TCP SYN Flood Attack Detection Using Logistic Regression and Multi-Agent Reinforcement Learning

Abstract

In the realm of cybersecurity, Distributed Denial of Service (DDoS) attacks remain a continuous threat, particularly TCP SYN flood attacks due to their stealthiness and potential for disruption. In this paper, we propose a combination of Multi-Agent Reinforcement Learning (MARL) with logistic regression for enhancing TCP SYN attack detection, leveraging Actor-Critic as the reinforcement learning algorithm. A novel approach is introduced for hyperparameter optimization using MARL, offering an alternative to traditional techniques such as GridSearchCV and RandomSearchCV. We present a comparative analysis between traditional logistic regression and MARL enhanced approaches, evaluating their performance using metrics such as accuracy, false negatives, and false positives. Results demonstrate that our proposed approach significantly improves detection accuracy and reduces false positives, underscoring its potential in bolstering cybersecurity defenses against sophisticated DDoS threats. © 2025 IEEE.