A Survey of Application Layer Distributed Denial of Service Detection: Approaches, Models, and Datasets
摘要
Application layer Distributed Denial of Service (ALDDoS) attacks are an increasing threat to online services because they imitate normal user behavior while overloading server resources. This survey reviews 47 primary studies published since 2018 and provides a structured and comprehensive overview of ALDDoS attack categories, including high rate attacks, low rate attacks, and flash crowd events, along with the detection methods used for each type. The findings show a growing shift toward machine learning based detection techniques (31%), followed closely by hybrid methods (28.6%) and deep learning approaches (28.6%). In contrast, rule based techniques are declining and appear in only 11.9% of the reviewed studies. The survey also shows that CICIDS2017 and CICIDS2019, created by the Canadian Institute of Cybersecurity, are the most commonly used datasets, along with several custom datasets designed for specific research scenarios. In addition, the review identifies important features used to distinguish normal traffic, attack traffic, and flash crowd events, examines feature selection strategies, and highlights future research directions. By organizing existing knowledge on DDoS threats, this survey aims to support researchers and cybersecurity professionals in developing more effective and adaptive defense mechanisms against evolving attack strategies.