Volume 9, Issue 2 (February 2022), Pages: 109-118
----------------------------------------------
Original Research Paper
Title: Deep learning model for distributed denial of service (DDoS) detection
Author(s): Chaminda Tennakoon 1, *, Subha Fernando 2
Affiliation(s):
1Department of Computing, Informatics Institute of Technology, Colombo, Sri Lanka
2Department of Computational Mathematics, University of Moratuwa, Moratuwa, Sri Lanka
Full Text - PDF XML
* Corresponding Author.
Corresponding author's ORCID profile: https://orcid.org/0000-0001-9804-8560
Digital Object Identifier:
https://doi.org/10.21833/ijaas.2022.02.012
Abstract:
Distributed denial of service (DDoS) attacks is one of the serious threats in the domain of cybersecurity where it affects the availability of online services by disrupting access to its legitimate users. The consequences of such attacks could be millions of dollars in worth since all of the online services are relying on high availability. The magnitude of DDoS attacks is ever increasing as attackers are smart enough to innovate their attacking strategies to expose vulnerabilities in the intrusion detection models or mitigation mechanisms. The history of DDoS attacks reflects that network and transport layers of the OSI model were the initial target of the attackers, but the recent history from the cybersecurity domain proves that the attacking momentum has shifted toward the application layer of the OSI model which presents a high degree of difficulty distinguishing the attack and benign traffics that make the combat against application-layer DDoS attack a sophisticated task. Striding for high accuracy with high DDoS classification recall is key for any DDoS detection mechanism to keep the reliability and trustworthiness of such a system. In this paper, a deep learning approach for application-layer DDoS detection is proposed by using an autoencoder to perform the feature selection and Deep neural networks to perform the attack classification. A popular benchmark dataset CIC DoS 2017 is selected by extracting the most appealing features from the packet flows. The proposed model has achieved an accuracy of 99.83% with a detection rate of 99.84% while maintaining the false-negative rate of 0.17%, which has the heights accuracy rate among the literature reviewed so far.
© 2022 The Authors. Published by IASE.
This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).
Keywords: Application-layer, DDoS detection autoencoder, Deep learning models, Cybersecurity
Article History: Received 27 August 2021, Received in revised form 8 December 2021, Accepted 15 December 2021
Acknowledgment
No Acknowledgment.
Compliance with ethical standards
Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.
Citation:
Tennakoon C and Fernando S (2022). Deep learning model for distributed denial of service (DDoS) detection. International Journal of Advanced and Applied Sciences, 9(2): 109-118
Permanent Link to this page
Figures
Fig. 1 Fig. 2 Fig. 3 Fig. 4 Fig. 5 Fig. 6 Fig. 7
Tables
Table 1 Table 2 Table 3 Table 4 Table 5 Table 6
----------------------------------------------
References (35)
- Alkasassbeh M, Al-Naymat G, Hassanat A, and Almseidin M (2016). Detecting distributed denial of service attacks using data mining techniques. International Journal of Advanced Computer Science and Applications, 7(1): 436-445. https://doi.org/10.14569/IJACSA.2016.070159 [Google Scholar]
- Asad M, Asim M, Javed T, Beg MO, Mujtaba H, and Abbas S (2020). Deepdetect: Detection of distributed denial of service attacks using deep learning. The Computer Journal, 63(7): 983-994. https://doi.org/10.1093/comjnl/bxz064 [Google Scholar]
- Bediako PK (2017). Long short-term memory recurrent neural network for detecting DDoS flooding attacks within TensorFlow Implementation framework. Available online at: https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1160966&dswid=8339
- Behal S and Kumar K (2016). Trends in validation of DDoS research. Procedia Computer Science, 85: 7-15. https://doi.org/10.1016/j.procs.2016.05.170 [Google Scholar]
- Chio C and Freeman D (2018). Machine learning and security. O’Reilly Media, Inc., Sebastopol, USA. [Google Scholar]
- Cisco (2018). Cisco annual internet report. Available online at: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
- Cisco (2018). Cisco annual internet report. Available online at: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
- Dertat A (2017). Applied deep learning-part 3: Autoencoders. Available online at: https://towardsdatascience.com/applied-deep-learning-part-3-autoencoders-1c083af4d798
- Douligeris C and Mitrokotsa A (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44(5): 643-666. https://doi.org/10.1016/j.comnet.2003.10.003 [Google Scholar]
- Filho LFSD, Silveira FA, de Medeiros BJA, Vargas-Solar G, and Silveira LF (2019). Smart detection: An online approach for DoS/DDoS attack detection using machine learning. Security and Communication Networks, 2019: 1574749. https://doi.org/10.1155/2019/1574749 [Google Scholar]
- Gupta A (2018). Distributed denial of service attack detection using a machine learning approach. Available online at: https://prism.ucalgary.ca/handle/1880/107615
- Imamverdiyev Y and Abdullayeva F (2018). Deep learning method for denial of service attack detection based on restricted Boltzmann machine. Big Data, 6(2): 159-169. https://doi.org/10.1089/big.2018.0023 [Google Scholar] PMid:29924649
- Ippolito PP (2019). Feature extraction techniques. Available online at: https://towardsdatascience.com/feature-extraction-techniques-d619b56e31be
- Jazi HH, Gonzalez H, Stakhanova N, and Ghorbani AA (2017). Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121: 25-36. https://doi.org/10.1016/j.comnet.2017.03.018 [Google Scholar]
- Jordan J (2018). Introduction to autoencoders. Available online at: https://www.jeremyjordan.me/autoencoders/
- Kale M and Choudhari DM (2014). DDOS attack detection based on an ensemble of neural classifier. International Journal of Computer Science and Network Security, 14(7): 122-129. [Google Scholar]
- Kim M (2019). Supervised learning‐based DDoS attacks detection: Tuning hyperparameters. Electronics and Telecommunications Research Institute (ETRI) Journal, 41(5): 560-573. https://doi.org/10.4218/etrij.2019-0156 [Google Scholar]
- Liao Q, Li H, Kang S, and Liu C (2015). Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching. Security and Communication Networks, 8(17): 3111-3120. https://doi.org/10.1002/sec.1236 [Google Scholar]
- MazeBolt (2020). MazeBolt knowledge base. Available online at: https://kb.mazebolt.com/
- Mhamdi L, McLernon D, El-moussa F, Zaidi SAR, Ghogho M, and Tang T (2020). A deep learning approach combining autoencoder with one-class SVM for DDoS attack detection in SDNs. In the IEEE Eighth International Conference on Communications and Networking (ComNet), IEEE, Hammamet, Tunisia: 1-6. https://doi.org/10.1109/ComNet47917.2020.9306073 [Google Scholar]
- Nash C (2019). Create data from random noise with generative adversarial networks. Available online at: https://www.toptal.com/machinelearning/generative-adversarial-networks
- Ni T, Gu X, Wang H, and Li Y (2013). Real-time detection of application-layer DDoS attack using time series analysis. Journal of Control Science and Engineering. https://doi.org/10.1155/2013/821315 [Google Scholar]
- Noh S, Lee C, Choi K, and Jung G (2003). Detecting distributed denial of service (ddos) attacks through inductive learning. In the International Conference on Intelligent Data Engineering and Automated Learning, Springer, Hong Kong, China: 286-295. https://doi.org/10.1007/978-3-540-45080-1_38 [Google Scholar]
- Norton (2020). What is a DDoS attack? Available online at: https://us.norton.com/internetsecurity-emerging-threats- what-is-a-ddos-attack-30sectech-by-norton.html
- Paliwal S and Gupta R (2012). Denial-of-service, probing and remote to user (R2L) attack detection using genetic algorithm. International Journal of Computer Applications, 60(19): 57-62. [Google Scholar]
- Petters J (2019). What is a distributed denial of service (DDoS) attack? Available online at: https://www.varonis.com/blog/what-is-a-ddos-attack/
- Phan TV, Gias TR, Islam ST, Huong TT, Thanh, NH, and Bauschert T (2019). Q-MIND: Defeating stealthy DoS attacks in SDN with a machine-learning based defense framework. In the IEEE Global Communications Conference, IEEE, Waikoloa, USA: 1-6. https://doi.org/10.1109/GLOBECOM38437.2019.9013585 [Google Scholar]
- Revathi S and Malathi A (2014). Detecting denial of service attack using principal component analysis with random forest classifier. International Journal of Computational Science and Engineering and Technology, 5: 248-252. [Google Scholar]
- Rupak RB (2020). LSTM-AutoEncoders. Available online at: https://medium.datadriveninvestor.com/lstm-autoencoders-f4fdd00cb32c
- Sharafaldin I, Lashkari AH, Hakak S, and Ghorbani AA (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In the International Carnahan Conference on Security Technology, IEEE, Chennai, India: 1-8. https://doi.org/10.1109/CCST.2019.8888419 [Google Scholar]
- Singh KJ and De T (2020). Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems, 29(1): 71-83. https://doi.org/10.1515/jisys-2017-0472 [Google Scholar]
- Wankhede S and Kshirsagar D (2018). DoS attack detection using machine learning and neural network. In the Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), IEEE, Pune, India: 1-5. https://doi.org/10.1109/ICCUBEA.2018.8697702 [Google Scholar]
- Xie Y and Yu SZ (2006). A novel model for detecting application layer DDoS attacks. In the First international multi-symposiums on computer and computational sciences, IEEE, Hangzhou, China, 2: 56-63. https://doi.org/10.1109/IMSCCS.2006.159 [Google Scholar]
- Yadav S and Subramanian S (2016). Detection of application layer DDoS attack by feature learning using Stacked AutoEncoder. In the international conference on computational techniques in information and communication technologies, IEEE, New Delhi, India: 361-366. https://doi.org/10.1109/ICCTICT.2016.7514608 [Google Scholar]
- Ye C, Zheng K, and She C (2012). Application layer DDoS detection using clustering analysis. In the 2nd International Conference on Computer Science and Network Technology, IEEE, Changchun, China: 1038-1041. https://doi.org/10.1109/ICCSNT.2012.6526103 [Google Scholar] PMid:22897662 PMCid:PMC3547140
|