Survey on distributed denial of service attack detection using deep learning: A review

Document Type : Review articles

Authors

Department of Computer Science, College of Science, University of Baghdad, Iraq

Abstract

Distributed Denial of Service (DDoS) attacks on Web-based services have grown in both number and sophistication with the rise of advanced wireless technology and modern computing paradigms. Detecting these attacks in the sea of communication packets is very important. There were a lot of DDoS attacks that were directed at the network and transport layers at first. During the past few years, attackers have changed their strategies to try to get into the application layer. The application layer attacks could be more harmful and stealthier because the attack traffic and the normal traffic flows cannot be told apart. Distributed attacks are hard to fight because they can affect real computing resources as well as network bandwidth. DDoS attacks can also be made with smart devices that connect to the Internet, which can be infected and used as botnets. They use Deep Learning (D.L.) techniques like Convolutional Neural Network (C.N.N.) and variants of Recurrent Neural Networks (R.N.N.), such as Long Short-Term Memory (L.S.T.M.), Bidirectional L.S.T.M., Stacked L.S.T.M., and the Gat G.R.U.. These techniques have been used to detect (DDoS) attacks. The Portmap.csv file from the most recent DDoS dataset, CICDDoS2019, has been used to test D.L. approaches. Before giving the data to the D.L. approaches, the data is cleaned up. The pre-processed dataset is used to train and test the D.L. approaches. In the paper, we show how the D.L. approach works with multiple models and how they compare to each other.

Keywords

[1] T. Abhiroop, S. Babu and B. Manoj, A machine learning approach for detecting DoS attacks in SDN switches, Proc. Twenty Fourth Nat. Conf. Commun., 2018, pp. 1–6.
[2] B. Acohido and J. Swartz, ABC News Live Journal New York, https://abcnews.go.com//story?id=8271907&page=1, (2009).
[3] E. Alese, The curious case of the vanishing & exploding gradient, https://medium.com/learn-love-ai/the-curiouscase-of-the-vanishing-explodinggradient-bf58ec6822eb, 2018.
[4] M.Z. Alom, The history began from Alexie: A comprehensive survey on deep learning approaches, arXiv preprint arXiv:1803.01164, (2018).
[5] J. Brownlee, Stacked long short-term memory networks, https://machinelearningmastery.com/stacked-long-shortterm-memory-networks, 10 (2017), p. 2019.
[6] C.H.T. Chan, Detection DDoS attacks based on neural-network using apache spark, Int. Conf. Appl. Syst. Innov., IEEE, 2016, pp. 1–4.
[7] S.K. Dasari and V. Prasad, A novel and proposed comprehensive methodology using deep convolutional neural networks for flue cured tobacco leaves classification, Int. J. Inf. Technol. 11 (2019), no. 1, 107–117.
[8] H. D’Cruze, P. Wang, R.O. Sbeit and A. Ray, A software-defined networking (SDN) approach to mitigating DDoS attacks, Inf. Technol. New Gener. 2018, pp. 141–145.
[9] S. Devaraju and S. Ramakrishnan, Performance analysis of intrusion detection system using various neural network classifiers, Int. Conf. Recent Trends Inf. Technol., IEEE, 2011, pp. 1033–1038.
[10] C. Douligeris and A. Mitrokotsa, DDoS attacks and defense mechanisms: Classification and state-of-the-art, Comput. Netw. 44 (2004), no. 5, 643–666.
[11] i2tutorials, Deep dive into bidirectional LSTM, https://www.i2tutorials.com/deep-dive-into-bidirectional-lstm/, (2019).
[12] G. Jain, M. Sharma and B. Agarwal, Optimizing semantic LSTM for spam detection, Int. J. Inf. Technol. 11 (2019), no. 2, 239–250.
[13] S. Jamali and V. Shaker, Defense against SYN flooding attacks: A particle swarm optimization approach, Comput. Elect. Eng. 40 (2014), no. 6, 2013–2025.
[14] B. Karan, D. Narayan and P. Hiremath, Detection of DDoS attacks in software defined networks, Proc. 3rd Int. Conf. Comput. Syst. Inf. Technol. Sustain. Sol. 2018, pp. 265–270.
[15] A. Karim, R.B. Salleh, M. Shiraz, S.A.A. Shah, I. Awan and N.B. Anuar, Botnet detection techniques: Review, future trends, and issues, J. Zhejiang Univ. Sci. 15 (2014), no. 11, 943–983.
[16] I. Kotenko and A. Ulanov, Agent-based simulation of DDOS attacks and defense mechanisms, Int. J. Comput. 4 (2005), no. 2, 113–123.
[17] F. Lau, S.H. Rubin, M.H. Smith and L. Trajkovic, Distributed denial of service attacks, Smc 2000 Conf. Proc. IEEE Int. Conf. Syst. Man Cyber. 3 (2000), pp. 2275–2280.
[18] D.E. Levine and G.C. Kessler, Computer security handbook, Chapter 11-Denial of Service Attacks, Computer Security Handbook, S. Bosworth and M.E. Kabay (eds), John Wiley & Sons, 2002.
[19] S. Lim, J. Ha, H. Kim, Y. Kim and S. Yong, A SDN-oriented DDoS blocking scheme for botnet-based attacks, Proc. 6th Int. Conf. Ubiquitous Future Netw. (ICUFN), 2014, pp. 63–68.
[20] F.S.D. Lima Filho, F.A. Silveira, A. de Medeiros Brito Junior, G. Vargas-Solar and L.F. Silveira, Smart detection: An online approach for DoS/DDoS attack detection using machine learning, Secur. Commun. Networks 2019 (2019).
[21] S.S. Mohammed, R. Hussain, O. Senko, B. Bimaganbetov, J. Lee, F. Hussain, C.A. Kerrache, E. Barka and M.Z.A. Bhuiyan, A new machine learning-based collaborative DDoS mitigation mechanism in software-defined network, 2018 14th Int. Conf. Wireless Mobile Comput. Network. Commun., 2018, pp. 1–8.
[22] M. Nguyen, Illustrated guide to LSTMs and GRUs: A step-by-step explanation, Towards Data Science, 2018.
[23] T. Omrani, A. Dallali, B.C. Rhaimi and J. Fattahi, Fusion of ANN and SVM classifiers for network attack detection, 2017 18th Int. Conf. Sci. Tech. Automatic Control Comput. Engin. IEEE, 2017, pp. 374–377.
[24] Pranj52, Essentials of deep learning: Introduction to long short term memory, https://www.analyticsvidhya.com/blog/2017/12/fundamentals-of-deep-learning-introduction-to-lstm/, 2017.
[25] K.M. Prasad, A.R. Reddy and K.V. Rao, DoS and DDoS attacks: Defense, detection and traceback mechanisms–A survey, Global J. Comput. Sci. Technol. 14 (2014), no. 7, 1–19.
[26] K. Pykes, The vanishing/exploding gradient problem in deep neural networks, https://towardsdatascience. com/the-vanishing-exploding-gradient-problem-in-deep-neural-networks-191358470c11, (2020).
[27] O. Rahman, M.A.G. Quraishi and C.-H. Lung, DDoS attacks detection and mitigation in SDN using machine learning, Proc. IEEE World Cong. Serv. 2642 (2019), 184–189.
[28] S.A. Riga, Two breaches, two enforcement actions, and a Ddos attack: data security and the rise of the internet of things, J. Internet Law 20 (2017), no. 9, 3–7.
[29] T. Roempluk and O. Surinta, A machine learning approach for detecting distributed denial of service attacks, 2019 Joint Int. Conf. Digital Arts, Media Technol. ECTI Northern Section Conference on Electrical, Electronics, Computer and Telecommunications Engineering (ECTI DAMT-NCON), IEEE, 2019, pp. 146–149.
[30] S. Selvin, R. Vinayakumar, E.A. Gopalakrishnan, V.K. Menon and K.P. Soman, Stock price prediction using LSTM, RNN and CNN- sliding window model, Proc. Int. Conf. Adv. Comput. Commun. Inf. 2017, pp. 1643–1647.
[31] I. Sharafaldin, A.H. Lashkari, S. Hakak and A.A. Ghorbani, Developing realistic distributed denial of service (DDoS) attack dataset and taxonomy, Int. Conf. Secur. Technol. IEEE, 2019, pp. 1–8.
[32] T.A. Tang, L. Mhamdi, D. McLernon, S.A.R. Zaidi and M. Ghogho, Deep recurrent neural network for intrusion detection in SDN-based networks, Proc. 4th IEEE Conf. Network Softwarization Workshops (NetSoft), 2018, pp. 202–206.
[33] T. Wood, Convolutional neural network definition— DeepAI., https://deepai.org/machine-learning-glossary-andterms/convolutional-neural-network, (2020).
[34] S. Yadav and S. Subramanian, Detection of application layer DDoS attack by feature learning using stacked AutoEncoder, Proc. Int. Conf. Comput. Tech. Inf. Commun. Technol. 2016, pp. 361–366.
[35] S. Yan, Understanding LSTM and its diagrams, https://blog.mlreview.com/understanding-lstm-and-its-diagrams37e2f46f1714, 2016.
[36] J. Ye, X. Cheng, J. Zhu, L. Feng and L. Song, A DDoS attack detection method based on SVM in software defined network, Secur. Commun. Networks 2018 (2018).
[37] X. Yuan, C. Li and X. Li, DeepDefense: Identifying DDoS attack via deep learning, IEEE Int. Conf. Smart Comput. (SMARTCOMP), IEEE, 2017, pp. 1–8.
[38] S. Yuanyuan, W. Yongming, G. Lili, M. Zhongsong and J. Shan, The comparison of optimizing SVM by GA and grid search, 13th IEEE Int. Conf. Electron. Measur. Instrum. IEEE, 2017, pp. 354–360.
[39] C. Zhang, Z. Cai, W. Chen, X. Luo and J. Yin, Flow level detection and filtering of low-rate DDoS, Comput. Netw. 56 (2012), no. 15, 3417–3431.
Volume 13, Issue 2
July 2022
Pages 753-762
  • Receive Date: 03 February 2022
  • Revise Date: 11 April 2022
  • Accept Date: 18 April 2022