Time‐based DDoS attack detection through hybrid LSTM‐CNN model architectures: An investigation of many‐to‐one and many‐to‐many approaches

Concurrency and Computation: Practice and Experience Pub Date : 2024-02-14 DOI:10.1002/cpe.7996

Beenish Habib, F. Khursheed

{"title":"Time‐based DDoS attack detection through hybrid LSTM‐CNN model architectures: An investigation of many‐to‐one and many‐to‐many approaches","authors":"Beenish Habib, F. Khursheed","doi":"10.1002/cpe.7996","DOIUrl":null,"url":null,"abstract":"Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance.","PeriodicalId":10584,"journal":{"name":"Concurrency and Computation: Practice and Experience","volume":"42 8","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-02-14","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Concurrency and Computation: Practice and Experience","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1002/cpe.7996","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

Abstract

Internet data thefts, intrusions and DDoS attacks are some of the big concerns for the network security today. Detection of these anomalies, is gaining tremendous impetus with the development of machine learning and artificial intelligence. Even now researchers are shifting the base from machine learning to the deep neural architectures with auto‐feature selection capabilities. We in this paper propose multiple deep neural network architectures which can select, co‐learn and teach the gradients of the neural network by itself with no human intervention. This is what we call as meta‐learning. The models are configured in both many to one and many to many design architectures. We combine long short‐term memory (LSTM), bi‐directional long short‐term memory (BiLSTM), convolutional neural network (CNN) layers along with attention mechanism to achieve the higher accuracy values among all the available deep learning model architectures. LSTMs overcomes the vanishing and exploding gradient problem of RNN and attention mechanism mimics the human cognitive attention that screens the network flow to obtain the key features for network traffic classification. In addition, we also add multiple convolutional layers to get the key features for network traffic classification. We get the time series analysis of the traffic done for the possibility of a DDoS attack without using any feature selection techniques and without balancing the dataset. The performance analysis is done based on confusion matrix scores, that is, accuracy, false alarm rate (FAR), sensitivity, specificity, false‐positive rate (FPR), F1 score, area under curve (AUC) analysis and loss functions on well‐known public benchmark KDD Cup'99 data set. The results of our experiments reveal that our models outperform existing techniques, showing their superiority in performance.

查看原文本刊更多论文

通过 LSTM-CNN 混合模型架构进行基于时间的 DDoS 攻击检测：多对一和多对多方法的研究

互联网数据盗窃、入侵和 DDoS 攻击是当今网络安全的几大隐患。随着机器学习和人工智能的发展，对这些异常情况的检测正获得巨大的推动力。目前，研究人员正在将基础从机器学习转向具有自动特征选择功能的深度神经架构。我们在本文中提出了多种深度神经网络架构，它们可以在没有人工干预的情况下自行选择、共同学习和教授神经网络的梯度。这就是我们所说的元学习。这些模型既有多对一的设计架构，也有多对多的设计架构。我们将长短时记忆（LSTM）、双向长短时记忆（BiLSTM）、卷积神经网络（CNN）层与注意力机制结合起来，从而在所有可用的深度学习模型架构中实现了更高的精度值。LSTM 克服了 RNN 的梯度消失和爆炸问题，而注意力机制则模仿人类的认知注意力，对网络流量进行筛选，从而获得网络流量分类的关键特征。此外，我们还添加了多个卷积层，以获得网络流量分类的关键特征。在不使用任何特征选择技术和不平衡数据集的情况下，我们得到了针对 DDoS 攻击可能性的流量时间序列分析。性能分析是基于混淆矩阵得分，即准确率、误报率 (FAR)、灵敏度、特异性、假阳性率 (FPR)、F1 分数、曲线下面积 (AUC) 分析和损失函数，在著名的公共基准 KDD Cup'99 数据集上进行的。实验结果表明，我们的模型优于现有技术，显示了其性能的优越性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Concurrency and Computation: Practice and Experience

自引率

0.00%

发文量