Ainebyoona Patrick and Adeleke Raheem Ajiboye, Department of Computer Science, Kampala International University, Uganda
Distributed Denial of Service (DDoS) attacks have become some of the most common and damaging cyberthreats in our increasingly connected world. This literature review explores recent developments in using machine learning algorithms to detect DDoS intrusions, with a special emphasis on approaches that fine-tune self-updating parameters. By bringing together insights from multiple recent studies. This review examines a variety of machine learning methods such as Random Forest (RF), Support Vector Machine (SVM), and K-Nearest Neighbours (KNN). It looks at the strengths and weaknesses of each technique and discusses how best to integrate them with the existing security infrastructure. Particular attention is given to self-updating models that can quickly adapt to new and evolving attack patterns. The paper also reviews performance metrics, important considerations around datasets, and outlines future research directions in this fast-moving area. Overall, the findings indicate that adaptive, self-updating machine learning models outperform static ones in detecting complex DDoS attacks, with Random Forest approaches consistently delivering strong results across various studies.
DDoS detection, self-updating algorithms, Adaptive Parameter Calibration, Intrusion Detection Systems. Machine learning.
Mamadou Cherif Kasse1 and El Hadj Modou Mboup2, 1Cheikh Anta Diop University of Dakar, FST, DMI, LACGAA, Senegal, 2Iba Der Thiam University of Thiès, Senegal
In light of emerging quantum threats, traditional authentication mechanisms, particularly those based on One-Time Passwords (OTP), are becoming increasingly inadequate. This paper introduces a post-quantum authentication model that combines an OTP scheme derived from the ML-DSA signature (from the PQClean project) with a Trusted Execution Environment (TEE). The TEE ensures secure generation, storage, and usage of critical cryptographic components, thereby strengthening resistance to both software and hardware attacks. This approach offers a robust solution to modern security challenges. A comprehensive security analysis and discussion position this model as a credible and scalable alternative for authentication in a post-quantum world.
Trusted Execution Environment (TEE), Post-Quantum Cryptography, Digital Signature, PQClean, Authentication, OTP, Secure Key Storage.
Vineeth Sai Narajala1 and Om Narayan2, 1Washington State University, Washington, USA, 2New York University, New York City, New City, USA
As generative AI (GenAI) agents become more common in enterprise settings, they introduce security challenges that dif er significantly from those posed by traditional systems. These agents aren’t just LLMs—they reason, remember, and act, often with minimal human oversight. This paper introduces a comprehensive threat model tailored specifically for GenAI agents, focusing on how their autonomy, persistent memory access, complex reasoning, and tool integration create novel risks. Our research identifies 9 primary threats and organizes them across five key domains: cognitive architecture vulnerabilities,temporal persistence threats, operational execution vulnerabilities, trust boundary violations, and governance circumvention. These threats aren’t just theoretical—they bring practical challenges such as delayed exploitability, cross-system propagation, cross system lateral movement, and subtle goal misalignments that are hard to detect with existing frameworks and standard approaches. To help address this, we present two complementary frameworks: ATFAA (Advanced Threat Framework for Autonomous AI Agents), which organizes agent-specific risks, and SHIELD, a framework proposing practical mitigation strategies designed to reduce enterprise exposure. While this work builds on existing work in LLM and AI security, our focus is squarely on what makes agents dif erent—and why those dif erences matter. Ultimately, this research argues that GenAI agents require a new lens for security. If we fail to adapt our threat models and defenses to account for their unique architecture and behavior, we risk turning a powerful new tool into a serious enterprise liability.
Terms—generative AI, threat model, AI agents, cybersecurity, attack vectors, security framework.
Rakhmatov Furkat1 and Karimov Norbek2, 1Faculty of Computer Engineering, Tashkent University of Information Technologies named after Muhammad al-Khwarizmi, Tashkent, Uzbekistan, 2Department of Methodology of Exact and Natural Sciences, Tashkent Region Pedagogical Skills Center, Bo‘stonliq District, Ghazalkent City, Tashkent Region, Uzbekistan
The rapid evolution of cyber threats, particularly Distributed Denial of Service (DDoS) and other advanced attack vectors, has significantly challenged the resilience of modern network infrastructures. This study proposes an anomaly detection framework that leverages a compact yet highly informative feature set — request rate (Rt), traffic volume (Vt), source IP entropy (St), flow duration (Tt), and unique protocols (Qt) — to identify a broad spectrum of attack types, including DDoS, Slow Attacks, Volumetric Attacks, Service Outage, Application Layer Attacks, and Stealth Attacks. Using the CIC-IDS2017 dataset, we evaluated three machine learning models: Random Forest (RF), Support Vector Machine (SVM), and Extreme Gradient Boosting (XGBoost). Experimental results demonstrate that XGBoost achieves the highest detection accuracy of 99.1%, outperforming RF and SVM while maintaining an optimal trade-off between precision and recall. The findings highlight that ensemble-based models, when combined with carefully selected statistical and entropy-based features, provide robust and efficient solutions for real-time intrusion detection in diverse attack scenarios.
TNetwork Anomaly Detection, Request Rate, Traffic Volume, Source IP Entropy, Flow Duration, Unique Protocols, Machine Learning, Intrusion Detection System
Copyright © SECURA 2025