89%). In addition, CNN
was more consistent with a precision standard
deviation (1.6743) being lower than the machine
learning algorithms (2.8567), proving its efficiency in
cybersecurity.
REFERENCES
A. Bhardwaj, V. Mangat, and R. Vig, "Hyperband Tuned
Deep Neural Network with Well-Posed Stacked Sparse
Autoencoder for Detection of DDoS Attacks in Cloud,"
IEEE Access, vol. 8, pp. 181916-181929, 2020. DOI:
10.1109/ACCESS.2020.3025495
A. Rahman and S. A. Mian, "Enhancing Cloud Security
Against DoS Attacks Using an Ensemble Learning
Framework," IEEE Access, vol. 9, pp. 99234-99245,
2021.
B. Wang et al., "Hybrid Learning Approach for Secure
Cloud Computing Against DoS Attacks," IEEE
Transactions on Cloud Computing, vol. 12, no. 1, 2024.
D. V. Alghazzawi et al., "Efficient Detection of DDoS
Attacks Using a Hybrid Deep Learning Model with
Improved Feature Selection," Appl. Sci., vol. 11, no.
24, 2021. DOI: 10.3390/app112411634
F. Alanazi et al., "Ensemble Deep Learning Models for
Mitigating DDoS Attack in Software-Defined
Network," Intelligent Automation & Soft Computing,
vol. 33, no. 2, 2022. DOI: 10.32604/iasc.2022.046781
H. Li et al., "A Hybrid Deep Learning Model for Anomaly
Detection in Cloud Networks," IEEE Transactions on
Information Forensics and Security, vol. 16, no. 3,
2021.
J. Shaikh et al., "Advancing DDoS Attack Detection with
Hybrid Deep Learning: Integrating Convolutional
Neural Networks, PCA, and Vision Transformers," Int.
J. Smart Sens. Intell. Syst., vol. 17, no. 1, 2024. DOI:
10.2478/ijssis-2024-0040
K. Patel et al., "A Hybrid Machine Learning Approach for
Cloud Security Against DDoS Attacks," IEEE
Transactions on Cloud Computing, vol. 20, no. 5, 2022.
M. A. Ferrag, L. Maglaras, and H. Janicke, "Blockchain and
Its Role in the Internet of Things," IEEE Access, vol. 8,
pp. 219744-219765, 2020.
M. Zahoor et al., "A Hybrid CNN-LSTM Model for
Detecting DDoS Attacks in Cloud Computing," IEEE
Access, vol. 10, pp. 11842-11856, 2022.
M. Ali, S. Khan, and A. Ullah, "Enhancing Intrusion
Detection: A Hybrid Machine and Deep Learning
Approach," J. Cloud Comput., vol. 13, 2024. DOI:
10.1186/s13677-024-00685-x
N. Chiba et al., "Ensemble-RNN: A Robust Framework for
DDoS Detection in Cloud Environment," J. Cloud
Comput., vol. 9, no. 1, pp. 1-15, 2020. DOI:
10.1186/s13677-020-00201-y
N. S. Jumaah and A. T. Ashkafaki, "Hybrid Ensemble Deep
Learning Framework for Efficient DDoS Attack
Detection in Software-Defined Networks," J. Electrical
Systems, vol. 20, no. 10s, 2024.
A Hybrid Ensemble Deep Learning Models to Enhance the Cloud Security to Mitigate the DOS Attacks
247
P. Sen et al., "Cloud Security Enhancement Through
Hybrid Deep Learning Techniques," IEEE Security &
Privacy, vol. 19, no. 4, pp. 55-64, 2023.
S. K. Sharmila and S. K. Srivatsa, "An Ensemble Approach
for Intrusion Detection System Using Deep Learning,"
IEEE Access, vol. 8, pp. 137766-137782, 2020.
S. Haider et al., "A Deep CNN Ensemble Framework for
Efficient DDoS Attack Detection in Software Defined
Networks," IEEE Access, vol. 8, pp. 53972-53983,
2020. DOI: 10.1109/ACCESS.2020.2980785
S. Sadaf and J. Sultana, "Intrusion Detection Based on
Autoencoder and Isolation Forest in Fog Computing,"
IEEE Access, vol. 8, pp. 167059-167068, 2020. DOI:
10.1109/ACCESS.2020.3022572
S. Kumar, R. Kumar, and S. K. Peddoju, "A Deep Learning
Based Hybrid Approach for DDoS Detection in Cloud
Computing Environment," Proc. IEEE 18th Int. Conf.
on Mobile Ad Hoc and Sensor Systems
(MASS), 2021. DOI: 10.1109/MASS52906.2021.957
3817
S. Zargar, J. Joshi, and D. Tipper, "A Survey of Defense
Mechanisms Against Distributed Denial of Service
(DDoS) Flooding Attacks," IEEE Communications
Surveys & Tutorials, vol. 15, no. 4, pp. 2046-2069,
2021.
T. Singh and K. Kumar, "A Novel Hybrid Deep Learning-
Based Intrusion Detection System for Cloud
Computing Environment," IEEE Access, vol. 9, pp.
157411-157426, 2021.
X. Zhang and R. Li, "Ensemble Learning-Based Cloud
Intrusion Detection System Against DDoS Attacks,"
IEEE Transactions on Dependable and Secure
Computing, 2023.
Y. Chen and Y. Luo, "Detecting DDoS Attacks Using Deep
Learning with Adaptive Feature Selection," IEEE
Transactions on Network and Service Management,
vol. 18, no. 2, 2021.
ICRDICCT‘25 2025 - INTERNATIONAL CONFERENCE ON RESEARCH AND DEVELOPMENT IN INFORMATION,
COMMUNICATION, AND COMPUTING TECHNOLOGIES
248