# Optimized CatBoost machine learning (OCML) for DDoS detection in cloud virtual machines with time-series and adversarial robustness

**Authors:** Hadeer Samy, Ayman M. Bahaa-Eldin, Mohamed A. Sobh, Ayman Taha

PMC · DOI: 10.1038/s41598-025-33851-5 · Scientific Reports · 2026-01-15

## TL;DR

This paper introduces an optimized CatBoost machine learning model for detecting DDoS attacks in cloud virtual machines with high accuracy and robustness against adversarial and time-series attacks.

## Contribution

The novelty lies in optimizing CatBoost with hyperparameter tuning and SHAP-based feature selection for DDoS detection, along with robustness evaluation against adversarial and time-series attacks.

## Key findings

- The OCML model achieved 99.2% accuracy in detecting DDoS attacks using the CICIDS 2019 dataset.
- The model showed robustness against FGSM, CW, and PGD adversarial attacks with accuracies of 97%, 80%, and 71%, respectively.
- It also demonstrated effectiveness against time-series attacks with accuracies of 80%, 83%, and 77% for pulse wave, random burst, and slow ramp attacks.

## Abstract

Distributed Denial of Service (DDoS) attacks represent one of the most strategically executed and severe threats in cloud computing, often leading to substantial data loss and significant financial damage for both cloud service providers and their users. Numerous studies have been conducted to enhance cloud security against such attacks through the application of machine learning techniques. This paper implements the Optimized Catboost machine learning algorithm (OCML) with hyperparameter optimization using Optuna to achieve efficient training. Feature selection was conducted using the SHAP (SHapley Additive exPlanations) method, as the dataset contains over 80 features. The proposed model achieved an accuracy of 99.2% in detecting Distributed Denial of Service (DDoS) attacks in cloud virtual machines (VMs), enabling the system to filter out malicious jobs and allocate resources efficiently. The CICIDS 2019 dataset was used as the benchmark for evaluation. Furthermore, the robustness of the proposed model was assessed using adversarial attacks, specifically the Fast Gradient Sign Method (FGSM), the Carlini-Wagner (CW) attack, and Projected Gradient Descent (PGD). The Catboost model achieves accuracies against these attacks 97%, 80% and 71% respectively. In addition, the robustness against time series network traffic attacks using pulse wave, random burst, and slow ramp achieves 80%, 83% and 77% respectively.

## Full-text entities

- **Genes:** SHROOM4 (shroom family member 4) [NCBI Gene 57477] {aka MRXSSDS, SHAP, shrm4}, CIC (capicua transcriptional repressor) [NCBI Gene 23152] {aka MRD45}
- **Diseases:** OCML (MESH:D007859), DoS (MESH:C537495), DDoS (MESH:D019575)
- **Chemicals:** CPU (-)

## Full text

_Full body text omitted from this summary view._ Fetch the complete paper as Markdown: https://tomesphere.com/paper/PMC12808713/full.md

## Figures

11 figures with captions in the complete paper: https://tomesphere.com/paper/PMC12808713/full.md

## References

12 references — full list in the complete paper: https://tomesphere.com/paper/PMC12808713/full.md

---
Source: https://tomesphere.com/paper/PMC12808713