NEAT-ID: A Novel Method for Enhancing Threat Detection Process DDoS in Cybersecurity

Abstract

Cyberattacks, especially Distributed Denial-of-Service (DDoS) attacks, are highly dangerous to online infrastructure, as they use network resources and cause disruption of services. It is also hard to detect such attacks in real-time because the traditional rule-based intrusion detection system (IDS) and single machine-based learning models fail to contend with threat variations. In this paper, NEAT-ID (Neuro- Symbolic Ensemble of Anomaly-based Threat Detection) is described, which is a hybrid framework that combines both network and biometric signals to enhance the accuracy and interpretability of the detection. NEAT-ID is based on a wavelet-transformed feature extractor of temporal network patterns, a Transformer encoder with attention on biometric feature integration, a rulefit model of symbolic reasoning, a stacked ensemble of five classifiers (TabNet, LightGBM, Histogram-based GB, Naive Bayes, Logistic Regression), and an XGBoost meta-learner to provide the final prediction. The framework was tested on the CIC-dDoS2019 dataset, with NEAT-ID scoring 96% accuracy, 97% F1-score, and 0.9949 ROC-AUC, which is better than baseline IDS models and shows robust, interpretable, and high- performance intrusion detection.

Authors

  • Hui Ek Department of Artificial intelligence, Chongqing Vocational Institute of Safety Technology, Wanzhou, Chongqing, 404120, China

DOI:

https://doi.org/10.31449/inf.v50i11.10770

Downloads

Published

04/23/2026

How to Cite

Ek, H. (2026). NEAT-ID: A Novel Method for Enhancing Threat Detection Process DDoS in Cybersecurity. Informatica, 50(11). https://doi.org/10.31449/inf.v50i11.10770

Issue

Vol. 50 No. 11 (2026): Online-only issue

Section

Online-only

License

Authors retain copyright in their work. By submitting to and publishing with Informatica, authors grant the publisher (Slovene Society Informatika) the non-exclusive right to publish, reproduce, and distribute the article and to identify itself as the original publisher.

All articles are published under the Creative Commons Attribution license CC BY 3.0. Under this license, others may share and adapt the work for any purpose, provided appropriate credit is given and changes (if any) are indicated.

Authors may deposit and share the submitted version, accepted manuscript, and published version, provided the original publication in Informatica is properly cited.