A hybrid deep learning model for detecting DDoS flooding attacks in SIP-based systems

Abstract

The Session Initiation Protocol (SIP) is widely used for multimedia communication as a signaling protocol to manage, establish, maintain, and terminate multimedia sessions among participants. However, SIP is vulnerable to attacks due to its text-based nature and the lack of adequate security measures. One of the most damaging attacks is the Distributed Denial of Service (DDoS) attack, which consumes resources and blocks legitimate users from accessing the available services. Although various machine learning-based schemes have been proposed to detect DDoS flooding attacks in SIP-based systems, most of them only address INVITE flooding attacks. REGISTER and ACK flooding attacks were not addressed. On the other hand, schemes based on statistical analysis are not sufficiently accurate. In this article, we propose a novel approach classifying DDoS flooding attacks in SIP-based systems using a combination of deep learning and entropy techniques. The proposed approach consists of two components: a hybrid deep learning model and an entropy-based model. The hybrid deep learning model combines convolutional neural networks and a stacked bidirectional long short-term memory network to extract features and classify traffic patterns. The entropy-based model measures the randomness and diversity of traffic flows using Shannon and Rényi entropies. To validate the proposed scheme, we built a balanced dataset of different types and intensities of DDoS flooding attacks. The results showed that the proposed scheme can effectively detect DDoS flooding attacks with high accuracy and low detection time for various attack intensities. Moreover, it surpasses other related schemes in terms of accuracy and detection time.