Abstract
DDoS (Distributed Denial of Service) attacks have become a pressing threat to the security and integrity of computer networks and information systems, which are indispensable infrastructures of modern times. The detection of DDoS attacks is a challenging issue before any mitigation measures can be taken. ML/DL (Machine Learning/Deep Learning) has been applied to the detection of DDoS attacks with satisfactory achievement. However, full-scale success is still beyond reach due to an inherent problem with ML/DL-based systems—the so-called Open Set Recognition (OSR) problem. This is a problem where an ML/DL-based system fails to deal with new instances not drawn from the distribution model of the training data. This problem is particularly profound in detecting DDoS attacks since DDoS attacks’ technology keeps evolving and has changing traffic characteristics. This study investigates the impact of the OSR problem on the detection of DDoS attacks. In response to this problem, we propose a new DDoS detection framework featuring Bi-Directional Long Short-Term Memory (BI-LSTM), a Gaussian Mixture Model (GMM), and incremental learning. Unknown traffic captured by the GMM are subject to discrimination and labeling by traffic engineers, and then fed back to the framework as additional training samples. Using the data sets CIC-IDS2017 and CIC-DDoS2019 for training, testing, and evaluation, experiment results show that the proposed BI-LSTM-GMM can achieve recall, precision, and accuracy up to 94%. Experiments reveal that the proposed framework can be a promising solution to the detection of unknown DDoS attacks.
Highlights
By flooding malicious traffic, DoS (Denial of Service) attacks deplete the network bandwidth and computing resources of a targeted system, preventing the target system from offering regular services to legitimate users
Bi-Directional Long ShortTerm Memory (BI-long short-term memory (LSTM)) is capable tion, experiment results show that the proposed BI-LSTM-Gaussian Mixture Model (GMM) can achieve recall, of capturing essential characteristics of distributed denial of service (DDoS) traffic, in particular, the time domain correprecision, and accuracy up to 94%
Unknown attacks or trafclassified by the Gaussian mixture model will be identified and labeled by experts, and the fic classified by the Gaussian mixture model will be identified and labeled by experts, and deep learning model will be updated through incremental learning
Summary
DoS (Denial of Service) attacks deplete the network bandwidth and computing resources of a targeted system, preventing the target system from offering regular services to legitimate users. To know what one doesn’t know is the problem called the Open Set Recognition programmed by traffic engineers This approach apparently failed to catch up with the (OSR) problem [7]. BI-LSTM is capable tion, experiment results show that the proposed BI-LSTM-GMM can achieve recall, of capturing essential characteristics of DDoS traffic, in particular, the time domain correprecision, and accuracy up to 94%. ML and DL have proven themselves effective solutions to the detection of DDoS attacks They are trained to recognize only instances drawn from the distribution models constructed from the training set. To know what one doesn’t know is the problem called the Open Set Recognition (OSR) problem [7] This problem has a severe impact on the detection of DDoS attacks.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
