- The paper presents IDQS, a novel framework that leverages predictive QoS modeling to detect subtle low-rate cyberattacks in real time.
- It employs a modified recurrent neural network (RTP-QoS) and a pairwise decision model (PDM) to achieve test N-SMAPE below 1%, outperforming traditional models like LSTM and MLP.
- The approach demonstrates efficient end-to-end inference (0.28s) suitable for resource-constrained IoT gateways, while addressing challenges like dataset diversity and cold-start latency.
Predictive Neural Network Architecture for Early Detection of Low-Rate Cyberattacks: Technical Essay
Introduction and Motivation
Low-Rate Denial of Service (LDoS) attacks represent a significant and increasingly relevant threat vector in IoT and resource-constrained networks. Unlike classical volumetric DDoS, LDoS attacks operate by subtly degrading Quality of Service (QoS) metrics—such as throughput, latency, or packet loss—while avoiding anomalous traffic volumes. This evasion, achieved via temporally distributed and protocol-aware traffic, renders static classification and absolute-threshold-based detection ineffective due to the statistical indistinguishability between legitimate fluctuations and maliciously induced performance degradation.
The paper "A Predictive Neural Network Architecture for Early Detection of Low-Rate Cyberattacks" (2606.18771) introduces a system-level, lightweight, and predictive approach named Intrusion Detection via QoS Prediction (IDQS). This framework shifts the detection paradigm from direct attack classification to the modeling and forecasting of expected normal network QoS, with subsequent anomaly detection via predictive discrepancy analysis.
System Architecture: Predictive-Comparative Pipeline
The IDQS framework consists of two core neural components: the Recurrent Trend Predictive QoS Predictor (RTP-QoS) and the Pairwise Decision Model (PDM). The objective is dual: (i) forecasting the evolution of QoS as a surrogate of network health, and (ii) detecting LDoS attacks by quantitatively comparing forecasts against observed QoS to identify adversarial deviations.
Figure 1: Structure of the proposed Intrusion Detection via QoS Prediction System (IDQS), highlighting the RTP-QoS and PDM modules in the system pipeline.
RTP-QoS extends a variant of the Recurrent Trend Prediction Neural Network (rTPNN). Unlike standard time-series prediction models, the modified rTPNN comprises a level prediction neuron (for coarse value) and a trend prediction neuron (for differential/gradient information), both trained to forecast feature trajectories over a horizon defined by time step τ. The QoS Predictor—built atop these trend-level vectors—integrates forecasted values via fully connected layers and error-correcting recurrent feedback, generating robust QoS projections.
PDM is engineered as a lightweight, pairwise-layered neural classifier. Its architecture explicitly encodes the relationships between predicted and observed QoS pairs across a sliding temporal window, incorporating these alongside future forecasts as model inputs. A final softmax discriminant layer outputs a binary decision regarding attack presence.
The chosen network features—packets per second, bytes per packet, flows per second, and average flow lifetime—are empirically justified for both computational efficiency and representational sufficiency in IoT contexts, with normalization performed to expedite convergence.
The RTP-QoS module is empirically benchmarked—with comprehensive ablation across different prediction horizons—against established architectures such as LSTM, MLP, and NP using the SDN-SlowRate-DDoS dataset. Critical performance is measured by both Mean Squared Error (MSE) and Normalized Symmetric Mean Absolute Percentage Error (N-SMAPE).
Figure 2: QoS predicted by the modified rTPNN and the actual QoS under normal network traffic, demonstrating close alignment and minimal forecasting error.
Numerically, RTP-QoS achieves test N-SMAPE consistently below 1%, outperforming LSTM (2.88%), MLP (3.23%), and NP (3.36%), with test MSE of 0.51e-3 compared to 3.46e-3 or higher for alternatives. This fidelity in forecasting is crucial: given the sub-threshold impact of LDoS, only a highly accurate baseline permits anomaly detection via small deviations rather than catastrophic divergences.
Statistical evaluation shows the forecasting error remains invariant with respect to the choice of Ï„ within operationally reasonable intervals (N-SMAPE < 2% for all tested Ï„), confirming robustness to temporal configuration and minimal cold-start impact.
Attack Phase Response: Discrepancy Analysis and Detection
Empirical study during LDoS attack injection demonstrates that the gap between predicted and realized QoS (i.e., adversarial gap) is sharply indicative of attack emergence. Notably, the attack-induced divergence persists post-attack due to the slow resource recovery characteristic of protocol exploitation (cf. TCP backlog exhaustion).



Figure 3: The predicted and actual QoS values under LDoS attacks at varying attack rates, with the model accurately forecasting in pre-attack phases and showing marked divergence upon attack initiation.
Figure 4: Boxplot of N-SMAPE error across pre-attack, attack, and post-attack phases, showing significant error inflation during and directly after attack periods.
However, raw prediction error alone is insufficient due to occasional legitimate transients and long-tail post-attack effects. The PDM, which operates on relationships across shifting error windows, mitigates these issues by learning fine-grained deviations specific to LDoS, as opposed to misclassifying purely stochastic QoS drops.
Comprehensive Evaluation and Comparison
Full-system evaluation employs 5-fold cross-validation across all labeled attack scenarios in SDN-SlowRate-DDoS (multiple connection rates, attacker/victim multiplexity), with results tabulated by Accuracy, Precision, Recall, and F1-Score. For most scenarios, accuracy exceeds 0.79, with recall generally high, indicating minimized false negatives.
Figure 5: The boxplot of the performances of the PDM and FFN over the CV folds for each of Accuracy, Precision, Recall, and F1 Score, demonstrating that PDM not only yields higher median values but also reduced performance variability.
Direct comparison to a baseline feed-forward network (FFN) demonstrates that the PDM outperforms across all detection metrics. Critically, PDM's architectural pairing of predicted-actual relations yields:
- Higher precision and recall in identifying ongoing attacks
- Reduced interquartile variability, affirming reliability across training/test splits
- Superior F1-scores, indicating more balanced trade-offs and less sensitivity to class imbalance
Edge-case analysis for datatypes with weak training exposure (e.g., specific connection rates or multiple attackers) shows diminished performance, which can be effectively remedied by increasing scenario diversity in the training corpus.
Figure 6: Performance of the proposed approach for the cases of ``One Attacker One Victim (30 conn/s)'' under two different training cases, further highlighting the importance of scenario-aligned training.
The system's ability to pinpoint and localize attack windows in time—particularly under single-attacker regimes—shows both rapid response and correct attribution, albeit with delayed onset in a small fraction of scenarios with minimal training alignment.



Figure 7: The actual QoS values and corresponding detection results under LDoS attacks with varying per-second connection rates, illustrating timely and accurate attack identification.
On the CIC-IDS2017 Wednesday dataset, which contains documented LDoS traces (Slowloris, Slowhttptest), the IDQS achieves 91% accuracy and F1-score of 0.88, confirming effective domain generalization and cross-dataset transferability.
Figure 8: Performance of the proposed approach on the CIC-IDS2017 Wednesday dataset for low-rate attack detection, outperforming the benchmark FFN approach on all key metrics.
Computational Efficiency and Real-Time Operation
Profiling of training and inference intervals reveals that RTP-QoS training completes in ~360s, PDM in ~87s, while per-sample QoS prediction and attack decision require only 0.08s and 0.2s, respectively. This yields a total end-to-end inference latency of 0.28s, enabling deployment on bandwidth- and compute-limited IoT gateways with real-time responsiveness.

Figure 9: Training (top) and inference (bottom) times of the RTP-QoS and PDM models, establishing their practical suitability for embedded/edge deployment.
Implications, Limitations, and Directions for Future Work
The system's high accuracy and efficiency—demonstrated across real datasets and diverse attack scenarios—make it a viable foundation for proactive IoT security in environments where legacy IDS/IPS cannot operate at required granularity or latency. The predictive-comparative paradigm is specifically extensible to contexts where LDoS or other stealthy, protocol-aware adversaries are likely.
However, several limitations persist:
- Dataset Scarcity: Current public LDoS datasets lack diversity and full-spectrum adversarial behaviors; performance on unseen attacks is bounded by training set representativity.
- Cold-Start Latency: The forecasting model requires an initial historical window, limiting immediate responsiveness after deployment.
- Congestion Distinguishability: While pairwise analysis reduces false positives, flash-crowd events may mimic attack signatures.
- Baseline Assumptions: Model accuracy presumes clean, attack-free training data; adversarial poisoning during baseline phase could blunt sensitivity.
Immediate avenues for extension include real-world IoT testbed validation, adaptation for multi-class (high-rate and low-rate) attack detection, and incremental/online learning to minimize retraining intervals in dynamically evolving environments.
Conclusion
This work formalizes an actionable shift in the detection of low-rate cyberattacks: from static snapshot classification to predictive modeling and discrepancy analysis of QoS. By leveraging an enhanced rTPNN for robust future state forecasting and a pairwise neural discriminant for attack identification, IDQS enables real-time, accurate, and computationally feasible intrusion detection that is directly aligned with the operational realities of contemporary IoT deployments. This architecture stands as a template for future research, where predictive intelligence and anomaly discrimination remain central for adaptive, autonomous cybersecurity in resource-constrained and mission-critical contexts.