By Dave DeFusco
When people log into their bank accounts, they expect everything to work instantly and safely. Behind the scenes, however, banks face constant digital threats that can disrupt services or put customer information at risk. For Kofoworola Idowu, a student in the Katz Schools M.S. in Cybersecurity, helping protect that invisible digital world has become both a passion and a purpose.
Idowu is part of a student cybersecurity team working on a project called Real-Time DDoS and Phishing Attack Detection for Banking Security, which focuses on two of the most common and damaging cyberattacks that banks face every day: phishing attacks and distributed denial-of-service, or DDoS, attacks. This work gained national attention when Idowu attended the 2025 NSF Cyber Security Summit in Boulder, Colo., where she presented the teams project as a research poster. For her, the experience was deeply meaningful.
It was more than a gathering, she said. It was a space where ideas, innovation and community came together to tackle one of the most important challenges of our timekeeping our digital world safe.
At the summit, she joined discussions on artificial intelligence, digital identity, security rules and regulations and research infrastructure. Presenting her poster gave her the chance to talk directly with professionals, researchers and fellow students who shared her interest in cybersecurity.
Seeing people engage with our work reminded me why Im passionate about this field, said Idowu. Cybersecurity isnt just about technology. Its about people and trust.
She was quick to credit her teammatesAlexandra Leslie, Sudiksha Twayana and Yuval Nitzanfor making the project possible, as well as the National Science Foundation, UCAR Center for Science Education and Trusted CI for creating a supportive and inspiring environment.
Phishing attacks happen when criminals pretend to be a trusted organization, such as a bank, to trick people into sharing sensitive information like passwords or credit card numbers. DDoS attacks work differently. Instead of tricking users, attackers flood a banks servers with massive amounts of fake traffic, overwhelming systems and making it impossible for real customers to access their accounts. Both types of attacks can lead to financial loss, damaged trust and major service disruptions.
Our goal was to make sure banking services stay available and secure, said Idowu. Thats exactly what a banks chief information security officer, or CISO, cares about mostkeeping money flowing safely without interruptions.
One key insight shaped the teams work early on. Many banks rely on separate tools to detect different types of cyber threats. One system might watch for DDoS attacks, while another looks for phishing emails or fake websites. This fragmented approach can slow down response times and create false alarms that disrupt legitimate activity.
We realized most existing defenses operate in silos, said Idowu. For a banking environment, that fragmentation increases risk, so we designed a unified system that could detect multiple threats at once.
The team built what they call a multihead detection system powered by machine learning, a form of artificial intelligence that learns patterns from data. One head of the system focuses on DDoS attacks by analyzing network traffic logs. It looks for warning signs, such as unusually high traffic rates or strange data patterns that suggest an attack is underway. The other head focuses on phishing, examining website links and web page features to decide whether a link is legitimate or dangerous.
To do this, the team used well-known machine learning models, including Random Forest and XGBoost for DDoS detection, and a combination of Random Forest and Logistic Regression for phishing detection. These models were chosen because they perform well even when real attacks are rare compared to normal activity, a common challenge in cybersecurity data.
Just as important as the models themselves were the features the system analyzed. For DDoS attacks, the system watched how fast data packets were arriving, how large they were and whether traffic patterns looked unbalanced. For phishing, it examined details like suspicious words in website addresses, unusually long links, whether a site used secure HTTPS connections and how recently a domain had been created.
The results were promising. The system correctly identified attacks about 90 percent of the time while keeping false alarms low, which is an important balance for banks, where blocking legitimate traffic can be as harmful as missing an attack. The system was also fast enough to be useful in real-world situations, producing results in just a few seconds.
While the team's system is still a prototype, Idowu sees a clear path forward. Future improvements could include real-time data streaming, integration with bank monitoring systems, automated alerts and expansion to detect other threats like malware or insider attacks. For now, the project stands as proof that students can make meaningful contributions to real-world cybersecurity challenges. For Idowu, it is just the beginning.
Heres to building a safer, smarter and more secure digital future together, she said.
