Authors: Mr. M. V. Rajesh, Balla Aarathisree, S S V Sumanvitha Palivela, Nagala Bhavya Pragna, Kamalesh Chitra, Taneti Ritesh
Abstract: The rapid growth of encrypted internet protocols such as HTTP/3 and QUIC has significantly improved communication speed and security on modern networks. However, these protocols also introduce new challenges for network security, particularly in detecting Distributed Denial of Service (DDoS) traffic flood attacks. Traditional monitoring techniques rely on packet inspection, which becomes difficult when network traffic is encrypted. This study proposes an intelligent machine learning framework for detecting QUIC-based traffic flood attacks in encrypted HTTP/3 network environments. The proposed system analyses network flow behaviour rather than packet content, enabling effective detection even when traffic payloads are encrypted. To build the detection model, network traffic data are captured and processed into flow-based features such as packet rate, packet size distribution, inter-arrival time, and connection statistics. Data preprocessing techniques are applied to prepare the dataset for machine learning training. Multiple classification algorithms including Logistic Regression, Support Vector Machine (SVM), K-Nearest Neighbours (KNN), and Random Forest are implemented and evaluated using standard performance metrics such as accuracy, precision, recall, F1-score, and ROC–AUC. Experimental results demonstrate that the Random Forest classifier achieves the highest detection accuracy and provides reliable performance for distinguishing between normal and malicious QUIC traffic patterns. To improve transparency and interpretability of the prediction process, Explainable Artificial Intelligence (XAI) techniques such as SHAP and LIME are incorporated into the framework. These methods highlight the most influential network features contributing to attack detection and help security analysts understand the reasoning behind model predictions. The proposed framework enhances the reliability of encrypted traffic monitoring, improves early detection of QUIC traffic flood attacks, and contributes to strengthening the security of next-generation web communication protocols.
DOI:
