<![CDATA[Distributed Denial-of-Service (DDoS) attacks remain a critical threat to network infrastructure, demanding robust and efficient detection mechanisms. This study proposes an enhanced Deep Support Vector Data Description (Deep SVDD) model for unsupervised DDoS detection using the UNSW-NB15 dataset. The approach leverages a deep encoder architecture with batch normalization and dropout to learn compact latent representations of normal traffic, minimizing the hypersphere volume enclosing benign flows. Only normal samples are used during training, adhering to the unsupervised anomaly detection paradigm. The model is evaluated against five established baselines—Isolation Forest, Local Outlier Factor (LOF), One-Class SVM, Autoencoder, and a simple ensemble—using AUC, F1-score, and recall as primary metrics. Experimental results demonstrate that Deep SVDD significantly outperforms all baselines, achieving superior class separation, high detection sensitivity, and computational efficiency (0.0004 GFLOPs). Notably, while LOF exhibited a deceptively high F1-score, its AUC near 0.5 revealed poor discriminative capability, highlighting the risk of relying on single metrics. The ensemble approach failed to improve performance, underscoring the limitation of naive score averaging when weak detectors are included. Visualization of score distributions and ROC curves further confirms Deep SVDD’s ability to effectively distinguish DDoS from benign traffic. These findings affirm that representation learning in latent space offers a more reliable foundation for anomaly detection than traditional distance-, density-, or reconstruction-based methods. The proposed model presents a promising solution for real-time, low-overhead intrusion detection systems in modern network environments. Future work will explore adaptive ensembles, self-supervised pretraining, and deployment on edge devices.]]>
