FTG-Net-E: A hierarchical ensemble graph neural network for DDoS attack detection

Abstract

Distributed Denial-of-Service (DDoS) attacks are a major threat to computer networks. These attacks can be carried out by flooding a network with malicious traffic, overwhelming its resources, and/or making it unavailable to legitimate users. Existing machine learning methods for DDoS attack detection typically use statistical features of network traffic, such as packet sizes and inter-arrival times. However, these methods often fail to capture the complex relationships between different traffic flows. This paper proposes a new DDoS attack detection approach that uses Graph Neural Networks (GNN) ensemble learning. GNN ensemble learning is a type of machine learning that combines multiple GNN models to improve the detection accuracy. We evaluated our approach on the Canadian Institute for Cybersecurity Intrusion Detection Evaluation Dataset (CICIDS2018) and CICIDS2017 datasets, a benchmark dataset for DDoS attack detection. Our work provides two main contributions. First, we extend our DDoS attack detection approach using GNN ensemble learning. Second, we explore the evaluation and fine-tuning of hyperparameter metrics through ensemble learning, significantly enhancing accuracy compared to a single GNN model and achieving an average 3.2% higher F1-score. Additionally, our approach effectively reduces overfitting by incorporating regularization techniques, such as dropout and early stopping. Specifically, we use a hierarchical ensemble of GNN, where each GNN learns the relationships between traffic flows at a different granularity level. We then use bagging and boosting to combine the predictions of the individual GNN, further improving detection accuracy. Results show that our system can achieve 99.67% accuracy, with a F1-score of 99.29%, which is better than state-of-the-art methods, even using single traffic architecture.