A Multi-Agent-Based Deep Learning Model for Protecting Cloud Computing Environment Against Distributed Denial of Service Flooding Attacks

Abstract

Distributed Denial of Service (DDoS) flooding attacks pose a significant threat to the resilience of modern cloud computing infrastructures and their ability to sustain operational stability. Unlike traditional DoS and DDoS attacks, it is the legitimate user who inadvertently causes the damage; the applications exploit the architecture, latency limits, and resource bottlenecks, rendering the service unavailable to genuine users. The current mitigation strategies struggle to keep pace with the diverse attack vectors and fluctuating traffic patterns, particularly in a cloud-native environment where a more intelligent and distributed approach is necessary. A high-fidelity detection system that employs deep learning and self-driving agents offers an effective defensive mechanism. This paper proposes a deep learning model based on a multi-agent and Dynamic Ensemble Selection (DES) strategy, combined with five separately trained Long Short-Term Memory (LSTM) models, to form a DES-LSTM model for identifying and mitigating DDoS flooding attacks in real-time. TS allocates intelligent agents across multiple nodes in the cloud infrastructure, allowing each node to conduct local traffic analysis and contribute to collective threat detection. The system employs DES to facilitate context-based model selection through dynamically evaluated accuracy values, enabling adaptive decision-making. The CIC-DDoS2019 dataset, which encompasses the full spectrum of DDoS attack types, is utilized to train, validate, and evaluate the model's performance. This paper provides a detailed description of the architecture, integration methodology, and simulation, as well as model training, traffic modeling equations, and visualizations. Evaluations against a baseline LSTM model demonstrate that the proposed ensemble achieves superior detection accuracy, reduced false-positive rates, and enhanced robustness in varying attack conditions. The DES-LSTM architecture effectively works based on the experimental outcomes. It possesses real time feasibility, as the classification accuracies (97.8%), precision (96.6%) and recall (97.2%) were in all likelihood enhanced, meanwhile the false alarm rate (2.1%) and the detection latency (19 ms) were tremendously diminished. The agent-based, decentralized structure is both scalable and delivers low latency, making it suitable for deployment in existing cloud security systems.