This study addresses the challenge of delayed DDoS attack prediction, which hinders proactive defense. We propose a spatio-temporal joint prediction framework based on lightweight LSTM. Methodologically, we integrate the CRISP-DM standard process to construct an end-to-end data mining pipeline and train the model on an updated, multi-source DDoS time-series dataset, enabling concurrent forecasting of attack onset time, intensity, and potential geographic hotspots. Our key contributions are: (i) the first systematic application of CRISP-DM to DDoS prediction, significantly enhancing cross-scenario interpretability and engineering deployability; and (ii) a spatio-temporal feature disentanglement design that improves prediction robustness. Experiments demonstrate superior performance over ARIMA and GRU baselines in F1-score and MAE, providing security operations centers (SOCs) with actionable lead time and decision-support for preemptive response.

This paper forecasts future Distributed Denial of Service (DDoS) attacks using deep learning models. Although several studies address forecasting DDoS attacks, they remain relatively limited compared to detection-focused research. By studying the current trends and forecasting based on newer and updated datasets, mitigation plans against the attacks can be planned and formulated. The methodology used in this research work conforms to the Cross Industry Standard Process for Data Mining (CRISP-DM) model.