Addressing the dual challenges of label scarcity and severe class imbalance in DDoS detection, this paper systematically evaluates the robustness of 13 state-of-the-art semi-supervised learning (SSL) algorithms on real-world intrusion detection datasets. Methodologically, we conduct a unified comparative study—under extremely low labeling rates (≤1%) and high imbalance ratios (≥100:1)—of representative SSL paradigms, including self-training, consistency regularization, and pseudo-labeling. Our key contribution is the first empirical revelation that SSL mechanisms exhibit markedly different sensitivities to class imbalance: an improved pseudo-labeling approach leveraging margin-based optimization and adaptive thresholding significantly outperforms baselines, yielding an average 12.6% gain in F1-score and a 23.4% improvement in minority-class recall. These results provide reproducible methodological insights and practical guidelines for developing intelligent intrusion detection systems with minimal labeling dependency and strong generalization capability.

One of the most difficult challenges in cybersecurity is eliminating Distributed Denial of Service (DDoS) attacks. Automating this task using artificial intelligence is a complex process due to the inherent class imbalance and lack of sufficient labeled samples of real-world datasets. This research investigates the use of Semi-Supervised Learning (SSL) techniques to improve DDoS attack detection when data is imbalanced and partially labeled. In this process, 13 state-of-the-art SSL algorithms are evaluated for detecting DDoS attacks in several scenarios. We evaluate their practical efficacy and shortcomings, including the extent to which they work in extreme environments. The results will offer insight into designing intelligent Intrusion Detection Systems (IDSs) that are robust against class imbalance and handle partially labeled data.