Detecting DDoS attacks using adversarial neural network

Abstract

In a Distributed Denial of Service (DDoS) attack, a network of compromised devices is used to overwhelm a target with a flood of requests, making it unable to serve legitimate requests. The detection of these attacks is a challenging issue in cybersecurity, which has been addressed using Machine Learning (ML) and Deep Learning (DL) algorithms. Although ML/DL can improve the detection accuracy, but they can still be evaded - ironically - through the use of ML/DL techniques in the generation of the attack traffic. In particular, Generative Adversarial Networks (GAN) have proven their efficiency in mimicking legitimate data. We address the above aspects of ML/DL-based DDoS detection and anti-detection techniques. First, we propose a DDoS detection method based on the Long Short-Term Memory (LSTM) model, which is a type of Recurrent Neural Networks (RNNs) capable of learning long-term dependencies. The detection scheme yields a high accuracy level in detecting DDoS attacks. Second, we tested the same technique against different types of adversarial DDoS attacks generated using GAN. The results show the inefficiency of the LSTM-based detection scheme. Finally, we demonstrate how to enhance this scheme to detect adversarial DDoS attacks. Our experimental results show that our detection model is efficient and accurate in identifying GAN-generated adversarial DDoS traffic with a detection ratio ranging between 91.75% and 100%.