基于长短期记忆前馈（LSTM-FF）入侵检测系统的低速率DoS攻击二值分类

IF 5.1 2区工程技术 Q1 ENGINEERING, MULTIDISCIPLINARY

Engineering Science and Technology-An International Journal-Jestech Pub Date : 2025-04-10 DOI:10.1016/j.jestch.2025.102049

Suhaila ZeinElabideen Omer , Fazirulhisyam Hashim , Aduwati Sali , Faisul Arif Ahmad

{"title":"基于长短期记忆前馈（LSTM-FF）入侵检测系统的低速率DoS攻击二值分类","authors":"Suhaila ZeinElabideen Omer , Fazirulhisyam Hashim , Aduwati Sali , Faisul Arif Ahmad","doi":"10.1016/j.jestch.2025.102049","DOIUrl":null,"url":null,"abstract":"<div><div>The data and size of networks have grown substantially due to the rapid development of the Internet and other communication techniques. This has led to the development of numerous new types of attacks, making it harder for network security to detect intrusions accurately. The goal of a Denial of Service (DoS) attack is to overwhelm a target with malicious traffic, exhausting its processing power and network bandwidth. Traditional DoS attacks rely on brute force techniques, making them easier to detect, whereas low-rate and slow attacks pose a greater threat due to their stealthy nature. These attacks target application or server resources with a prolonged trickle of traffic, requiring minimal bandwidth yet making mitigation challenging. Their low resource footprint allows them to degrade or deny service to legitimate users while remaining undetected for extended periods. This research introduces an advanced Intrusion Detection System (IDS) that utilizes a hybrid Long Short-Term Memory Feedforward (LSTM-FF) Neural Network to tackle existing challenges in detecting low-rate DoS (LR-DoS) attacks. Unlike previous models, our approach combines temporal sequence learning with feature refinement, thereby improving the detection of LR-DoS. Additionally, we incorporate automated feature selection using Random Forest, which optimizes efficiency while maintaining interpretability. For model training and evaluation, we use the CIC-DOS2017 dataset, which includes eight distinct types of LR-DoS attacks. To enhance generalizability, we also utilize the CSE-CIC-IDS2018 dataset and the newly introduced LR-HR-DDOS2024 dataset, specifically designed for Software-Defined Networking (SDN)-based environments. To address the class imbalance, we implement a stratified k-fold cross-validation strategy, ensuring robust performance across various attack scenarios. To thoroughly evaluate model performance, we adopt a comprehensive set of metrics, including accuracy, precision, recall, F1-score, specificity, False Alarm Rate (FAR), and ROC-AUC. This ensures a well-rounded validation of our approach. The model surpassed all previous state-of-the-art models with an impressive accuracy of 99.70%, precision of 99.47%, specificity of 99.97%, and an F1-score of 97.52%, all while retaining a low FAR of roughly 0.03%. The LSTM-FF approach also worked well in multi-class classification, with a 99.54% accuracy rate, 93.19% precision, 99.59% specificity, 90.28% F1 score, and 0.40% FAR.</div></div>","PeriodicalId":48609,"journal":{"name":"Engineering Science and Technology-An International Journal-Jestech","volume":"66 ","pages":"Article 102049"},"PeriodicalIF":5.1000,"publicationDate":"2025-04-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Binary classification of Low-Rate DoS attacks using Long Short-Term Memory Feed-Forward (LSTM-FF) Intrusion Detection System (IDS)\",\"authors\":\"Suhaila ZeinElabideen Omer , Fazirulhisyam Hashim , Aduwati Sali , Faisul Arif Ahmad\",\"doi\":\"10.1016/j.jestch.2025.102049\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><div>The data and size of networks have grown substantially due to the rapid development of the Internet and other communication techniques. This has led to the development of numerous new types of attacks, making it harder for network security to detect intrusions accurately. The goal of a Denial of Service (DoS) attack is to overwhelm a target with malicious traffic, exhausting its processing power and network bandwidth. Traditional DoS attacks rely on brute force techniques, making them easier to detect, whereas low-rate and slow attacks pose a greater threat due to their stealthy nature. These attacks target application or server resources with a prolonged trickle of traffic, requiring minimal bandwidth yet making mitigation challenging. Their low resource footprint allows them to degrade or deny service to legitimate users while remaining undetected for extended periods. This research introduces an advanced Intrusion Detection System (IDS) that utilizes a hybrid Long Short-Term Memory Feedforward (LSTM-FF) Neural Network to tackle existing challenges in detecting low-rate DoS (LR-DoS) attacks. Unlike previous models, our approach combines temporal sequence learning with feature refinement, thereby improving the detection of LR-DoS. Additionally, we incorporate automated feature selection using Random Forest, which optimizes efficiency while maintaining interpretability. For model training and evaluation, we use the CIC-DOS2017 dataset, which includes eight distinct types of LR-DoS attacks. To enhance generalizability, we also utilize the CSE-CIC-IDS2018 dataset and the newly introduced LR-HR-DDOS2024 dataset, specifically designed for Software-Defined Networking (SDN)-based environments. To address the class imbalance, we implement a stratified k-fold cross-validation strategy, ensuring robust performance across various attack scenarios. To thoroughly evaluate model performance, we adopt a comprehensive set of metrics, including accuracy, precision, recall, F1-score, specificity, False Alarm Rate (FAR), and ROC-AUC. This ensures a well-rounded validation of our approach. The model surpassed all previous state-of-the-art models with an impressive accuracy of 99.70%, precision of 99.47%, specificity of 99.97%, and an F1-score of 97.52%, all while retaining a low FAR of roughly 0.03%. The LSTM-FF approach also worked well in multi-class classification, with a 99.54% accuracy rate, 93.19% precision, 99.59% specificity, 90.28% F1 score, and 0.40% FAR.</div></div>\",\"PeriodicalId\":48609,\"journal\":{\"name\":\"Engineering Science and Technology-An International Journal-Jestech\",\"volume\":\"66 \",\"pages\":\"Article 102049\"},\"PeriodicalIF\":5.1000,\"publicationDate\":\"2025-04-10\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Engineering Science and Technology-An International Journal-Jestech\",\"FirstCategoryId\":\"5\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S2215098625001041\",\"RegionNum\":2,\"RegionCategory\":\"工程技术\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"ENGINEERING, MULTIDISCIPLINARY\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Engineering Science and Technology-An International Journal-Jestech","FirstCategoryId":"5","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S2215098625001041","RegionNum":2,"RegionCategory":"工程技术","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"ENGINEERING, MULTIDISCIPLINARY","Score":null,"Total":0}

引用次数: 0

摘要

由于因特网和其他通信技术的迅速发展，网络的数据和规模已经大大增加。这导致了许多新型攻击的发展，使网络安全更难以准确检测入侵。拒绝服务（DoS）攻击的目的是用恶意流量压倒目标，耗尽其处理能力和网络带宽。传统的DoS攻击依赖于暴力破解技术，使其更容易被检测到，而低速率和慢速攻击由于其隐身性而构成更大的威胁。这些攻击的目标是具有长时间流量的应用程序或服务器资源，需要最少的带宽，但使缓解变得困难。它们的低资源占用使它们能够降低或拒绝为合法用户提供服务，同时在很长一段时间内不被发现。本文介绍了一种先进的入侵检测系统（IDS），该系统利用混合长短期记忆前馈（LSTM-FF）神经网络来解决检测低速率DoS （LR-DoS）攻击的现有挑战。与以前的模型不同，我们的方法将时间序列学习与特征细化相结合，从而提高了lr - do的检测。此外，我们结合了使用随机森林的自动特征选择，在保持可解释性的同时优化了效率。对于模型训练和评估，我们使用CIC-DOS2017数据集，其中包括八种不同类型的LR-DoS攻击。为了提高通用性，我们还使用了CSE-CIC-IDS2018数据集和新推出的LR-HR-DDOS2024数据集，这些数据集专门为基于软件定义网络（SDN）的环境设计。为了解决类不平衡问题，我们实现了分层的k-fold交叉验证策略，确保了在各种攻击场景下的健壮性能。为了彻底评估模型的性能，我们采用了一套全面的指标，包括准确性、精密度、召回率、f1评分、特异性、虚警率（FAR）和ROC-AUC。这确保了我们的方法得到全面的验证。该模型的准确率为99.70%，精度为99.47%，特异性为99.97%，f1评分为97.52%，超过了之前所有最先进的模型，同时保持了大约0.03%的低FAR。LSTM-FF方法在多类分类中也表现良好，准确率为99.54%，精密度为93.19%，特异性为99.59%，F1评分为90.28%，FAR为0.40%。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Binary classification of Low-Rate DoS attacks using Long Short-Term Memory Feed-Forward (LSTM-FF) Intrusion Detection System (IDS)

The data and size of networks have grown substantially due to the rapid development of the Internet and other communication techniques. This has led to the development of numerous new types of attacks, making it harder for network security to detect intrusions accurately. The goal of a Denial of Service (DoS) attack is to overwhelm a target with malicious traffic, exhausting its processing power and network bandwidth. Traditional DoS attacks rely on brute force techniques, making them easier to detect, whereas low-rate and slow attacks pose a greater threat due to their stealthy nature. These attacks target application or server resources with a prolonged trickle of traffic, requiring minimal bandwidth yet making mitigation challenging. Their low resource footprint allows them to degrade or deny service to legitimate users while remaining undetected for extended periods. This research introduces an advanced Intrusion Detection System (IDS) that utilizes a hybrid Long Short-Term Memory Feedforward (LSTM-FF) Neural Network to tackle existing challenges in detecting low-rate DoS (LR-DoS) attacks. Unlike previous models, our approach combines temporal sequence learning with feature refinement, thereby improving the detection of LR-DoS. Additionally, we incorporate automated feature selection using Random Forest, which optimizes efficiency while maintaining interpretability. For model training and evaluation, we use the CIC-DOS2017 dataset, which includes eight distinct types of LR-DoS attacks. To enhance generalizability, we also utilize the CSE-CIC-IDS2018 dataset and the newly introduced LR-HR-DDOS2024 dataset, specifically designed for Software-Defined Networking (SDN)-based environments. To address the class imbalance, we implement a stratified k-fold cross-validation strategy, ensuring robust performance across various attack scenarios. To thoroughly evaluate model performance, we adopt a comprehensive set of metrics, including accuracy, precision, recall, F1-score, specificity, False Alarm Rate (FAR), and ROC-AUC. This ensures a well-rounded validation of our approach. The model surpassed all previous state-of-the-art models with an impressive accuracy of 99.70%, precision of 99.47%, specificity of 99.97%, and an F1-score of 97.52%, all while retaining a low FAR of roughly 0.03%. The LSTM-FF approach also worked well in multi-class classification, with a 99.54% accuracy rate, 93.19% precision, 99.59% specificity, 90.28% F1 score, and 0.40% FAR.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Engineering Science and Technology-An International Journal-Jestech Materials Science-Electronic, Optical and Magnetic Materials

CiteScore

11.20

自引率

3.50%

发文量

153

审稿时长

22 days

期刊介绍： Engineering Science and Technology, an International Journal (JESTECH) (formerly Technology), a peer-reviewed quarterly engineering journal, publishes both theoretical and experimental high quality papers of permanent interest, not previously published in journals, in the field of engineering and applied science which aims to promote the theory and practice of technology and engineering. In addition to peer-reviewed original research papers, the Editorial Board welcomes original research reports, state-of-the-art reviews and communications in the broadly defined field of engineering science and technology. The scope of JESTECH includes a wide spectrum of subjects including: -Electrical/Electronics and Computer Engineering (Biomedical Engineering and Instrumentation; Coding, Cryptography, and Information Protection; Communications, Networks, Mobile Computing and Distributed Systems; Compilers and Operating Systems; Computer Architecture, Parallel Processing, and Dependability; Computer Vision and Robotics; Control Theory; Electromagnetic Waves, Microwave Techniques and Antennas; Embedded Systems; Integrated Circuits, VLSI Design, Testing, and CAD; Microelectromechanical Systems; Microelectronics, and Electronic Devices and Circuits; Power, Energy and Energy Conversion Systems; Signal, Image, and Speech Processing) -Mechanical and Civil Engineering (Automotive Technologies; Biomechanics; Construction Materials; Design and Manufacturing; Dynamics and Control; Energy Generation, Utilization, Conversion, and Storage; Fluid Mechanics and Hydraulics; Heat and Mass Transfer; Micro-Nano Sciences; Renewable and Sustainable Energy Technologies; Robotics and Mechatronics; Solid Mechanics and Structure; Thermal Sciences) -Metallurgical and Materials Engineering (Advanced Materials Science; Biomaterials; Ceramic and Inorgnanic Materials; Electronic-Magnetic Materials; Energy and Environment; Materials Characterizastion; Metallurgy; Polymers and Nanocomposites)