ABSTRACT This work presents an Edge Node‐Oriented DoS/DDoS Intrusion Detection and Monitoring Platform, a novel anomaly detection system based on temporal analysis with machine learning (ML) and deep learning (DL) algorithms, specifically designed to operate on edge servers with limited resources. The proposed approach systematically integrates four complementary temporal analysis techniques: Shannon entropy, autoregressive integrated moving average (ARIMA), Hölder local exponent, and moving averages, used for smoothing and trend identification. This multidimensional combination enables robust modeling of normal network traffic behavior and effective detection of statistical deviations that characterize malicious activity. Experimental validation was performed using datasets (CIC‐IDS‐2017, CSE‐CIC‐IDS2018, CIC‐IDS‐2023) with a specific focus on application‐layer attacks, notably denial‐of‐service (DoS) and distributed denial‐of‐service (DDoS) attacks, such as Slowloris and SlowHTTPTest, which pose threats due to their ability to mimic their own traffic. The experimental methodology included 99% confidence intervals, ensuring statistical rigor. A significant methodological contribution was the implementation of cross‐validation between datasets to assess temporal transferability, demonstrating the models' ability to maintain adequate performance when applied to missing data from different time periods. The experimental results demonstrate the high performance of the proposed approach, with Configuration 5 (combination of mobile media and Shannon entropy) achieving 99.9% accuracy in temporal cross‐validation. Validation on a real device (Raspberry Pi 3B+) confirmed the computational prediction of the solution, demonstrating the ability to detect data in real time without significantly compromising the device's computational resources.
Júnior et al. (Fri,) studied this question.