Lightweight CNN-Based DDoS Detection for Resource-Constrained Edge Networks

Distributed Denial of Service (DDoS) attacks remain a persistent threat to the availability of Internet services, edge networks, and cyber-physical infrastructure. Although recent AI-security work has increasingly focused on foundation models, autonomous agents, and adversarial robustness, many operational defense tasks still require low-latency classification close to the network edge, where cloud-scale analysis may be too slow or expensive. This paper presents a lightweight supervised deep learning approach for DDoS detection using a convolutional neural network (CNN) trained on packet-flow representations derived from the CIC-DDoS2019 benchmark dataset. The proposed pipeline extracts packet flows from PCAP traffic, normalizes them to fixed-length representations, and classifies each flow as benign or malicious using a compact CNN architecture with convolution, dropout, pooling, and sigmoid classification layers. On a held-out test set of previously unseen flows, the model achieves 0.9883 accuracy, 0.9864 precision, 0.9784 recall, and 0.9824 F1 score, while processing the evaluated test flows in 0.28 seconds. These results suggest that compact neural models can provide useful early-warning signals for edge-oriented DDoS detection. We further discuss deployment constraints, benchmark limitations, and future directions for cross-dataset evaluation, hardware-aware profiling, and integration with mitigation pipelines.