International Journal of

ADVANCED AND APPLIED SCIENCES

EISSN: 2313-3724, Print ISSN: 2313-626X

Frequency: 12
line decor
  
line decor

 Volume 9, Issue 2 (February 2022), Pages: 109-118

----------------------------------------------

 Original Research Paper

 Title: Deep learning model for distributed denial of service (DDoS) detection

 Author(s): Chaminda Tennakoon 1, *, Subha Fernando 2

 Affiliation(s):

 1Department of Computing, Informatics Institute of Technology, Colombo, Sri Lanka
 2Department of Computational Mathematics, University of Moratuwa, Moratuwa, Sri Lanka

  Full Text - PDF          XML

 * Corresponding Author. 

  Corresponding author's ORCID profile: https://orcid.org/0000-0001-9804-8560

 Digital Object Identifier: 

 https://doi.org/10.21833/ijaas.2022.02.012

 Abstract:

Distributed denial of service (DDoS) attacks is one of the serious threats in the domain of cybersecurity where it affects the availability of online services by disrupting access to its legitimate users. The consequences of such attacks could be millions of dollars in worth since all of the online services are relying on high availability. The magnitude of DDoS attacks is ever increasing as attackers are smart enough to innovate their attacking strategies to expose vulnerabilities in the intrusion detection models or mitigation mechanisms. The history of DDoS attacks reflects that network and transport layers of the OSI model were the initial target of the attackers, but the recent history from the cybersecurity domain proves that the attacking momentum has shifted toward the application layer of the OSI model which presents a high degree of difficulty distinguishing the attack and benign traffics that make the combat against application-layer DDoS attack a sophisticated task. Striding for high accuracy with high DDoS classification recall is key for any DDoS detection mechanism to keep the reliability and trustworthiness of such a system. In this paper, a deep learning approach for application-layer DDoS detection is proposed by using an autoencoder to perform the feature selection and Deep neural networks to perform the attack classification. A popular benchmark dataset CIC DoS 2017 is selected by extracting the most appealing features from the packet flows. The proposed model has achieved an accuracy of 99.83% with a detection rate of 99.84% while maintaining the false-negative rate of 0.17%, which has the heights accuracy rate among the literature reviewed so far. 

 © 2022 The Authors. Published by IASE.

 This is an open access article under the CC BY-NC-ND license (http://creativecommons.org/licenses/by-nc-nd/4.0/).

 Keywords: Application-layer, DDoS detection autoencoder, Deep learning models, Cybersecurity

 Article History: Received 27 August 2021, Received in revised form 8 December 2021, Accepted 15 December 2021

 Acknowledgment 

No Acknowledgment.

 Compliance with ethical standards

 Conflict of interest: The author(s) declared no potential conflicts of interest with respect to the research, authorship, and/or publication of this article.

 Citation:

 Tennakoon C and Fernando S (2022). Deep learning model for distributed denial of service (DDoS) detection. International Journal of Advanced and Applied Sciences, 9(2): 109-118

 Permanent Link to this page

 Figures

 Fig. 1 Fig. 2 Fig. 3 Fig. 4 Fig. 5 Fig. 6 Fig. 7 

 Tables

 Table 1 Table 2 Table 3 Table 4 Table 5 Table 6  

----------------------------------------------    

 References (35)

  1. Alkasassbeh M, Al-Naymat G, Hassanat A, and Almseidin M (2016). Detecting distributed denial of service attacks using data mining techniques. International Journal of Advanced Computer Science and Applications, 7(1): 436-445. https://doi.org/10.14569/IJACSA.2016.070159   [Google Scholar]
  2. Asad M, Asim M, Javed T, Beg MO, Mujtaba H, and Abbas S (2020). Deepdetect: Detection of distributed denial of service attacks using deep learning. The Computer Journal, 63(7): 983-994. https://doi.org/10.1093/comjnl/bxz064   [Google Scholar]
  3. Bediako PK (2017). Long short-term memory recurrent neural network for detecting DDoS flooding attacks within TensorFlow Implementation framework. Available online at: https://www.diva-portal.org/smash/record.jsf?pid=diva2%3A1160966&dswid=8339
  4. Behal S and Kumar K (2016). Trends in validation of DDoS research. Procedia Computer Science, 85: 7-15. https://doi.org/10.1016/j.procs.2016.05.170   [Google Scholar]
  5. Chio C and Freeman D (2018). Machine learning and security. O’Reilly Media, Inc., Sebastopol, USA.   [Google Scholar]
  6. Cisco (2018). Cisco annual internet report. Available online at: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
  7. Cisco (2018). Cisco annual internet report. Available online at: https://www.cisco.com/c/en/us/solutions/collateral/executive-perspectives/annual-internet-report/white-paper-c11-741490.html
  8. Dertat A (2017). Applied deep learning-part 3: Autoencoders. Available online at: https://towardsdatascience.com/applied-deep-learning-part-3-autoencoders-1c083af4d798
  9. Douligeris C and Mitrokotsa A (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44(5): 643-666. https://doi.org/10.1016/j.comnet.2003.10.003   [Google Scholar]
  10. Filho LFSD, Silveira FA, de Medeiros BJA, Vargas-Solar G, and Silveira LF (2019). Smart detection: An online approach for DoS/DDoS attack detection using machine learning. Security and Communication Networks, 2019: 1574749. https://doi.org/10.1155/2019/1574749   [Google Scholar]
  11. Gupta A (2018). Distributed denial of service attack detection using a machine learning approach. Available online at: https://prism.ucalgary.ca/handle/1880/107615
  12. Imamverdiyev Y and Abdullayeva F (2018). Deep learning method for denial of service attack detection based on restricted Boltzmann machine. Big Data, 6(2): 159-169. https://doi.org/10.1089/big.2018.0023   [Google Scholar] PMid:29924649
  13. Ippolito PP (2019). Feature extraction techniques. Available online at: https://towardsdatascience.com/feature-extraction-techniques-d619b56e31be
  14. Jazi HH, Gonzalez H, Stakhanova N, and Ghorbani AA (2017). Detecting HTTP-based application layer DoS attacks on web servers in the presence of sampling. Computer Networks, 121: 25-36. https://doi.org/10.1016/j.comnet.2017.03.018   [Google Scholar]
  15. Jordan J (2018). Introduction to autoencoders. Available online at: https://www.jeremyjordan.me/autoencoders/
  16. Kale M and Choudhari DM (2014). DDOS attack detection based on an ensemble of neural classifier. International Journal of Computer Science and Network Security, 14(7): 122-129.   [Google Scholar]
  17. Kim M (2019). Supervised learning‐based DDoS attacks detection: Tuning hyperparameters. Electronics and Telecommunications Research Institute (ETRI) Journal, 41(5): 560-573. https://doi.org/10.4218/etrij.2019-0156   [Google Scholar]
  18. Liao Q, Li H, Kang S, and Liu C (2015). Application layer DDoS attack detection using cluster with label based on sparse vector decomposition and rhythm matching. Security and Communication Networks, 8(17): 3111-3120. https://doi.org/10.1002/sec.1236   [Google Scholar]
  19. MazeBolt (2020). MazeBolt knowledge base. Available online at: https://kb.mazebolt.com/
  20. Mhamdi L, McLernon D, El-moussa F, Zaidi SAR, Ghogho M, and Tang T (2020). A deep learning approach combining autoencoder with one-class SVM for DDoS attack detection in SDNs. In the IEEE Eighth International Conference on Communications and Networking (ComNet), IEEE, Hammamet, Tunisia: 1-6. https://doi.org/10.1109/ComNet47917.2020.9306073   [Google Scholar]
  21. Nash C (2019). Create data from random noise with generative adversarial networks. Available online at: https://www.toptal.com/machinelearning/generative-adversarial-networks
  22. Ni T, Gu X, Wang H, and Li Y (2013). Real-time detection of application-layer DDoS attack using time series analysis. Journal of Control Science and Engineering. https://doi.org/10.1155/2013/821315   [Google Scholar]
  23. Noh S, Lee C, Choi K, and Jung G (2003). Detecting distributed denial of service (ddos) attacks through inductive learning. In the International Conference on Intelligent Data Engineering and Automated Learning, Springer, Hong Kong, China: 286-295. https://doi.org/10.1007/978-3-540-45080-1_38   [Google Scholar]
  24. Norton (2020). What is a DDoS attack? Available online at: https://us.norton.com/internetsecurity-emerging-threats- what-is-a-ddos-attack-30sectech-by-norton.html
  25. Paliwal S and Gupta R (2012). Denial-of-service, probing and remote to user (R2L) attack detection using genetic algorithm. International Journal of Computer Applications, 60(19): 57-62.   [Google Scholar]
  26. Petters J (2019). What is a distributed denial of service (DDoS) attack? Available online at: https://www.varonis.com/blog/what-is-a-ddos-attack/  
  27. Phan TV, Gias TR, Islam ST, Huong TT, Thanh, NH, and Bauschert T (2019). Q-MIND: Defeating stealthy DoS attacks in SDN with a machine-learning based defense framework. In the IEEE Global Communications Conference, IEEE, Waikoloa, USA: 1-6. https://doi.org/10.1109/GLOBECOM38437.2019.9013585   [Google Scholar]
  28. Revathi S and Malathi A (2014). Detecting denial of service attack using principal component analysis with random forest classifier. International Journal of Computational Science and Engineering and Technology, 5: 248-252.   [Google Scholar]
  29. Rupak RB (2020). LSTM-AutoEncoders. Available online at: https://medium.datadriveninvestor.com/lstm-autoencoders-f4fdd00cb32c
  30. Sharafaldin I, Lashkari AH, Hakak S, and Ghorbani AA (2019). Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy. In the International Carnahan Conference on Security Technology, IEEE, Chennai, India: 1-8. https://doi.org/10.1109/CCST.2019.8888419   [Google Scholar]
  31. Singh KJ and De T (2020). Efficient classification of DDoS attacks using an ensemble feature selection algorithm. Journal of Intelligent Systems, 29(1): 71-83. https://doi.org/10.1515/jisys-2017-0472   [Google Scholar]
  32. Wankhede S and Kshirsagar D (2018). DoS attack detection using machine learning and neural network. In the Fourth International Conference on Computing Communication Control and Automation (ICCUBEA), IEEE, Pune, India: 1-5. https://doi.org/10.1109/ICCUBEA.2018.8697702   [Google Scholar]
  33. Xie Y and Yu SZ (2006). A novel model for detecting application layer DDoS attacks. In the First international multi-symposiums on computer and computational sciences, IEEE, Hangzhou, China, 2: 56-63. https://doi.org/10.1109/IMSCCS.2006.159   [Google Scholar]
  34. Yadav S and Subramanian S (2016). Detection of application layer DDoS attack by feature learning using Stacked AutoEncoder. In the international conference on computational techniques in information and communication technologies, IEEE, New Delhi, India: 361-366. https://doi.org/10.1109/ICCTICT.2016.7514608   [Google Scholar]
  35. Ye C, Zheng K, and She C (2012). Application layer DDoS detection using clustering analysis. In the 2nd International Conference on Computer Science and Network Technology, IEEE, Changchun, China: 1038-1041. https://doi.org/10.1109/ICCSNT.2012.6526103   [Google Scholar] PMid:22897662 PMCid:PMC3547140