Evaluating Temporal and Structural Anomaly Detection Paradigms for DDoS Traffic
Abstract
Unsupervised anomaly detection is widely used to detect Distributed Denial-of-Service (DDoS) attacks in cloud-native 5G networks, yet most studies assume a fixed traffic representation, either temporal or structural, without validating which feature space best matches the data. We propose a lightweight decision framework that prioritizes temporal or structural features before training, using two diagnostics: lag-1 autocorrelation of an aggregated flow signal and PCA cumulative explained variance. When the probes are inconclusive, the framework reserves a hybrid option as a future fallback rather than an empirically validated branch. Experiments on two statistically distinct datasets with Isolation Forest, One-Class SVM, and KMeans show that structural features consistently match or outperform temporal ones, with the performance gap widening as temporal dependence weakens.References
Carrera, F., Dentamaro, V., Galantucci, S., Iannacone, A., Impedovo, D., and Pirlo, G. (2022). Combining unsupervised approaches for near real-time network traffic anomaly detection. Applied Sciences, 12(3).
Coldwell, C., Conger, D., Goodell, E., Jacobson, B., Petersen, B., Spencer, D., Anderson, M., and Sgambati, M. (2022). Machine learning 5g attack detection in programmable logic. In 2022 IEEE Globecom Workshops (GC Wkshps), pages 1365–1370.
Feng, Y., Cai, W., Yue, H., Xu, J., Lin, Y., Chen, J., and Hu, Z. (2022). An improved X-means and isolation forest based methodology for network traffic anomaly detection. PLOS ONE, 17(1):1–18.
Gartner, Inc. (2026). Gartner forecasts worldwide end-user spending on information security to total $240 billion in 2026.
González, G. G., Tagliafico, S. M., Fernández, A., Sena, G. G., Acuña, J., and Casas, P. (2024). One model to find them all deep learning for multivariate time-series anomaly detection in mobile network data. IEEE Transactions on Network and Service Management, 21(2):1601–1616.
Kumar, A., Kumar, A., Raja, R., Dewangan, A. K., Kumar, M., Soni, A., Agarwal, D., and Saudagar, A. K. J. (2025). Revolutionising anomaly detection: a hybrid framework for anomaly detection integrating isolation forest, autoencoder, and conv. lstm. Knowledge and Information Systems, 67(12):11903–11953.
Moore, J., Abdalla, A. S., Reshi, Z., and Marojevic, V. (2025). Anomaly detection and mitigation in o-ran networks using an lstm-rnn autoencoder and secure slicing. In MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM), pages 1–6.
Moreira, R., Rodrigues Moreira, L. F., and de Oliveira Silva, F. (2023). An intelligent network monitoring approach for online classification of Darknet traffic. Computers and Electrical Engineering, 110:108852.
Nguyen, C., Elmroth, E., and Bhuyan, M. (2025). Silent failures in stateless systems: Rethinking anomaly detection for serverless computing. In 2025 IEEE International Conference on Service-Oriented System Engineering (SOSE), pages 8–19.
Prince, G. and Prabhavathi Neelakandan, R. (2026). Ai-driven analysis and mitigation of control-plane signaling anomalies in next-generation mobile networks. IEEE Access, 14:11129–11148.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8.
Tan, Y., Liu, J., Li, Y., and Wang, J. (2025). Deep learning-based proactive anomaly detection for 5g core control plane network function interactions. IEEE Transactions on Cognitive Communications and Networking, 11(6):4210–4222.
Xu, H., Wang, Y., Jian, S., Liao, Q., Wang, Y., and Pang, G. (2024). Calibrated one-class classification for unsupervised time series anomaly detection. IEEE Transactions on Knowledge and Data Engineering, 36(11):5723–5736.
Zuo, Y., Wu, Y., Min, G., Huang, C., and Pei, K. (2020). An intelligent anomaly detection scheme for micro-services architectures with temporal and spatial data analysis. IEEE Transactions on Cognitive Communications and Networking, 6(2):548–561.
Coldwell, C., Conger, D., Goodell, E., Jacobson, B., Petersen, B., Spencer, D., Anderson, M., and Sgambati, M. (2022). Machine learning 5g attack detection in programmable logic. In 2022 IEEE Globecom Workshops (GC Wkshps), pages 1365–1370.
Feng, Y., Cai, W., Yue, H., Xu, J., Lin, Y., Chen, J., and Hu, Z. (2022). An improved X-means and isolation forest based methodology for network traffic anomaly detection. PLOS ONE, 17(1):1–18.
Gartner, Inc. (2026). Gartner forecasts worldwide end-user spending on information security to total $240 billion in 2026.
González, G. G., Tagliafico, S. M., Fernández, A., Sena, G. G., Acuña, J., and Casas, P. (2024). One model to find them all deep learning for multivariate time-series anomaly detection in mobile network data. IEEE Transactions on Network and Service Management, 21(2):1601–1616.
Kumar, A., Kumar, A., Raja, R., Dewangan, A. K., Kumar, M., Soni, A., Agarwal, D., and Saudagar, A. K. J. (2025). Revolutionising anomaly detection: a hybrid framework for anomaly detection integrating isolation forest, autoencoder, and conv. lstm. Knowledge and Information Systems, 67(12):11903–11953.
Moore, J., Abdalla, A. S., Reshi, Z., and Marojevic, V. (2025). Anomaly detection and mitigation in o-ran networks using an lstm-rnn autoencoder and secure slicing. In MILCOM 2025 - 2025 IEEE Military Communications Conference (MILCOM), pages 1–6.
Moreira, R., Rodrigues Moreira, L. F., and de Oliveira Silva, F. (2023). An intelligent network monitoring approach for online classification of Darknet traffic. Computers and Electrical Engineering, 110:108852.
Nguyen, C., Elmroth, E., and Bhuyan, M. (2025). Silent failures in stateless systems: Rethinking anomaly detection for serverless computing. In 2025 IEEE International Conference on Service-Oriented System Engineering (SOSE), pages 8–19.
Prince, G. and Prabhavathi Neelakandan, R. (2026). Ai-driven analysis and mitigation of control-plane signaling anomalies in next-generation mobile networks. IEEE Access, 14:11129–11148.
Sharafaldin, I., Lashkari, A. H., Hakak, S., and Ghorbani, A. A. (2019). Developing realistic distributed denial of service (ddos) attack dataset and taxonomy. In 2019 International Carnahan Conference on Security Technology (ICCST), pages 1–8.
Tan, Y., Liu, J., Li, Y., and Wang, J. (2025). Deep learning-based proactive anomaly detection for 5g core control plane network function interactions. IEEE Transactions on Cognitive Communications and Networking, 11(6):4210–4222.
Xu, H., Wang, Y., Jian, S., Liao, Q., Wang, Y., and Pang, G. (2024). Calibrated one-class classification for unsupervised time series anomaly detection. IEEE Transactions on Knowledge and Data Engineering, 36(11):5723–5736.
Zuo, Y., Wu, Y., Min, G., Huang, C., and Pei, K. (2020). An intelligent anomaly detection scheme for micro-services architectures with temporal and spatial data analysis. IEEE Transactions on Cognitive Communications and Networking, 6(2):548–561.
Published
2026-05-25
How to Cite
LIMA, Yasmin Souza; MOREIRA, Rodrigo; MOREIRA, Larissa F. Rodrigues; CARVALHO, Tereza Cristina M. de B.; SILVA, Flávio de Oliveira.
Evaluating Temporal and Structural Anomaly Detection Paradigms for DDoS Traffic. In: WORKSHOP ON EXPERIMENTAL RESEARCH OF THE FUTURE INTERNET (WPEIF), 17. , 2026, Praia do Forte/BA.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2026
.
p. 9-16.
ISSN 2595-2692.
DOI: https://doi.org/10.5753/wpeif.2026.22867.
