By Dave DeFusco
When people log into their bank accounts, they expect everything to work instantly and safely. Behind the scenes, however, banks face constant digital threats that can disrupt services or put customer information at risk. For Kofoworola Idowu, a student in the Katz School鈥檚 M.S. in Cybersecurity, helping protect that invisible digital world has become both a passion and a purpose.
Idowu is part of a student cybersecurity team working on a project called 鈥淩eal-Time DDoS and Phishing Attack Detection for Banking Security,鈥 which focuses on two of the most common and damaging cyberattacks that banks face every day: phishing attacks and distributed denial-of-service, or DDoS, attacks. This work gained national attention when Idowu attended the 2025 NSF Cyber Security Summit in Boulder, Colo., where she presented the team鈥檚 project as a research poster. For her, the experience was deeply meaningful.
鈥淚t was more than a gathering,鈥 she said. 鈥淚t was a space where ideas, innovation and community came together to tackle one of the most important challenges of our time鈥攌eeping our digital world safe.鈥
At the summit, she joined discussions on artificial intelligence, digital identity, security rules and regulations and research infrastructure. Presenting her poster gave her the chance to talk directly with professionals, researchers and fellow students who shared her interest in cybersecurity.
鈥淪eeing people engage with our work reminded me why I鈥檓 passionate about this field,鈥 said Idowu. 鈥淐ybersecurity isn鈥檛 just about technology. It鈥檚 about people and trust.鈥
She was quick to credit her teammates鈥擜lexandra Leslie, Sudiksha Twayana and Yuval Nitzan鈥攆or making the project possible, as well as the National Science Foundation, UCAR Center for Science Education and Trusted CI for creating a supportive and inspiring environment.
Phishing attacks happen when criminals pretend to be a trusted organization, such as a bank, to trick people into sharing sensitive information like passwords or credit card numbers. DDoS attacks work differently. Instead of tricking users, attackers flood a bank鈥檚 servers with massive amounts of fake traffic, overwhelming systems and making it impossible for real customers to access their accounts. Both types of attacks can lead to financial loss, damaged trust and major service disruptions.
鈥淥ur goal was to make sure banking services stay available and secure,鈥 said Idowu. 鈥淭hat鈥檚 exactly what a bank鈥檚 chief information security officer, or CISO, cares about most鈥攌eeping money flowing safely without interruptions.鈥
One key insight shaped the team鈥檚 work early on. Many banks rely on separate tools to detect different types of cyber threats. One system might watch for DDoS attacks, while another looks for phishing emails or fake websites. This fragmented approach can slow down response times and create false alarms that disrupt legitimate activity.
鈥淲e realized most existing defenses operate in silos,鈥 said Idowu. 鈥淔or a banking environment, that fragmentation increases risk, so we designed a unified system that could detect multiple threats at once.鈥
The team built what they call a multihead detection system powered by machine learning, a form of artificial intelligence that learns patterns from data. One 鈥渉ead鈥 of the system focuses on DDoS attacks by analyzing network traffic logs. It looks for warning signs, such as unusually high traffic rates or strange data patterns that suggest an attack is underway. The other head focuses on phishing, examining website links and web page features to decide whether a link is legitimate or dangerous.
To do this, the team used well-known machine learning models, including Random Forest and XGBoost for DDoS detection, and a combination of Random Forest and Logistic Regression for phishing detection. These models were chosen because they perform well even when real attacks are rare compared to normal activity, a common challenge in cybersecurity data.
Just as important as the models themselves were the features the system analyzed. For DDoS attacks, the system watched how fast data packets were arriving, how large they were and whether traffic patterns looked unbalanced. For phishing, it examined details like suspicious words in website addresses, unusually long links, whether a site used secure HTTPS connections and how recently a domain had been created.
The results were promising. The system correctly identified attacks about 90 percent of the time while keeping false alarms low, which is an important balance for banks, where blocking legitimate traffic can be as harmful as missing an attack. The system was also fast enough to be useful in real-world situations, producing results in just a few seconds.
While the team's system is still a prototype, Idowu sees a clear path forward. Future improvements could include real-time data streaming, integration with bank monitoring systems, automated alerts and expansion to detect other threats like malware or insider attacks. For now, the project stands as proof that students can make meaningful contributions to real-world cybersecurity challenges. For Idowu, it is just the beginning.
鈥淗ere鈥檚 to building a safer, smarter and more secure digital future together,鈥 she said.
