13 September، 2025

PhD thesis of the student “Ammar Ahmed”

Discussion of a PhD thesis at the College of Computer Science and Mathematics – Department of Computer Science titled :- “Real-Time Big Data Analytics For Cybersecurity and Threat Intelligence”

continued the movement of scientific research, with the follow-up and presence of the respected Dean of the College of Computer Science and Mathematics, Prof. Dr. Duha Bashir Abdullah. The PhD thesis of the student “Ammar Ahmed” was discussed in the discussion hall of the College of Computer Science and Mathematics at the University of Mosul on 11/9/2025, under the supervision of Prof. Dr. Duha Bashir Abdullah .

The study aims  This thesis proposes a Spark-based real-time intrusion detection system (IDS) that integrates machine learning and deep learning models within a distributed computing architecture. To evaluate performance, a synthetic dataset of 10 million records was created to simulate worst-case traffic loads, in addition to the Mendeley DDoS SDN dataset. Several classifiers were trained and tested, including Logistic Regression, Decision Tree, Random Forest, Multilayer Perceptron, Gaussian Naive Bayes, Support Vector Classifier, a hybrid CNN-LSTM model, and the proposed model. The framework also incorporates a mitigation module that leverages software-defined networking (SDN) to automatically block detected attacks.

 

  • Introduced a novel Spark-based IDS pipeline that unifies batch and streaming analytics, enabling continuous learning and real-time low-latency detection.
  • Developed and validated scalable ML/DL models with feature selection and balancing strategies for accurate multi-class, multi-vector intrusion detection on modern datasets.
  • Integrated the IDS with automated mitigation mechanisms (SDN, firewalls), bridging detection and response to achieve active defense.

 

  • Develop a unified Spark-based IDS pipeline capable of real-time streaming, on-the-fly feature extraction, and continuous model retraining, ensuring scalability and low latency.
  • Design scalable multi-attack detection models (DL, ensembles, hybrids) that classify diverse attack vectors with high accuracy and generalization on modern, imbalanced datasets.
  • Benchmark a wide range of classifiers (LR, DT, RF, MLP, SVC, GNB, CNN-LSTM, and Proposed Model) using both the Mendeley DDoS SDN dataset and a synthetic high-volume dataset in Spark.
  • Integrate IDS with mitigation and monitoring systems, linking detection to SDN/firewalls for automated defense, while embedding telemetry tools to track throughput, latency, and resource usage.

Embed explainability and fairness into IDS, providing human-readable insights into detection decisions and ensuring unbiased performance across heterogeneous traffic and attack categories

 

 

 

 

Share

Share