DDoS-MSCT: A DDoS Attack Detection Method Based on Multiscale Convolution and Transformer

Abstract

Distributed denial-of-service (DDoS) attacks pose a significant threat to network security due to their widespread impact and detrimental consequences. Currently, deep learning methods are widely applied in DDoS anomaly traffic detection. However, they often lack the ability to collectively model both local and global traffic features, which presents challenges in improving performance. In order to provide an effective method for detecting abnormal traffic, this paper proposes a novel network architecture called DDoS-MSCT, which combines a multiscale convolutional neural network and transformer. The DDoS-MSCT architecture introduces the DDoS-MSCT block, which consists of a local feature extraction module (LFEM) and a global feature extraction module (GFEM). The LFEM employs convolutional kernels of different sizes, accompanied by dilated convolutions, with the aim of enhancing the receptive field and capturing multiscale features simultaneously. On the other hand, the GFEM is utilized to capture long-range dependencies for attending to global features. Furthermore, with the increase in network depth, DDoS-MSCT facilitates the integration of multiscale local and global contextual information of traffic features, thereby improving detection performance. Our experiments are conducted on the CIC-DDoS2019 dataset, and also the CIC-IDS2017 dataset, which is introduced as a supplement to address the issue of sample imbalance. Experimental results on the hybrid dataset show that DDoS-MSCT achieves accuracy, recall, F1 score, and precision of 99.94%, 99.95%, 99.95%, and 99.97%, respectively. Compared to the state of the art methods, the DDoS-MSCT model achieves a good performance for detecting the DDoS attack to provide the protecting ability for network security.