Deep Intrusion Detection for DOS and DDOS Attacks Using LSTM and Deep Autoencoder Neural Network

Early detection of network intrusions is a very important factor in network security. However, most studies of network intrusion detection systems utilize features for full sessions, making it difficult to detect intrusions before a session ends. To solve this problem, the proposed method uses packet data for features to determine if packets are malicious traffic. Such an approach inevitably increases the probability of falsely detecting normal packets as an intrusion or an intrusion as normal traffic for the initial session. As a solution, the proposed method learns the patterns of packets that are unhelpful in order to classify network intrusions and benign sessions. To this end, a new training dataset for Generative Adversarial Network (GAN) is created using misclassified data from an original training dataset by the LSTM-DNN model trained using the original one. The GAN trained with this dataset has ability to determine whether the currently received packet can be accurately classified in the LSTM-DNN. If the GAN determines that the packet cannot be classified correctly, the detection process is canceled and will be tried again when the next packet is received. Meticulously designed classification algorithm based on LSTM-DNN and validation model using GAN enable the proposed algorithm to accurately perform network intrusion detection in real time without session termination or delay time for collecting a certain number of packets. Additionally, a Deep Autoencoder neural network is utilized to automatically extract relevant features from the network traffic. This unsupervised learning approach enables the system to adapt to evolving attack patterns.