Abstract

Distributed Denial-of-Service (DDoS) attacks represent one of the most persistent and economically damaging threats in modern cybersecurity, with global attack volumes exceeding 800 Gbps in commercial data-center environments as of 2024. Traditional mitigation approaches — encompassing rule-based filtering, static rate-limiting, and IP blacklisting — suffer from critical limitations: they cannot adapt to evolving adversarial strategies, generate high false-positive rates against bursty legitimate traffic, and are fundamentally reactive rather than anticipatory. This paper investigates the application of Reinforcement Learning (RL) as an intelligent, self-adaptive paradigm for DDoS detection and mitigation. We survey the DDoS threat landscape and its taxonomy, critically evaluate conventional defenses, formalize the DDoS mitigation task as a Markov Decision Process (MDP), and review state-of-the-art RL architectures including Deep Q-Networks (DQN), Proximal Policy Optimization (PPO), and Multi-Agent Reinforcement Learning (MARL) deployed across Software-Defined Networking (SDN) and edge-computing environments. Benchmark evaluations on CIC-DDoS2019, SCLDDOS2024, and UNSW-NB15 demonstrate that RL-based systems achieve detection rates of 97%–99.5% with false-positive rates below 1%, while maintaining real-time mitigation latency under 5 milliseconds. Open challenges including adversarial robustness, computational overhead at line-rate, and long-term convergence stability are discussed, with promising future research directions outlined.